WinVNC - The Windows NT VNC server
is a VNC server that will allow you to view your Windows desktop from any
VNC viewer. Because Windows in its present, standard incarnation, only
supports a single graphical user being logged in at any one time, WinVNC
makes the existing desktop of the PC available remotely, rather than creating
a separate desktop as happens with the Unix server. It is only fair to
emphasise this: VNC does not make an NT machine into a multi-user
server in the same way that Citrix-based software, for example, does. A
single NT machine can therefore be accessed by multiple users, but if they
all connect at the same time they will all see the same desktop!
On the other hand, WinVNC will run on Windows 95, Windows98, Windows
NT 4.0, Windows 2000 and on any future Win32-based systems, without the
need to replace any system files or run any OS-specific versions of the
program. It is a standard application that can be run from the Start...
menu and closed down just as easily.
WinVNC can also be run as a service, which means that you can log
in remotely, do some work, and log out again. We recommend that you
run it in this mode. See below for more details.
And, of course, WinVNC is free. We hope that making the source code
available will enable others to suggest improvements to any and all aspects of WinVNC.
If you haven't yet read the 'Getting Started'
page, you might like to do that first to give you the general concepts.
WinVNC is simple to install and to use:
Run the WinVNC setup program. (If you received VNC as a ZIP or TAR archive, you'll need to unpack it first!)
Select Install Default Registry Settings from the WinVNC folder
in the Start menu. This will install the default hooks settings,
which are tweaked to cope with some common, uncooperative
applications, such as the clock. This is not vital, but will make
things run a bit better. See later for more information about the
WinVNC can now be run (in Application mode) from the Start
menu. Alternatively, you can use the Start->Settings->Taskbar menu to
add a shortcut to your Startup group, which will cause WinVNC to be
run every time you log in. NOTE: After some initial tests, we suggest
you run WinVNC as a service instead of as an application. See below
for more information.
On starting, WinVNC will add a small, green version of the VNC icon to
the system task bar. Clicking on this icon with the right mouse button
will cause a menu to be displayed, with the following options on it:
Moving the mouse over the icon should cause the IP addresses of the local
machine to be displayed, if they can be discovered at that time.
- This will cause the
User Properties dialog to be displayed, allowing the user to change various
per-user WinVNC parameters.
- This allows outgoing
connections to be made from the server to any "listening" viewer. The name of
the target viewer machine can be entered in the dialog. Connections created this
way are treated as shared, as of 3.3.3R2. See also the -connect option below.
- This will disconnect
all currently connected clients from the server.
- This should be obvious!
- Shutdown the server.
You can connect to the server from another machine using a VNC viewer,
as described in the Getting Started page.
The following options are available from the Properties dialog.
- The server
normally accepts direct, socket-based connections from the vncviewer program.
Clearing this tick-box disables direct connection to WinVNC, so that only
the CORBA interface used by our internal version may be used to start a
connection. (See AT&T internal version
info). For the public version, clearing this will disable any incoming
- This allows the user to
specify the display number which the server will use. There is normally
no need to change this from the default of zero.
Auto - This tick box indicates to WinVNC
whether it should use the display number specified in the Display Number
box, or whether it should use the first display number not already in use
on the server machine.
- Incoming connections must be
authenticated to verify that the person connecting is allowed to connect
to this machine. This text box allows your password to be specified for
Any new incoming connections will be able to view the screen but not send
This is experimental, and works on NT only. If selected, then the local keyboard
and mouse will be disabled during a connection. Useful if you want to log in to
a machine from elsewhere and don't want passers-by to be able to use your session.
Note that clicking in a window will generally cause it to be updated,
so if you have certain applications which don't update very well, try this!
The default update handling settings should be the right ones for most
people, and in general you will slow things down by changing them, so don't
do this unless you have applications which cause problems.
The user's settings are saved into the user-specific section of the registry
when WinVNC quits, meaning that they will be used next time you run WinVNC.
