VNC Server Free Edition 4.1 for Windows
o Upgrading from VNC Free Edition 4.0
o User-Mode Operation
o Service-Mode Operation
o The Connections Options
o The Authentication Options
o The Inputs Options
o The Sharing Options
o The Desktop Options
o The Capture Method Options
o The Legacy & VNC 3.3 Import Options
o Other Options
; Compatibility Notes
o Windows 3.11 / Windows NT 3.51 / Windows 95
o Windows 98 / Windows Me
o Windows XP and Windows 2003 Server
System Requirements Requirements:
; System hardware meeting OS requirements
; Windows-compatible graphics card ; Windows-compatible network card ; TCP/IP v4 network stack 1; Windows 98 1or Windows Me 2or Windows NT 4.0 Workstation / Server
or Windows 2000 Professional / Server 3or Windows XP Professional / Home 3or Windows 2003 Server
1. These platforms do not support secure settings
2. Service Pack 3, 4, 5 or 6a is required on these platforms
3. If Fast User Switching or Remote Desktop are used, then VNC Server will connect
session zero to the console in order to allow it to be accessed. Other sessions cannot be
accessed by VNC Server Free Edition 4.1.
VNC Server Free Edition for Windows is installed as an optional component of the setup package. If VNC Server has been installed then a number of icons will be created for it under the Start Menu, at the location specified during installation (usually RealVNC).
VNC Server for Windows is designed to run either in User-Mode, as a personal per-user server, or in Service-Mode, as a system service available whether or not there is a user logged in. The logged-on user can also choose to run their own personal User-Mode server alongside an existing Service-Mode server installed on the machine, provided that the two servers are configured to operate on different network port numbers.
Upgrading from VNC Free Edition 4.0
VNC Server Free Edition 4.1 retains full compatibility with VNC Server Free Edition 4.0, with respect both to command-line parameters and to registry configuration options. When installed on a system that has already been fully configured for VNC Server Free Edition 4.0, VNC Server Free Edition 4.1 will use the existing settings, without the need for reconfiguration. Using VNC Server in User-Mode
If you are just trying out VNC, or wish to provide access to your desktop infrequently for support or collaboration purposes, then you may find it best to run VNC Server in User-Mode. During the installation, leave the tickboxes which refer to the VNC Server System Service unticked, to prevent VNC Server being installed in Service-Mode on your system.
When you want to use VNC Server, go to the VNC Server (User-Mode) program group
(usually found under RealVNC in the Start Menu), and click on Run VNC Server. The VNC
Server icon will appear in the system tray, to indicate that VNC Server is running.
At this point, you probably want to configure your personal VNC Server settings for User-Mode. Right-click on the tray icon and select Options..., change the settings you want and click Apply
or Ok. Note that you must at least configure the Authentication tab, otherwise you won't be able
to connect in to your server - this is deliberately the case, to avoid accidentally opening up your computer to attacks.
When you are finished with VNC Server, simply select Close VNC Server from the tray icon's
Using VNC Server in Service-Mode
If you intend to use VNC to provide remote access to a computer, you will probably prefer to install VNC Server in Service-Mode. In Service-Mode, VNC Server can allow remote connections even while the computer is locked or logged off. The server is configured once, rather than per-user, and the settings are secured if the host platform supports it.
During the installation, tick each of the boxes which refer to the VNC Server System Service. This will cause the installer to present the VNC Server Options dialog, and to register and run the VNC Server Service.
Note that you must at least configure the Authentication tab, otherwise you won't be able to
connect in to your server - this is deliberately the case, to avoid accidentally opening up your computer to attacks.
At this point, your VNC Server is running and you should be able to connect to it from a connected computer using VNC Viewer.
If you need to reconfigure or stop your Service-Mode server, you will find links in the VNC
Server (Service-Mode) program group of the Start Menu to achieve this. The VNC Server
Properties dialog can also be accessed by right clicking on the VNC Server (Service-Mode)
tray icon and selecting the Options... menu item.
Configuring VNC Server
VNC Server provides a number of options allowing its behaviour to be tailored to your needs. These are usually configured via the Options... dialog, although they can also be specified
directly on the command-line of the WinVNC4 executable if required.
The Options... dialog consists of a number of pages of options, grouped according to their function. The following documentation describes each option and the equivalent command-line parameters.
When the Ok or Apply buttons of the Options... dialog are pressed, any changed settings are
saved to the registry. Unless otherwise specified, changed settings take effect immediately. Connections
Accept connections on port
If this option is ticked and the port number is non zero then VNC Server accepts
incoming connection requests from clients on a particular TCP port. The standard VNC
Display numbers, 0-99, correspond to TCP ports 5900-5999. VNC Server will accept
connections on port number 5900 by default, which equates to VNC display number 0
(zero). The port number for VNC Server to use can be set to any other available port
number, even ones outside the 5900-5999 range.
Disconnect idle clients after
An idle client is one which has transmitted no keyboard or pointer events for more than a
certain length of time. The VNC Server can be configured with a threshold, expressed in
seconds, after which idle clients will be disconnected to conserve resources. If the
threshold specified is zero seconds then connections will never timeout. The default idle
timeout is one hour.
Note that pointer and keyboard events received from clients will prevent their connection
timing out even if the VNC Server is configured to otherwise ignore those events (see
Serve Java viewer via HTTP on port
If this option is ticked and the port number specified is non-zero then VNC Server will
accept incoming HTTP requests, allowing the Java VNC Viewer to be downloaded by a
Java-aware web browser. The Options... dialog will attempt to adjust the HTTP port to
match changes made to the VNC port number.
Note that the HTTP port number cannot be set to the same value as that used for
incoming VNC connections.
