Troubleshooters.Com, T.C Linux Library and Litt's VNC Vestibule Present

Installing tightvnc on Win98

Steve Litt is the author of the Universal Troubleshooting Process Courseware,
which can be presented either by Steve or by your own trainers.

He is also the author of Troubleshooting Techniques of the Successful Technologist,
Rapid Learning: Secret Weapon of the Successful Technologist, and Samba Unleashed.

Contents

Disclaimer
Executive Summary
Logging in from a Linux based TightVNC client
Service vs App
Installation Procedure
Configuration

Disclaimer

This document discusses reading, and in some cases, writing to your Windows registry. This can lead to a computer that won't boot. There may be other risks. Make sure the data on your Windows box is backed up before using this materials.

You use this document at your own risk. I am not responsible for any damage or injury caused by your use of this document, or caused by errors and/or omissions in this document. If that's not acceptable to you, you may not use this document. By using this document you are accepting this disclaimer.

Executive Summary

This document covers, and was tested under, Windows 98. I run no Windows more advanced than Win98. For the reasons I never upgraded past Windows 98, look here, or here. I would imagine some of the information in the document you're now reading would pertain to more advanced Windows versions, and some wouldn't.

TightVNC is a "brand" of VNC that is free software. You can download an executable installer from the tightVNC website. Currently, the filename for that installer is tightvnc-1.2.9-setup.exe. Run that program. On the dialog box you'll see a checkbox asking if you want to install it as a service. Say yes. Reboot, and verify that it runs as a server by pressing Ctrl+Alt+Del before inputting a username and password. If the task list includes winvnc, you've correctly installed it as a server. But you're probably not done.

Passwords

The winVNC that ships with tightVNC has three sets of passwords: one for logging into VNC running as a service, and two, which usually match each other, for logging VNC running as an application under a specific username. Each of those password sets contains two passwords: one for read/write sessions, and one for read-only sessions. Here is a summary of those password sets, as they're recorded in the Windows registry:

	Registry location of password set	App or service	Set with this command:
1	[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\Default]	Service	winvnc -defaultsettings
2	[HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3]	User/app	winvnc -settings
3	[HKEY_CURRENT_USER\Software\ORL\WinVNC3]	User/app.	winvnc -settings

Passwords 2 and 3 seem to always be the same. If they exist, they are the password a VNC client must present when logging into VNC running as an application (meaning the login prompt window is NOT on the screen). If passwords 2 and 3 do not exist, then the VNC client must present password 1 to log into VNC running as an application . In all cases, if VNC is running as a service (meaning the login prompt IS on the screen), a VNC client must user password 1 to log in.

The situation is further complicated by an anomoly, an inconvenience and a gotcha:

Anomoly: The fields to acquire the passwords use stars to mirror your keystrokes. However, when you first bring up the window with those fields (winvnc -settings or winvnc -defaultsettings), those fields already contain stars, and the number of stars contained in those fields bears no resemblance to the current password, and should be ignored! Note that the initial stars are so meaningless that if you run the password acquisition window and click OK, your current password stays in force, regardless of the number of stars in the password fields.
Inconvenience: Once entered, passwords 2 and 3 cannot be deleted by any configuration of the winvnc command, meaning that there's no convenient way for you to reinstate the handy situation where password 1 determines the client password whether or not the login prompt is on the screen. The only way to delete passwords 2 and 3 is via regedit or a registry script.
Gotcha: There are several ways to run the password acquisition windows, including doubleclicking on the tray icon, which changes the user settings (passwords 2 and 3), Start->Programs->TightVNC->ShowUserSettings, which also changes the user settings (passwords 2 and 3), and Start->Programs->TightVNC->Administration->ShowDefaultSettings, which changes the default settings (password 1). If you're not aware of which password you're changing, it's a gotcha.

Logging in from a Linux based TightVNC client

Here's how you log into a Windows 98 based TightVNC server from a Linux based TightVNC client:

vncviewer wincli

vncviewer wincli.domain.cxm

or, if you cannot resolve a hostname for the windows box:

vncviewer 192.168.100.35

There are plenty of specialized options you can use, and these options can be seen by typing this command:

vncviewer -help 2>&1 | less

Some particularly interesting options include:

shared/noshared

Shared means the client shares the mouse and keyboard, so it's kind of like those old driver's ed cars where student and teacher have their own brake, accelerator and steering wheel, and kind of fight each other for control. While this doesn't sound appetizing, in fact it's ideal for troubleshooting assistance or interactive teaching.

Having several technologists on a conference call also have shared input to the Windows box makes for highly productive, if somewhat undisiplined, groupware.

-viewonly

This is the setting you want in order to perform non-interactive teaching. The student watches the Windows session very much like he'd watch a video or television, while the instructor manipulates the Windows environment.