- Some applications are
incompatible with the methods currently used in WinVNC to trap screen updates.
For this reason, it is sometimes useful to be able to poll the entire screen
in order to check for changes, sacrificing performance for accuracy.
- Polling only the
currently selected window for changes is less CPU intensive than full-screen
polling and often gives similar results, for example when using the Command
Prompt, which is not normally compatible with WinVNC.
- A variation on
Poll Foreground Window, this option causes the window under the mouse cursor
to be polled for changes. Both options may be enabled simultaneously if
- When this option
is set, the only windows which will be ever be polled are Command Prompts.
This works well in conjunction with Poll Window Under Cursor, to use polling
only when the cursor is over a console window.
- When this
option is set, the screen will only be polled for updates when a mouse
or keyboard event is received from the remote client. This is provided
for low bandwidth networks, where it may be useful to control how often
the screen is polled and changes sent.
Running WinVNC as a service
WinVNC can now be made to run as a service process under both Windows NT
and Windows 95/98, by following the instructions outlined below. This allows you to connect to a machine which has nobody logged in to it, for example.
On NT, you can also send Ctrl-Alt-Del to the server when it's running as a service, allowing you to unlock a locked workstation, for example. Note that in 'service' mode, many features are changed on a per-machine rather than per-user basis. You can access the per-machine 'Defaults' from the 'Administrative Tools' section of the VNC Start Menu group.
The following 'features' should also be pointed out:
Windows NT 'features':
Windows 95 'features':
WinVNC will attempt to correctly identify the user and locate their
preferred settings in the registry (unless AllowProperties has been
used to disable this - see below). To do this requires that a helper
application be run when a user logs in, which will pass appropriate
information to the main service portion of WinVNC. If the helper
fails to run for some reason then WinVNC will continue to operate but
it won't know who is logged in, so its settings will be based on the
local-machine and default-user settings only.
General features for both Windows NT and Windows 95:
Whether or not the VNC password is set per-machine or per-user depends
on the settings in the Passwords section of the Control Panel. If
Win95 is set to use a different set of registry values for each user then
when a user logs in, the password will change from the per-machine VNC
password to that user's VNC password. If Win95 is set to use the
same settings for all users then the per-machine VNC password will always
Here's how to get it running as a service, assuming you've already installed
it. Under Windows NT you need to have administrator privileges on the local machine, so log on as administrator if your account doesn't have these.
Anything which causes the Windows VNC server to change screen
resolution will also cause all viewers to be disconnected, and you'll
need to reconnect. Logging in can sometimes do this if the user has a
different screen setup from the system default.
If a user has specified a display number which is different from the
default used by the service, viewers will be disconnected as that user
When WinVNC is running as a system service, no user-level copies can be
run at the same time.
Select "Install WinVNC service" from the WinVNC Administrative Tools section of the Start menu.
Open a Command Prompt and run WinVNC with the -install option. eg:
C:\> cd "\Program Files\ORL\VNC"
C:\Program Files\ORL\VNC> winvnc -install
- Windows 95 : The WinVNC service is now running and is installed
to run whenever the system boots up into Windows 95.
Windows NT : The WinVNC service is installed and set up to
run whenever the machine is booted into Windows NT but IS NOT YET
RUNNING! It will run when the machine next reboots. If you want to
start it immediately, you can use the Services section of the Windows
control panel, or "net start" from the command prompt:
C:\> net start winvnc
The service should now be running, but won't know that you are logged in until you log out and back in again. It won't yet appear on the taskbar. You can run the WinVNC Service Helper from the start menu to tell it who you are!
If you wish to change the WinVNC settings (eg. password) when it is
not visible on the taskbar, you can use Show User Settings from the WinVNC section of the Start menu.
you wish to change the default settings used by the service when
there's nobody logged in, or no user-specific settings in are use, use Show Default Settings from the
Administrative Tools subsection of the WinVNC Start Menu. See below for more information about defaults.
