Enterprise Software

How do I... Configure TightVNC for remote access?

Virtual Network Computing (VNC) is the remote administrative tool of choice for many IT professionals. IT consultant Erik Eckel explains how to configure TightVNC, the more robust version of VNC, for secure access to remote systems.

This article is also available as a TechRepublic download.

Numerous remote administration and connectivity tools exist to help support technicians and IT administrators troubleshoot, maintain, and access systems in different locations. Some are easy to use and require no firewall configuration. Others possess expensive and potentially prohibitive licensing requirements, while delivering more advanced functionality.

Often, VNC—which stands for Virtual Network Computing—is the remote administrative tool of choice for IT professionals. In its earlier iterations, VNC offered a simple, relatively straightforward method of affordably implementing fairly secure access to remote systems.

Over time, the open source community revised and improved the remote access tool. Developer Constantin Kaplinsky, in particular, maintained a project dedicated to delivering an improved VNC remote administration tool that addressed VNC's shortcomings. The result is a more capable application known as TightVNC.

Where to get TightVNC

Advertised as an OS-independent client/server package enabling remote network access to graphical desktops, TightVNC is a free tool organizations can use to solve remote connectivity needs. The software is distributed under the GNU General Public License. The self-installing Windows package can be downloaded from SourceForge.net. Linux, UNIX, and Java (viewer only) versions are also available.

TightVNC enhancements

Among the enhancements in TightVNC not found in standard VNC implementations are the ability to transfer files from the local system to the remote workstation (referred to as the server, in VNC parlance) or vice versa and adjustable compression levels to better mate connection speeds with the work being performed via the remote connection.

Other improvements include improved cursor handling (cursor movements are all processed locally to prevent performance issues), optimization for slower Internet connections, JPEG compression enabling better display performance, Web browser improvements that support up to 24-bit color modes, tightened security through the use of two passwords (one for full control and another for read-only access), and automatic SSH connectivity within UNIX.

Installing TightVNC

To install TightVNC on the workstation or server you wish to access remotely, begin by downloading the self-installing TightVNC package. Once you have the installation file ready (the current version at the time of this writing is tightvnc-1.2.9-setup.exe), follow these steps:

  1. Double-click the executable file. The Welcome To TheTightVNC Setup Wizard will appear. Click Next.
  2. Review the terms of the GNU General Public License, then click Next to acknowledge your acceptance of those terms.
  3. Specify the location where you wish to place the application's files and then click Next.
  4. Specify whether you wish to perform a full installation, a compact installation, or a custom installation. In this example, we'll perform a full installation by accepting the default settings and clicking Next.
  5. Specify whether the Setup program should create a Start Menu folder and the name you wish to use for the folder and then click Next.
  6. Configure additional settings. By default .vnc files are associated with TightVNC Viewer. If you want the system to serve as a VNC server, or host system, check the box for Register TightVNC Server as a system service. Then, click Next. The Ready To Install Screen will appear (Figure A).

Figure A

The TightVNC Setup program enables registering TightVNC Server As A System Service during installation.
  1. Click Install to set up TightVNC. The application will install itself, and then you will see the Completing TheTightVNC Setup Wizard.
  2. Click Finish to complete TightVNC installation. On systems configured to operate as servers, or hosts for remote connections, it's also helpful to reboot Windows.

Configuring the TightVNC host

Once TightVNC is installed, follow these steps to configure the host system:

  1. Ensure TightVNC is set to start as a system service. Doing so ensures TightVNC is active should you wish to connect remotely, even if no user is present or sitting at the remote workstation. The Register As A System Service option can be selected when installing TightVNC, as shown in the previous steps.
  2. Configure a password for TightVNC sessions. You can enter the password by double-clicking the VNC icon from within the Windows System Tray and specifying the password in the Incoming Connections section of the Current User Properties dialog box (Figure B).

Figure B

Use the WinVNC: Current User Properties dialog box to configure connection options.
  1. Specify additional settings, such as whether you wish to disable the use of empty passwords, enable loopback connections, and log session information to WinVNC logs, by clicking the Advanced button in the WinVNC: Current User Properties dialog box. Once you’ve configured settings as you wish, click Apply, then click OK to close all open windows (Figure C).

