Windows 7 Remote TightVNC UltraVNC Server Install

From richud.com
Jump to: navigation, search

This will quickly (seconds) install and start TightVNC or UltraVNC server on a remote client, assuming you have a working IPC connection. This assumes you are using the nastiness that is Windows 7 64bit, (although apart from using different drivers/devcon etc it is same as 32bit)

The two VNC servers and Mirror Drivers

TightVNC

TightVNC 2.5.1

These 4 files (tvnserver.exe, screenhooks64.dll, screenhooks32.dll, hookldr.exe) were taken from the .MSI installer tightvnc-2.5.1-setup-64bit.msi

(it does seem to work with just tvnserver.exe and no dll's/hook, but not spent time working out what effect this has)

TightVNC mirror driver (dfmirage)

To extract the drivers, run dfmirage-setup-2.0.301.exe, the driver files will be in "C:\Users\Administrator\AppData\Local\Temp\is-PR16U.tmp" during the last stage of the install. (they will be deleted after clicking the 'Finish' step, so grab them before then)

vnc.reg is generated locally by installing it and configuring how you wish.

UltraVNC

UltraVNC 1.0.9.6.2

UltraVNC Mirror driver (mv2) (Its called "Download MD SDK" and bundled with some other cruft)

The mirror driver isnt correctly signed so to get a silent install you need to get the certificate out first. To extract ;

  • Highlight mv2.dll > Properties > Digital Signatures > (highlight uvnc bvba) > Details > View Certificate > Install Certificate > Next > Place Certificate In the following store > Browse > Show physical stores > Trusted Publishers > Local Computer > Ok > Next > Finish. 'Import was successful'
  • Run certmgr.msc > Trusted Publishers > Certificates > Highlight "uvnc bvba" > right click, All Tasks > Export > (leave default, DER) Next, save it somewhere as a file, eg.g. mv2.cer > Next > Finish.

This method adapted from here

CertMgr.Exe (in remote.bat) installs the signed certificate (mv2.cer) before the driver, thus stopping prompting due to mv2.cat being incorrectly signed.

  • Note, am using the vista x64 driver for win7 x64 in this example.

ultravnc.ini is generated locally by installing it and configuring how you wish.

VNC File and Folder structure

This example assumes the following file and folder structure;

├── CertMgr.Exe
├── devcon64.exe
├── go.bat
├── PsExec.exe
├── remote.bat
├── tvnc
│   ├── driver
│   │   ├── dfmirage.cat
│   │   ├── dfmirage.inf
│   │   └── x64
│   │       ├── dfmirage.dll
│   │       └── dfmirage.sys
│   ├── hookldr.exe
│   ├── screenhooks32.dll
│   ├── screenhooks64.dll
│   ├── tvnserver.exe
│   └── vnc.reg
└── uvnc
    ├── driver
    │   ├── mv2.cat
    │   ├── mv2.cer
    │   ├── mv2.dll
    │   ├── mv2.inf
    │   └── mv2.sys
    ├── SCHook64.dll
    ├── ultravnc.ini
    └── winvnc.exe
  • Note, Link for 64bit devcon.exe (I renamed it devcon64.exe so its clearer)
  • Note To get certmgr.exe, you unfortunately need to download Windows SDK

go.bat code

Run go.bat from a machine with access to the remote machines , it will prompt for a machine name (or supply one on the command line) and assuming it can make a connection will ask to install or remove VNC.

  • Note, The removals should be completely clean, (although I have had issues with TightVNC getting locks on the screenhooks files, it seems slow to close and release.)

Although the PnP mirror drivers install and work immediately, they need a reboot to finish removal.

@echo off
echo          _       __              __                     
echo    _____(_)_____/ /_  __  ______/ / _________  ____ ___ 
echo   / ___/ // ___/ __ \/ / / / __  / / ___/ __ \/ __ `__ \
echo  / /  / // /__/ / / / /_/ / /_/ /_/ /__/ /_/ / / / / / /
echo /_/  /_/ \___/_/ /_/\__,_/\__,_/(_)___/\____/_/ /_/ /_/ 
echo.
echo Remote VNC Installer
echo ---=== Last updated 5/Jun/2012 ===---
echo.
 
if [%1%] == [] (
 set /p h=Enter Hostname or IP :
) ELSE (
 set h=%1%
)
 
echo Ping testing %h%...
ping -n 2 -l 1 %h% >nul
if %errorlevel% neq 0 set f=Cannot ping host & goto fail
echo RPC testing %h%...
net use \\%h% /persistent:no >nul
if %errorlevel% neq 0 set f=RPC connection dead, WMI maybe screwed & goto fail
net use \\%h% /d >nul
COLOR 2
echo Machine alive and connectable!
echo.
 