NOTE : Windows 95 : If Win95 has been set to use different settings
for each user then the settings used are those of the currently logged
in user. If no user is logged in or Win95 is set to use the same
settings for all users then the settings used are the Default user settings
and are stored per-machine, rather than on a per-user basis as is done
when running WinVNC normally. (Under Win95, pressing Cancel on the
login dialog gives access to the Default user settings.)
When you wish to install a new version of WinVNC or simply wish to remove
WinVNC from your machine, you must first remove the service
from the system, using the WinVNC Administrative Tools or the -remove command-line option.
NOTE : A message about failure to remove the service usually indicates that it was not
installed in the first place!
The full command-line options available are as follows. You probably won't need anything other than those listed above
unless you're a real VNC power-user!
- Causes WinVNC to run
normally & ignore rest of command-line.
- Installs the WinVNC service and continues reading
- Removes the WinVNC service and continues
reading the command-line.
- Tells a running copy of WinVNC to show the User Properties
- Tells a running copy of WinVNC to show the Default Properties box.
- -connect host
Tells a running copy of WinVNC to initiate an outgoing connection to a listening viewer running on the specified machine.
This is the equivalent of the 'Add New Client' menu option. You can put multiple -connect options on one command line to connect to multiple viewers at once.
- Kills a running copy of WinVNC.
- Tells a running copy of WinVNC to
show its About box.
If no options are given then WinVNC runs normally. Multiple options may
be given, so, for example, to upgrade a currently running WinVNC service to
a new version, you could use:
WinVNC_new -remove -install
which will stop & remove the old copy & install the new one
as a service, or
WinVNC_new -kill -run
which will stop the running copy & run the new version as an application.
WinVNC - Advanced Settings
Extra options have been added to WinVNC for use primarily by system administrators,
to tailor the server's behaviour to meet their particular needs.
The options are DWORD values which can be set in the system registry, and
tools such as the Windows Policy Editor can be used to apply these settings
across a large number of machines.
Versions 3.3.2 R5 and later use a more sophisticated organisation of
these options to allow more flexibility. It also makes it rather
complex, so we're thinking about alternative ways of doing this. WinVNC
will currently look for settings in the following places:
Most options can only be specified in a subset of these places, as specified
in each option's description below.
Local machine-specific settings. Options specified here are not
Local default user settings. Location:
Local per-user settings. These override the local default
user settings. If there is no current user, the username SYSTEM will be
Global per-user settings. These are only read if AllowProperties
has not been set to zero (see below) Location:
By default, all WinVNC servers will not accept incoming connections
unless the server has had its password field set to a non-null value.
This restriction was placed to ensure that misconfigured servers would
not open security loopholes without the user realising. If a server
is only to be used on a secure LAN, however, it may be desirable to forego
such checking and allow machines to have a null password. Setting
this registry value to zero will disable null-password checking by WinVNC.
By default, WinVNC servers disallow any vncviewer connections from
the same machine. For testing purposes, or, potentially, when
using multiple instances of WinVNC on Windows Terminal Server, this behaviour
is undesirable. Setting this registry entry to 1 will cause local-loopback
connections to be allowed. Setting it to zero will filter out such
connections. Local machine-specific setting.
If this is set to zero, the user is not allowed to view the properties
dialog and hence cannot change any settings, including the password.
Note that this stops all global per-user settings. A valid password must
therefore be in force before using this setting, generally in the local
default-user setting. Local per-user setting.
If this is set to zero, the user is not allowed to close down WinVNC.
The AuthHosts setting is, unlike the other settings, a REG_SZ string.
It is used to specify a set of IP address templates which incoming connections
must match in order to be accepted. By default, the template is empty and
connections from all hosts are accepted. The template is of the form:
In the above, [ip-address-template] represents the leftmost bytes of the
desired stringified IP-address. For example, +158.97 would match both
188.8.131.52 and 184.108.40.206. Multiple match terms may be specified,
delimited by the ":" character. Terms appearing later in the template take
precedence over earlier ones. e.g. -:+158.97: would filter out all
incoming connections except those beginning with 158.97. Terms beginning with
the "?" character are treated by default as indicating hosts from whom connections
must be accepted at the server side via a dialog box. The QuerySetting option
determines the precise behaviour of the three AuthHosts options.