Figure C

Advanced TightVNC connection options are configured using the Current User Advanced Properties menu.
  1. Confirm the Windows Firewall (and any other software- and hardware-based firewalls) are configured to allow the TightVNC traffic. In Windows, click Start | Control Panel | Windows Firewall and select the Exceptions tab. Confirm that the WinVNC options are checked; otherwise, Windows Firewall will block your connection attempts.

    On other firewalls, port 5900 may be required to enable VNC traffic to pass properly. (Other VNC implementations sometimes use ports 5500 and 5800.) For best security, administrators should test configurations to determine the minimum ports that need be opened to enable the connection to work within their specific environments.

Connecting to a TightVNC host

Connect to a TightVNC-enabled remote host by installing TightVNC on a local system and following these steps:

  1. Open a TightVNC Viewer on the local system by clicking Start | All Programs | TightVNC | TightVNC Viewer. The Connection Details window will appear (Figure D). Enter the name of the remote VNC server to which you wish to connect. If you’ve changed the default port, you can specify the new port using this format: 192.168.1.1:9500.

Figure D

Enter the IP address of the system to which you wish to connect within the Connection Details screen.
  1. Click Options to configure additional settings. The Connection Options dialog box appears (Figure E). Configure any required options (such as hiding the remote cursor and restricting pixels to 8 bits on slow networks), then click OK. You’ll be returned to the Connection Details screen. Click OK to connect to the remote system.

Figure E

Configure connection options using the settings provided in this dialog box.
  1. Enter the session password configured within the remote system’s WinVNC: Current User Properties menu and click OK. The remote system’s screen will then appear on the local system, thereby providing the ability to view and configure the remote system using the local workstation or server (Figure F).

Figure F

Once the proper session password is supplied, the remote workstation’s desktop appears on the local system.
60 comments
jon_junker
jon_junker

TightVNC is a good 'low budget' tool for non-XP and other OS'es that don't already come with Remote Desktop. However, TightVNC doesn't uninstall correctly. It doesn't cleanup after itself correctly.

Don Michaels
Don Michaels

I have been using RealVNC, free version, for years. The drawback is that it does not encrypt the password. Does TightVNC provide this? Is there a free version and a for pay version?

Tiny T
Tiny T

Your instructions work well but require you to manually go to each remote workstation to install VNC. We have found that using FastPush is a better alternative for us to install VNC to remote machines. You can run it from your workstation against any remote machine that you have admin rights to. It can be found here http://www.darkage.co.uk/

is
is

We use UltraVNC which has everything TightVNC has but also lets you use Active Directory authentication.

Exp
Exp

which VNC program do you use? And why? I use UltraVNC @home and RealVNC @ work, both work the same but UltraVNC has added file transfer function which I find very handy. The other question I got is that why can I never made VNC work behind a firewall or router? I followed all intructions on the net. I did port forward but never worked.

AstroCreep
AstroCreep

I've never noticed any problems with it uninstalling. What do you mean by it doesn't uninstall 'cleanly'? One thing I do whenever I've had to uninstall is make sure that I stop the service from running before hand, then reboot when it's done.

bcgreaves
bcgreaves

where exactly on the page you provided is the download to remotely install VNC, I just dont' see it?

S.C.M.
S.C.M.

We ditched UltraVNC in favor of RealVNC because, when rebooting, it does not load itself as a system service like RealVNC does, so you could not access the machine before someone LOCALLY entered login information. Too lame... With RealVNC, when the login screen is shown, you can already access the machine and "do your magic" as usual.

mmantei
mmantei

I much prefer UltraVNC over Tight VNC. For me, two of the biggest advantages are the ability to authenticate to Active Directory and the DSM plugin to encrypt the traffic. I think these are both features anyone connecting via the Internet would want to have.

orcsattheg8
orcsattheg8

PC HelpWare by UltraVNC has a neat package that is easily customizable. The resulting executable is small, so it can be placed on a support website and downloaded to a potential support client. On the viewer end, it will require port redirection through the firewall.

bader.joachim
bader.joachim

I use Teamviewer (www.teamviewer.com), that is a fabulous tool for remote control. It works without problems (and configuration) through firewalls, routers and proxies. The connection is always encrypted. For private use it?s also absolutely free. Just try it out! Joe

core1system
core1system

I have a client who had us start using Teamlinks ( http://www.imera.com )to work on projects with them. Uses encryption and did not have to punch any holes in our firewall. I believe it runs everything over port 80. Remote desktop 1 to 1 or 1 to many, whiteboard, can allow remote access to specific apps instead of the whole desktop. There is a feature where you can record all remote access sessions (video). They basically can go back and visually can see anything we did while working on any servers inside their network. Its really remote access and collaboration suite wrapped into one. I understand there is a Linux / Unix version but have not tried it out yet. Installed the client, signed up for demo account and was working in a few minutes.