set /p v=(1) install TightVNC (2) remove TightVNC (3) install UltraVNC (4) remove UltraVNC on %h% :
if [%v%] == [1] goto 1
if [%v%] == [2] goto 2
if [%v%] == [3] goto 3
if [%v%] == [4] goto 4
goto fail
 
:1
xcopy /i /c /r /s /y "%~dp0tvnc" "\\%h%\c$\temp\tvnc" >nul 2>&1
xcopy /c /r /y "%~dp0*.*" "\\%h%\c$\temp\tvnc" >nul 2>&1
psexec -e -d \\%h% c:\temp\tvnc\remote.bat %v%
goto ok
 
:2
psexec -e -d \\%h% c:\temp\tvnc\remote.bat %v%
goto ok
 
:3
xcopy /i /c /r /s /y "%~dp0uvnc" "\\%h%\c$\temp\uvnc" >nul 2>&1
xcopy /c /r /y "%~dp0*.*" "\\%h%\c$\temp\uvnc" >nul 2>&1
psexec -e -d \\%h% c:\temp\uvnc\remote.bat %v%
goto ok
 
:4
psexec -e -d \\%h% c:\temp\uvnc\remote.bat %v%
goto ok
 
:ok
echo Done!
goto end
 
:fail
echo Failed, %f%!
goto end
 
:end
pause

remote.bat code

This gets copied and then executed by psexec on the remote host.

  • Note, this example is allowing two subnets in on port 5900 via the (domain policy based) firewall.
  • Note, {1819B463-0603-43C1-96D3-13FC1C7CB70F} is just an arbitary GUID and can be anything that doesnt allready exist - you have to add domain policy rules via registry an not netsh, as it is a bit of a frig!
  • Note, To make Ctrl-Alt-Del, you need to run VNC as a service AND this registry key needs setting "SoftwareSASGeneration"=dword:00000001
  • Note 'net start/stop xxx' waits for the action to take place, wheras using sc doesn't and causes timing problems. It is easier to use net start/stop via psexec in a local script than using sc \\machine stop/start, to alleviate this issue.
@echo off
if [%1%] == [] (
	goto end
) else (
	goto %1
)
 
:1
%~dp0devcon64.exe install %~dp0driver/dfmirage.inf dfmirage
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /V SoftwareSASGeneration /D 1 /T REG_DWORD /F
reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules /V {1819B463-0603-43C1-96D3-13FC1C7CB70F} /D "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=5900|RA4=192.168.2.0/255.255.255.0|RA4=192.168.11.0/255.255.255.0|Name=Remote Support (TCP-In)|"
regedit /s %~dp0vnc.reg
%~dp0tvnserver.exe -reinstall -silent
net start tvnserver
net stop mpssvc
net start mpssvc
goto end
 
 
:2
%~dp0tvnserver.exe -stop -silent
%~dp0tvnserver.exe -remove -silent
reg delete HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules /V {1819B463-0603-43C1-96D3-13FC1C7CB70F} /F
reg delete HKLM\SOFTWARE\TightVNC /F
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /V SoftwareSASGeneration /D 0 /T REG_DWORD /F
net stop mpssvc
net start mpssvc
taskkill /f /im tvnserver.exe
%~dp0devcon64.exe remove %~dp0driver/dfmirage.inf dfmirage
rmdir /q /s %~dp0
goto end
 
:3
%~dp0certmgr.exe -add %~dp0driver/mv2.cer -c -s -r localMachine TrustedPublisher
%~dp0devcon64.exe install %~dp0driver/mv2.inf mv_hook_display_driver2
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /V SoftwareSASGeneration /D 1 /T REG_DWORD /F
reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules /V {1819B463-0603-43C1-96D3-13FC1C7CB70F} /D "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=5900|RA4=192.168.2.0/255.255.255.0|RA4=192.168.11.0/255.255.255.0|Name=Remote Support (TCP-In)|"
%~dp0winvnc.exe -install
net stop mpssvc
net start mpssvc
goto end
 
 
:4
net stop uvnc_service
%~dp0winvnc.exe -uninstall
reg delete HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules /V {1819B463-0603-43C1-96D3-13FC1C7CB70F} /F
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /V SoftwareSASGeneration /D 0 /T REG_DWORD /F
net stop mpssvc
net start mpssvc
%~dp0devcon64.exe remove %~dp0driver/mv2.inf mv_hook_display_driver2
%~dp0certmgr.exe -del -n "uvnc bvba" -c -s -r localMachine TrustedPublisher
rmdir /q /s %~dp0
goto end
 