Local machine-specific setting.
The QuerySetting allows individual users to tailor the degree of paranoia
expressed by the per-machine AuthHosts setting. It is a DWORD value ranging from
zero (maximum availability) to four (maximum security). The following table
indicates how the value affects the AuthHosts behaviour:
0 - +:Accept, ?:Accept, -:Query
1 - +:Accept, ?:Accept, -:Reject
2 - +:Accept, ?:Query, -:Reject [Default]
3 - +:Query, ?:Query, -:Reject
4 - +:Query, ?:Reject, -:Reject
By default, value 2 (Obey AuthHosts) will be assumed.
Local & global per-user setting.
The QueryTimeout setting indicates the number of seconds for which the
Accept Connection dialog (see AuthHosts and QuerySetting options) will be
displayed before rejecting the incoming connection automatically.
Local & global per-user setting.
Causes WinVNC to select the first available display number automatically.
Corresponds to the 'Auto' checkbox in the Properties dialog. Local or
Global per-user setting
Only relevant in internal AT&T version. Local or Global per-user
Run-time logging of all internal debug messages is now supported. Log
data may be output to a file or a console window (or the MSVC debugger
if the program was compiled with debugging active.) Two registry
keys are used:
DebugMode indicates which logging methods to use,
[1 = MSVC debugger]
2 = Output to log file Winvnc.log in the WinVNC directory
4 = Output to a console window, displayed on-screen
Any combination of the above values may be used. e.g. DebugMode=6
will cause output to be sent both to the WinVNC.log file and to the a console
window on the desktop.
DebugLevel indicates how much debug information to present. Any
positive integer is valid. Zero indicates that no debugging information
should be produced and is the default. A value of around 10-12 will
cause full debugging output to be produced. Local machine-specific setting.
By default, all WinVNC servers will disconnect any existing connections
when an incoming, non-shared connection is authenticated. This behaviour
is undesirable when the server machine is being used as a shared workstation
by several users or when remoting a single display to multiple clients
for vewing, as in a classroom situation.
ConnectPriority indicates what WinVNC should do when a non-shared
connection is received:
0 = Disconnect all existing connections.
1 = Don't disconnect any existing connections.
2 = Refuse the new connection.
This is a Local machine-specific setting.
This setting tells WinVNC how many seconds a connected VNC client may remain idle for (no input events or update requests) before being disconnected. If this setting is not specified or is set to zero then no timeout is enforced.
Local or Global per-user setting
Corresponds (inversely) to the 'Disable Remote keyboard and pointer'
option in the Properties dialog box. Local or Global per-user setting
WinVNC can be made to take actions when a viewer disconnectsby setting
this value as follows:
0 - none
1 - lock workstation on disconnect (not currently implemented)
2 - logoff on disconnect
Local or Global per-user setting
By default, WinVNC servers accept incoming connections on any network
adapter address, since this is the easiest way of coping with multihomed machines.
In some cases, it is preferable to listen only for connections originating
from the local machine and aimed at the "localhost" adapter - a particular
example is the use of VNC over SSH to provide secure VNC.
Setting this registry entry to 1 will cause WinVNC to only accept local
connections - this overrides the AllowLoopback and AuthHosts settings.
Setting this entry to zero causes WinVNC to accept connections on any adapter
and is the default setting.Local machine-specific setting.
Local or Global per-user setting
PollUnderCursor, PollForeground, PollFullScreen,
These correspond to the options in the Properties dialog box. Local
or Global per-user settings
specifies the port number to be used for VNC. You will need to disable AutoPortSelect to use this.