DMobley232
DMobley232

I have tightvnc running, but everytime I connect to another machine, I can't transfer files. The Transfer Files Icon is grayed out and I can't do anyting about it. I want to transfer files, what am I doing wrong.

drdave1958
drdave1958

Windows defender doesn't like VNC and will always block it until you tell it not to.

blubdog
blubdog

You said that one of the enhancements with tightvnc is the ability to transfer files. I'm a long time tightvnc user, and that would be very useful, but I've never seen that feature mentioned in the documentation or menu screens. How do I start a file transfer in tightvnc? Thanks!

brad.robertson
brad.robertson

Will the different versions work with each other or only with the same version? If RealVNC is already implemented, could a TightVNC computer access a RealVNC computer?

andrew.beals
andrew.beals

Use a VPN to get through the firewall. You don't have a VPN? You should be able to ssh tunnel 127.0.0.1:5900 to :5900 at the other end of the tunnel. Then just VNC to 127.0.0.1 and you're golden. I use Chicken of the VNC on my Mac, as both a server and a client and it works great. On windoze platforms, it's TightVNC, which I've had some screen update problems with when running on a 80ms coast-to-coast connection.

Neon Samurai
Neon Samurai

Currently: Unix - SSH with X session forwarding - The complete secure cli on a remote system is nice but forwarding remote X session video calls to my local machine is pure heaven. Windows - Remote Desktop (terminal server client) - It's built into the OS; it may not be the best technology but for my limited needs, it beats reinstalling the wheel. Windows - NAS and Flash - I'm not remoting between windows desktops much these days really. I've build my application stack with portableapps running from a Flashdrive. When I'm away from home, I have my own apps on any machine I plug it into. When I'm home, I share it to my network through a Samba server so all my windows machines can mount and use the Flashdrive like it was plugged in locally. Large data storage on the home network is shared by the NAS. VNC - very nice remote program. Authentication pass is hard to bruteforce but the hash can be decrypted easily if you go about it that way. Still nice if your working across platforms since it supports a Java browser connection and can run through an SSH tunnel. Remotely Possible - used back in the BBs days, haven't touched it since VNC/RemoteDesktop. PC Anywhere - used before Remotely Possible but both so long ago I forget why I switched. Gotomypc - I've only seen the ads. These days the question may be more accurately; why use VNC or third party when RemoteDesktop is built into the OS. I may have missed where you mentioned working across platforms in the article though as I read it pretty fast.

puntim
puntim

another way around your problem would be to use VPN for connections via the internet and let it handle the vnc porting. In any case I would use VPN for security reasons

ScottCopus
ScottCopus

I use UltraVNC myself. It's been a while since I looked at all the other VNC flavors... but UltraVNC offers built-in web access, lots of built-in bandwidth options (like colors/JPEG compression, etc), file transfers, and a video-intercept driver to quicken things along in certain cases. One thing that I don't like about VNC is the availability of VNC password cracking tools. Is there a VNC out there that doesn't take 2 seconds to crack the password that's saved in the registry?? It's so quick to do this it seems that VNC passwords are 2-way encrypted (easy to decrypt)... rather than 1-way encryption (like MD5, etc). Does anyone use another VNC that has better security against password cracking tools? BTW, I've got VNC to work through my home router/firewall just fine. First, I have multiple computers that I can connect to. But to make this work with routers, I had to statically assign IP addresses on my home network... and also configure the VNC listening port on each computer to something different... like 5900, 5901, 5901. Make sure the Windows Firewall is opened up on each computer ('subnet-only' should be ok). Then set up port-forwarding in the router so that each port that you've chosen is forwarded to the right internal IP address.... such as: 5901 -> 192.168.0.1:5901 5902 -> 192.168.0.2:5902 5903 -> 192.168.0.3:5903 If only VNC had UPNP capability built-in, I guess I wouldn't have to do this..... ;) Scott.