:end

alternative rule location if not blocked by GPO

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

non-Domain situation

Replace

reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules /V {1819B463-0603-43C1-96D3-13FC1C7CB70F} /D "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=5900|RA4=192.168.2.0/255.255.255.0|RA4=192.168.11.0/255.255.255.0|Name=Remote Support (TCP-In)|"

with

netsh advfirewall firewall add rule name="Remote Support (TCP-In)" dir=in action=allow protocol=TCP localport=5900 remoteip=192.168.2.0/24

and

reg delete HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules /V {1819B463-0603-43C1-96D3-13FC1C7CB70F} /F

with

netsh advfirewall firewall delete rule name="Remote Support (TCP-In)" 

and you can remove the firewall restart part (net start/stop mpssvc)

VNC config

TightVNC via vnc.reg code

  • Note, this example is allowing two subnets in on port 5900 via tightVNC server, if you dont want any control on TightVNC remove IpAccessControl entry.
Windows Registry Editor Version 5.00
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server]
"ExtraPorts"=""
"QueryTimeout"=dword:0000001e
"QueryAcceptOnTimeout"=dword:00000000
"LocalInputPriorityTimeout"=dword:00000003
"LocalInputPriority"=dword:00000000
"BlockRemoteInput"=dword:00000000
"BlockLocalInput"=dword:00000000
"IpAccessControl"="192.168.138.0-192.168.138.255:0,192.168.11.0-192.168.11.255:0,0.0.0.0-255.255.255.255:1"
"RfbPort"=dword:0000170c
"HttpPort"=dword:000016a8
"DisconnectAction"=dword:00000000
"AcceptRfbConnections"=dword:00000001
"UseVncAuthentication"=dword:00000001
"UseControlAuthentication"=dword:00000001
"LoopbackOnly"=dword:00000000
"AcceptHttpConnections"=dword:00000000
"LogLevel"=dword:00000000
"EnableFileTransfers"=dword:00000001
"BlankScreen"=dword:00000000
"RemoveWallpaper"=dword:00000001
"UseMirrorDriver"=dword:00000001
"EnableUrlParams"=dword:00000001
"Password"=hex:ab,3c,1d,c5,7c,e0,9e,d1
"ControlPassword"=hex:3c,7f,f3,b3,ab,38,7c,e8
"AlwaysShared"=dword:00000001
"NeverShared"=dword:00000000
"DisconnectClients"=dword:00000000
"PollingInterval"=dword:000003e8
"AllowLoopback"=dword:00000000
"VideoRecognitionInterval"=dword:00000bb8
"GrabTransparentWindows"=dword:00000001
"SaveLogToAllUsersPath"=dword:00000000
"RunControlInterface"=dword:00000001
"VideoClasses"=""

UltraVNC via ultravnc.ini

This is pretty default. (Have added PollFullScreen=1 which is meant to be default, but for whatever reason it doesn't seem to stick)

[Permissions]
[admin]
FileTransferEnabled=1
FTUserImpersonation=1
BlankMonitorEnabled=1
BlankInputsOnly=0
CaptureAlphaBlending=1
BlackAlphaBlending=0
DefaultScale=1
UseDSMPlugin=0
DSMPlugin=
DSMPluginConfig=
primary=1
secondary=0
SocketConnect=1
HTTPConnect=0
XDMCPConnect=0
AutoPortSelect=1
InputsEnabled=1
LocalInputsDisabled=0
IdleTimeout=0
EnableJapInput=0
QuerySetting=2
QueryTimeout=10
QueryAccept=0
LockSetting=0
RemoveWallpaper=1
RemoveEffects=0
RemoveFontSmoothing=0
RemoveAero=1
DebugMode=0
Avilog=0
DebugLevel=0
AllowLoopback=0
LoopbackOnly=0
AllowShutdown=1
AllowProperties=1
AllowEditClients=1
FileTransferTimeout=30
PollFullScreen=1
KeepAliveInterval=5
SocketKeepAliveTimeout=10000
DisableTrayIcon=0
MSLogonRequired=0
NewMSLogon=0
ConnectPriority=1
[ultravnc]
passwd=3F781DC538D09EC631
passwd2=3F781DC538D09EC631

External Links

Some other options about installing/packaging UltranVNC http://wpkg.org/Talk:UltraVNC

64bit devcon.exe http://munashiku.slightofmind.net/20090621/sometimes-64-bit-is-a-pain

Comments

blog comments powered by Disqus