Local or Global per-user setting
Indicates whether or not WinVNC should remove the user's background wallpaper when an incoming connection is made. It is necessary to reconnect in order for this setting to take effect.
Local or Global per-user setting
This corresponds to the 'Accept Socket Connections' option in the properties
dialog box and is a Local or Global per-user setting.
VNCHooks - Advanced Settings
WinVNC uses a special library, VNCHooks, to hook into the other running
applications and retrieve notifications of areas of the screen being changed.
The VNCHooks library uses the messages sent to visible Windows to decide
which areas need considering for update. Not all applications use the same
method of updating the screen, so you can tweak the method used by WinVNC
for particular applications by editing the registry. All the entries listed
can be found under
When a window recieves a message, (WM_PAINT), indicating that it should
repaint itself, it is possible to find out precisely which regions have
changed, so that WinVNC need only scan those for potential updates,increasing
efficiency. However, this can cause graphical glitches occasionally, particularly
when an application scrolls the contents of its window, in which case only
the revealed section of the window is marked as needing to be updated.
If these glitches prove to be a problem then edit the <appname>\use_GetUpdateRect
entry in the registry. A value of one indicates that this optimisation
will be used, while a value of zero indicates that it will not.
A number of Windows applications, most notably the Clock program, use
WM_TIMER events to trigger updates to their displays, rather than WM_PAINT
messages. By default, timer messages are not used to notify WinVNC of potential
updates, since many programs use timer events for purposes other than updating
the screen. As a result, the clock and a few other applications don't normally
update correctly under WinVNC. The fix to this is to edit the <appname>\use_Timer
entry in the registry. A value of one indicates that WM_TIMER messages
will trigger WinVNC updates, while a value of zero indicates that they
Some Windows applications write characters directly to the screen when
a user types into a window, rather than using WM_PAINT messages to cause
the text to be redrawn. To fix this, WinVNC can scan the window every time
a key is pressed, in order to catch the change. To set this value for a
problem application, edit the <appname>\use_KeyPress
entry in the registry. A value of one indicates that key presses will cause
updates, while a value of zero indicates that they will not.
Some Windows applications update the display directly in response to
mouse clicks, without using intermediate WM_PAINT messages, for example.
In order to catch such updates, it is necessary to trigger WinVNC to update
the relevant window whenever the left mouse button is released. To set
this value for a problem application, edit the <appname>\use_LButtonUp
entry in the registry. A value of one indicates that left-button clicks
will cause updates, while a value of zero indicates that they will not.
The same rules apply to the middle and right buttons using the appropriate
The VNCHooks library catches messages sent to windows before
they are dealt with by the window. As a result, sending an update message
to WinVNC to indicate the potential change can result in WinVNC sending
the updated area to the client before it has actually been redrawn by the
application! This is a common problem, especially on multiprocessor versions
of NT, so deferred updates are used by default. Deferred updates are handled
by posting a custom message back into the window's own message queue rather
than posting to WinVNC directly. By the time this custom message is seen
again by the VNCHooks library, the message that caused it will have been
handled and the update can then be forwarded to WinVNC without danger of
being handled prematurely. A few programs don't handle these extra messages
in their queue very well, so this optimisation is optional. It can be set
by editing the <appname>\use_Deferral entry in the registry.
A value of one indicates that deferred updates will be used, while a value
of zero indicates that they will not.
Running on other Win32 systems
WinVNC runs fine on NT3.51 but the absence of a system tray means that
the Properties dialog cannot be accessed. In addition, Ctrl-Alt-Del
from clients cannot be correctly interpreted under NT 3.51, limiting WinVNC's
usefulness when run as a service on this platform. It also runs on
NT5 beta. If you have a choice we recommend NT4.0 with the latest service
If you have difficulties which are not covered by this document, try reading
the FAQ. If that doesn't help then try the
If you try to contact the developers directly, please remember that
VNC has hundreds of thousands of users, and we cannot, in general, respond
to individual queries. We will read your message, but don't expect an answer!