S.C.M.
S.C.M.

Did you OPEN that port in your router/firewall as well? If you close all ports by default (as you should) and selectively open a few ports for legitimate services (SMTP, POP and IMAP E-mail, HTTP, SSL, etc.) you must open that VNC port as well, besides forwarding it to a specific internal IP (port forwarding). I strongly recommend NOT using the default VNC port, since I would expect people out there to be scanning port 5900 in the Internet for VNC servers out there. Don't forget there was a SERIOUS WinVNC flaw discovered a while ago that allowed someone to bypass authentication and access the machine (since fixed), so you may expect any VNC variant to likely have unknown flaws and vulnerabilities.

Techknow Dude
Techknow Dude

Did you open an exception in your desktop firewall on the "server" machine. VNC does not inherently add an exception to XP firewall.

MCWebtree
MCWebtree

I use realVNC enterprise as I like the optional encryption for Internet based connections. I also use ultraVNC for clients as I like the fact they can establish a connection to allow me to control their PC regardless of their firewall situation. Makes tech support so much easier :) I have it running behind a number of firewalls / routers, just by forwarding port 5900-5902 onto the local network. I use different desktops, (e.g. :0 :1 and :2 to address different PC's and servers within the internat NAT'd network.

al3x
al3x

We have a workstation which has 5 users. I installed tightVNC with one account that has administrator rights. well i can remote into that machine with that profile with administrator rights. but if another user with user rights signs on i can attemp to remote in but it won't accept my password, why?? also another machine i have installed VNC and only has 1 profile. i can remote in but i can't do anything. i can only view, why?? both machines are XP pro

andrew.beals
andrew.beals

Click the download link in the page's menu bar.

Tiny T
Tiny T

The entire site is about the script FashPush. There is a download link at the top of the page but I would suggest reading some of the documentation first before just trying to run it.

tumbras
tumbras

Actually, UltraVNC DOES run as a service - IF you install it that way. You have the option of installing the service post installation if you've forgotten to originally. Like the other person who commented on it - UltraVNC is a wonderful tool, and administratively speaking, PCHelpware and VNC SC are great alternatives for remote administration. I've got both options setup for our company's users. cheers! ~n

jgroetsema
jgroetsema

I use UltraVNC and do not have an issue with this. I am able to authenticate to UltraVNC on computers that are at a login box and pass a CAD to start the Windows login.

barryr
barryr

My experience has been that transfer files is grayed out if the version of TightVNC on the other end doesn't have tranfer files capability (i.e. isn't running 1.3.8)

puntim
puntim

Bruce, you need to be running the right versions of Tight. I've been using the 1.3.8 since it came out and cannot recall a "beta" like problem. Also use the mirage driver, although it is not necessary for file transfer just speeds up screen draws. Now to your question. If you are using 1.3.8 then you can right click on the the Windows Title bar and choose "file transfer". Or you can left click on the iconthat looks like two documents one behind the other. Apologies for the Windows only approach Regards

davidsblocker-junk
davidsblocker-junk

I have all three of these in different machines on my network and they all seem to work just fine together. I have found a few different reasons to use each one but I think I prefer TightVNC. Tight is nice because the latest build (beta) v1.3.8 includes file transfers, winlogin, mouse rollover display (with mirror that is a separate install dfmirage-setup-1.1.68.2.exe) There is a link on the Tight website to download the mirror. Also, I am told the compression is the best with Tight.

Exp
Exp

I use Logmein Free and it works ok. Some small issues but can't complaint when it is FREE. I use it to do remote support, it doesn't matter if you can behind anything as long you can access internet it will work. One thing concern though is that it goes through a third party server and they keep all password etc. How could I trust them?

JCAlexandres
JCAlexandres

You just skipped one of the best remote control tools I've ever had, it is named RemoteAdmin you can download at http://www.famatech.com/download/, I've been using version 2.2, but there is a new version just out this past month.

Murfski-19971052791951115876031193613182
Murfski-19971052791951115876031193613182

One of the major reasons I like VNC is that the user can see what's going on and I can use it as a teaching tool. I generally have the user on the phone and show him/her what I'm doing and explain why I'm doing it. Remote Desktop is great for running remote servers and such, but VNC is a better teaching tool.

