Windows 7 Remote TightVNC UltraVNC Server Install

This will quickly (seconds) install and start TightVNC or UltraVNC server on a remote client, assuming you have a working IPC connection. This assumes you are using the nastiness that is Windows 7 64bit, (although apart from using different drivers/devcon etc it is same as 32bit)

TightVNC
TightVNC 2.5.1

These 4 files (tvnserver.exe, screenhooks64.dll, screenhooks32.dll, hookldr.exe) were taken from the .MSI installer tightvnc-2.5.1-setup-64bit.msi

(it does seem to work with just tvnserver.exe and no dll's/hook, but not spent time working out what effect this has)

TightVNC mirror driver (dfmirage)

To extract the drivers, run dfmirage-setup-2.0.301.exe, the driver files will be in "C:\Users\Administrator\AppData\Local\Temp\is-PR16U.tmp" during the last stage of the install. (they will be deleted after clicking the 'Finish' step, so grab them before then)

vnc.reg is generated locally by installing it and configuring how you wish.

UltraVNC
UltraVNC 1.0.9.6.2

UltraVNC Mirror driver (mv2) (Its called "Download MD SDK" and bundled with some other cruft)

The mirror driver isnt correctly signed so to get a silent install you need to get the certificate out first. To extract ;

This method adapted from here
 * Highlight mv2.dll > Properties > Digital Signatures > (highlight uvnc bvba) > Details > View Certificate > Install Certificate > Next > Place Certificate In the following store > Browse > Show physical stores > Trusted Publishers > Local Computer > Ok > Next > Finish. 'Import was successful'
 * Run certmgr.msc > Trusted Publishers > Certificates > Highlight "uvnc bvba" > right click, All Tasks > Export > (leave default, DER) Next, save it somewhere as a file, eg.g. mv2.cer > Next > Finish.

CertMgr.Exe (in remote.bat) installs the signed certificate (mv2.cer) before the driver, thus stopping prompting due to mv2.cat being incorrectly signed.


 * Note, am using the vista x64 driver for win7 x64 in this example.

ultravnc.ini is generated locally by installing it and configuring how you wish.

VNC File and Folder structure
This example assumes the following file and folder structure;

├── CertMgr.Exe ├── devcon64.exe ├── go.bat ├── PsExec.exe ├── remote.bat ├── tvnc │   ├── driver │   │   ├── dfmirage.cat │   │   ├── dfmirage.inf │   │   └── x64 │   │      ├── dfmirage.dll │   │      └── dfmirage.sys │   ├── hookldr.exe │   ├── screenhooks32.dll │   ├── screenhooks64.dll │   ├── tvnserver.exe │   └── vnc.reg └── uvnc ├── driver │   ├── mv2.cat │   ├── mv2.cer │   ├── mv2.dll │   ├── mv2.inf │   └── mv2.sys ├── SCHook64.dll ├── ultravnc.ini └── winvnc.exe


 * Note, Link for 64bit devcon.exe (I renamed it devcon64.exe so its clearer)
 * Note To get certmgr.exe, you unfortunately need to download Windows SDK

go.bat code
Run go.bat from a machine with access to the remote machines, it will prompt for a machine name (or supply one on the command line) and assuming it can make a connection will ask to install or remove VNC.


 * Note, The removals should be completely clean, (although I have had issues with TightVNC getting locks on the screenhooks files, it seems slow to close and release.)

Although the PnP mirror drivers install and work immediately, they need a reboot to finish removal.

remote.bat code
This gets copied and then executed by psexec on the remote host.


 * Note, this example is allowing two subnets in on port 5900 via the (domain policy based) firewall.
 * Note, {1819B463-0603-43C1-96D3-13FC1C7CB70F} is just an arbitary GUID and can be anything that doesnt allready exist - you have to add domain policy rules via registry an not netsh, as it is a bit of a frig!
 * Note, To make Ctrl-Alt-Del, you need to run VNC as a service AND this registry key needs setting "SoftwareSASGeneration"=dword:00000001


 * Note 'net start/stop xxx' waits for the action to take place, wheras using sc doesn't and causes timing problems. It is easier to use net start/stop via psexec in a local script than using sc \\machine stop/start, to alleviate this issue.

alternative rule location if not blocked by GPO
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

non-Domain situation
Replace

reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules /V {1819B463-0603-43C1-96D3-13FC1C7CB70F} /D "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=5900|RA4=192.168.2.0/255.255.255.0|RA4=192.168.11.0/255.255.255.0|Name=Remote Support (TCP-In)|" with netsh advfirewall firewall add rule name="Remote Support (TCP-In)" dir=in action=allow protocol=TCP localport=5900 remoteip=192.168.2.0/24

and reg delete HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules /V {1819B463-0603-43C1-96D3-13FC1C7CB70F} /F with netsh advfirewall firewall delete rule name="Remote Support (TCP-In)"

and you can remove the firewall restart part (net start/stop mpssvc)

TightVNC via vnc.reg code

 * Note, this example is allowing two subnets in on port 5900 via tightVNC server, if you dont want any control on TightVNC remove IpAccessControl entry.

UltraVNC via ultravnc.ini
This is pretty default. (Have added PollFullScreen=1 which is meant to be default, but for whatever reason it doesn't seem to stick) [Permissions] [admin] FileTransferEnabled=1 FTUserImpersonation=1 BlankMonitorEnabled=1 BlankInputsOnly=0 CaptureAlphaBlending=1 BlackAlphaBlending=0 DefaultScale=1 UseDSMPlugin=0 DSMPlugin= DSMPluginConfig= primary=1 secondary=0 SocketConnect=1 HTTPConnect=0 XDMCPConnect=0 AutoPortSelect=1 InputsEnabled=1 LocalInputsDisabled=0 IdleTimeout=0 EnableJapInput=0 QuerySetting=2 QueryTimeout=10 QueryAccept=0 LockSetting=0 RemoveWallpaper=1 RemoveEffects=0 RemoveFontSmoothing=0 RemoveAero=1 DebugMode=0 Avilog=0 DebugLevel=0 AllowLoopback=0 LoopbackOnly=0 AllowShutdown=1 AllowProperties=1 AllowEditClients=1 FileTransferTimeout=30 PollFullScreen=1 KeepAliveInterval=5 SocketKeepAliveTimeout=10000 DisableTrayIcon=0 MSLogonRequired=0 NewMSLogon=0 ConnectPriority=1 [ultravnc] passwd=3F781DC538D09EC631 passwd2=3F781DC538D09EC631