Only accept connections from the local machine
The LocalHost option tells VNC Server to only accept incoming connections from
Viewers running on the local host computer. This is only normally used when
connections are to tunnelled through a custom transport (e.g. serial line, custom wireless,
etc) and will therefore appear to the TCP stack to originate from the local host. If VNC
Server is configured to accept connections only via local loopback then the Hosts option
VNC Server can filter incoming connection attempts based upon the apparent IP
addresses of their originators. Which IP addresses are allowed to connect and which are
not is determined by the Hosts pattern. The pattern consists of a comma-separated list of
IP address specifications, prefixed by an action. Each specification starts with an action,
gives an IP address, and a subnet-style mask. The first specification to match the address
of the new connection determines the action that will performed.
Available actions are:
; +: Accept the connection
; ?: Query the local user to accept the connection.
See also the QueryConnect Authentication option.
; -: Reject the connection.
The pattern given above allows the computer with address 192.168.0.1 to connect, as
well as any computer in the 192.168.1 subnet. All other connections are rejected by the
- term, which is actually redundant in this case - a connection will always be rejected if it
doesn't match anything in the Hosts pattern.
Note that IP addresses and masks are specified in Type-A (xxx.yyyyyyyyy), Type-B
(xxx.yyy.zzzzzz) or Type-C (xxx.yyy.zzz.www) form. The specification 192.168 will
therefore be interpreted as 126.96.36.199 rather than 192.168.0.0 as one might expect.
The Hosts pattern can be edited more easily through the Access Control interface, which
allows IP address specifications to be edited individually and moved up (to match first) or
down (to match last) the list.
The Authentication page allows you to configure the required mode of authentication and level of security of VNC connections. VNC Server Free Edition for Windows supports unauthenticated connections and classic VNC Password Authentication.
If your VNC Server is operating in a protected environment, such as a secure LAN or
firewall-protected network, then you may wish to configure VNC Server to accept
connections without requiring a username or password to be specified.
We advise extreme caution when disabling authentication. Do not disable it unless
you are absolutely sure that the host network is completely secure.
VNC Password Authentication
VNC Password Authentication allows a single password of up to 8 characters to be
stored by VNC Server, which remote users must supply when prompted in order to
The password to use can be configured by selecting Configure and typing the new
password twice. On platforms which support it, the password (and all other configuration
options) are protected using native operating system security methods, so that the
password cannot be read or tampered with by other users.
NT Logon Authentication
NT Logon Authentication is not available in VNC Free Edition.
Encryption: Always Off
Encryption is not available in VNC Free Edition.
Prompt local user to accept connections
By default, VNC Server allows Viewers to connect as long as the correct username and
password are supplied. QueryConnect allows an extra level of protection to be applied,
requiring a local user to explicitly accept incoming connections.
When QueryConnect is enabled, incoming connections are first authenticated in the
normal way. If the user authenticates successfully then a dialog is presented on the
server's desktop, displaying the IP address and username of the incoming connection, and
requiring a local user to accept the connection.
If the user does not accept the connection within a specified timeout then it is rejected. If
an incoming connection requiring acceptance by the local user is received while an
earlier connection is being queried then the second connection is automatically rejected,
for security reasons.
Connections from specific hosts or subnets can be configured to be queried via the Hosts
Only prompt when there is a user logged on
This option affects the behaviour of the QueryConnect option, if enabled. If this option is
set then the local user will only be prompted to accept the incoming connection if they
are logged in. If this option is not set then the local user will always be prompted,
regardless of whether or not they are logged in.
Note that it is not possible to reliably detect whether or not a user is logged in on some
older Windows platforms. On these platforms, this option will err on the side of security
and always prompt the local user.
If QueryConnect is enabled then the Query Connection dialog will be displayed by
default for ten seconds before automatically rejecting the connection. The timeout value
can be modified by setting QueryConnectTimeout accordingly.
Accept pointer events from clients
If this option is unticked then incoming pointer movements from all clients will be
ignored, preventing any remote VNC Viewer from affecting the pointer of the VNC
Server's desktop. This can be used to configure a server to become effectively view-only.
Note that a client will still be deemed active for the purposes of the IdleTimeout setting if
it is sending pointer events to the server, whether or not they are accepted. Accept keyboard events from clients
If this option is unticked then incoming keystrokes from all clients will be ignored,
preventing any remote VNC Viewer from typing into the VNC Server's desktop. This can
be used to configure a server to become effectively view-only.
Note that a client will still be deemed active for the purposes of the IdleTimeout setting if
it is sending keyboard events to the server, whether or not they are accepted. Accept clipboard updates from clients
If this option is unticked then incoming clipboard updates will be ignored from all clients.
This option should be used when making a VNC Server effectively view-only, but may
also prove useful to prevent clipboard changes made by clients from overriding the VNC
Server's local clipboard when this would be undesirable or confusing.
Send clipboard updates to clients
This option, if unticked, prevents the VNC Server from informing clients of changes to
its local clipboard contents. This can be useful when untrusted clients are to be allowed to
connect to the VNC Server, since it prevents any private data being accidentally leaked
via the clipboard.
Allow input events to affect the screen-saver
This option determines whether keyboard and mouse events received from VNC Viewers
can cause the screen-saver to be hidden. This option is actually a system-wide setting and
is not implemented by VNC Server itself, so there is no equivalent command-line option.
Some older Win32 platforms do not support this option. It is recommended that this
check-box be ticked, so that the screen-saver can be disabled by VNC Viewer input. Disable local inputs while server is in use
The mouse and keyboard physically attached to the server computer can be disabled for
the duration of a remote connection, preventing local users from interacting with the