Exp
Exp

Has anyone tried Hamachi VPN? www.hamachi.cc

Exp
Exp

thanks for your post, some very good points. I will try the different port settings.

Exp
Exp

yes, I did. I forwarded the port to 5500 or 5900. You have a good point, I heard about the flaw as well and will start use other port for VNC.

Exp
Exp

Don't think you need to becuase those PC work ok on a local LAN but wouldn't accept incoming VNC or it is block by router/firewall.

bcgreaves
bcgreaves

Thanks guys. I swear, I did not even consider looking that high up. Normally, when web admins create links, they "highlight" them somehow making them more obvious. I appreciate it.

davide
davide

Try vncscan It's a great util that allow you to deploy any flavor of VNC you prefer to any computer you can access from your desk. Additionally it helps manage windows task, remote processes, shares, change PC names and other helpfull features. I have even deployed 3rd party software and scripts with it. Cuts down immensly on admin time. Best $50 I've invensted in a long time

compucoach
compucoach

there are several links that do not look like links, one of which is Downloads!! took me a minute to recognize it.! B

bcgreaves
bcgreaves

Thx for responding Tiny, but no, I still do not see the link for the download itself. Yes, there is a url named "FastPush" towards the top of the web page, but it is not the link to the actual download yourself. Try it, and you'll see what I'm talking about. It's okay though, I use CrossLoop and it provides what I need with the exception of allowing me to copy files directly from my PC/Server to the clients.

davidclark
davidclark

'scuze me mate- this is a big business/corporate application/solution. The bill runs about 600 U$.

tumbras
tumbras

Hey Buck! Just now hopped on TR site to check on previous posts.. saw that you had responded to mine for this topic. So, i wanted to follow-up with you - have you had any luck - been nearly 8 months now - sorry for the delay.. regards, nick

zeelon
zeelon

I have installed UVNC for about 3 years now at the site I run. I have it installed as a service and it's the only only one I found that can have the tray icon removed and disallow users from changing the admin settings. I have to monitor student activity so this is really convenient and it keeps the little buggers from messing with it. I recently found one that is very easy to use on a personal level and has all of the features (chat window, file transfer, etc.) of VNC. It's called TeamViewer. Had to connect to my mothers machine in another state and it worked very well. It's payware except for personal use so please respect that. I was able to figure it out from initial download in about 3 minutes and was able to talk my mother through the setup and connection process in about 2. There was no tweaking of firewalls or problems with NATing In-house it's Ultra all the way, with FastPush when needed, external for ease of use take a look at TeamViewer. I know there are other great packages out there, take a little time and find one your comfortable with.

buck585
buck585

I've looked at the downloads and instructions for setting these up and it doesn't look clear to me. Can you help with a little info/instruction?

DMobley232
DMobley232

I checked and file transfer is enabled on both the client and remote computer. I don't know I'm about giving up on this.

zeelon
zeelon

Make sure the File Transfer option is enabled on the "server" end.

DMobley232
DMobley232

I checked and its running 1.3.8 on both ends.

brad.robertson
brad.robertson

So you have Real, Ultra and Tight server app each running as a service on a single machine, and depending on what program you use to connect to it determines the features available? If the machine only has Tight running on it as a server and you try to connect to it with Real, will it accept the connection and be limited to the Real capabilities? Thanks!

davidsblocker-junk
davidsblocker-junk

My mistake on the winlogin abilities. That is available with the Ultra.

Neon Samurai
Neon Samurai

It looks good for what it does though. I just need something *nix or ideally cross-platform (at least from a win32 client).

Neon Samurai
Neon Samurai

Actually, it was teaching and tech support for a friend half way around the world. We connected by MSN then shared his desktop to my machine which is an easy way to connect Remote Desktop. We also tried VNC but having him config the VNCserver sucked and remote desktop already worked with the MSN linkup. Both should give you the user's desktop for support and teaching under Windows though.

FAST!!!
FAST!!!

We use RealVNC for desktop support.

Exp
Exp

I was told that remote desktop is not as secure. Don't know if it is true or not.

fillmoreb
fillmoreb

Even using the /Console switch the user still gets booted out when you use RDP... It seems to work fine on Servers tho.

CorporateLackie
CorporateLackie

M: Have you tried the /console switch option with RDC? It is supposed to give you the "real" console session which would thus allow teaching . I have not had time to try that out yet... Jim