Service vs App

In Linux, Unix or BSD, a service is a piece of software that runs at boot time, whereas an application is a piece of software a user runs, either by running it explicitly, or by having the user's login script run it. No matter how many users subsequently log onto the machine, if the software was started as a service, it remains a service. Obviously, if you run a headless box and want a server avialable without any user intervention on the serving box, you'd run the program as a service.

With respect to TightVNC on Windows 98, the situation is similar but has a little different. With TightVNC on Windows 98, if you run TightVNC (winvnc) as a service, the default configuration (including passwords) are in effect. However, if somebody subsequently logs into the machine by either inputting the username and password into the login window, or even cancelling out of the login window, from that point on, the user configuration (including passwords) is in effect. It's almost as if, when the user logs in, the service version of winvnc re-spawns itself as an application.

If the default and user passwords are different, and you try to remotely log on with a VNC client, the password you must use depends on factors you cannot yet see. For that reason I recommend always having the default and user passwords match, or better yet, do not have user passwords.

Installation Procedure

Remember, this entire procedure is performed on a Windows machine, in order that you can operate a Windows computer from your Linux console. All commands and programs documented herein are Windows commands and programs.

The first thing to do is download the installation executable from http://tightvnc.com/download.html. This document was written on 5/27/2005, when the current tightVNC version was 1.2.9. If your version is different, this documentation should probably still be good if you substitute your version number for 1.2.9.

After downloading the installation executable, you run it, as shown below:
Installation command

You are presented with a welcome screen. Close all programs except for the installation program and the MS-DOS prompt that spawned it, and click Next.

You're now presented with the license and usage terms. Read them, and if you agree, click Next. If you disagree, click cancel, and do not use tightVNC.

License

Now the program asks you the directory into which you want to install the tightVNC executables, data and documentation. Unless you have a strong reason to do otherwise, accept the default. The entire distribution is less than 2 MB, so it probably won't significantly affect your free space on your C: drive. When you've accepted the default or input a custom directory, click the Next button.

Destination directory screen

The setup program now gives you a chance to select which components you want to install. Unless you have a strong reason to do otherwise, choose "full installation". When you've made your choice, click the Next button.

Component selection screen

Now the setup program asks where setup should place tightVNC's shortcuts. You probably want to choose the default, TightVNC. If you have multiple versions or some other reason for not accepting the default, type in your choice. Either way, when you're done, click the Next button.

Start menu text screen

The next screen asks you to choose additional tasks for the setup program to perform. The two choices are "Associate .vnc files with TightVNC Viewer", and "Register TightVNC Server as a system service". Only the first is checked by default.

You probably also want to check the second. Here's why. Unless TightVNC server is registered as a service, it must be run as an application under a username. That means that somebody must log into the machine before TightVNC would be run (probably as part of their login script, or whatever Windows has that resembles a login script). If this Windows machine is intended to be headless, that won't work, because nobody can access the headless machine to log in.

That means, unless you intend to always provide the Windows machine with a monitor and keyboard, and unless you're willing to take the time and trouble to log in from that monitor and keyboard, you want to install TightVNC Server as a system service. By doing so, TightVNC Server will respond to VNC client requests immediately upon bootup, without the need to log in as a user.

Once you've checked both options, click the Next button.

Select additional tasks screen

You're now resented with the "Ready to Install" screen, which enumerates all your installation choices. Scan your choices. If they're what you want, click the Install button. If they're not what you want, click the Back button one or more times to make the desired changes.

Ready to install screen

This being a Windows 98 program, you need to reboot to make the installation "stick". The next screen gives you the opportunity to reboot. Make sure the "Yes, restart the computer now" radio button is enabled, and click the Finish button.

Completing wizard screen

The computer reboots, and you're presented with a login prompt. Log in as usual, and a few seconds later a VNC icon (

) should appear in your system tray. You're done with installation, and you're now ready to configure.

Configuration

WARNING

The TightVNC server config windows, both for user and default, show what looks like current values in the two password fields. Both fields have a string of asterisks. This string of asterisks has nothing to do with the real password. If you type a password in the fields, click OK, and then pull up the config screen again, the number of stars remains unchanged. Don't let this behavior fool you -- you changed the password successfully. Similarly, if the current number of asterisks does not match the length of the current password, clicking OK without inputting anything in the password fields leaves the current password intact. In other words, the asterisks you see when first pulling up a VNC server config window mean absolutely nothing.

IGNORE THE ASTERISKS IN THE PASSWORD FIELDS!!!

In Windows 98, VNC server passwords are kept in the registry as some sort of checksums. There are three sets of passwords:

Registry location of password set	Purpose of password set	Override	Set by
[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\Default]	This is the machine default. This is the only password that matters if nobody is logged in (in other words, the login prompt is on the screen)		winvnc -defaultsettings
[HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3]	This is the default for all users.	Overrides everything above if a specific user is logged in, or if someone cancelled out of the loging screen.	winvnc -settings
[HKEY_CURRENT_USER\Software\ORL\WinVNC3]	This is the password for the currently logged in password. From my observation, in practice it is always the same as the default for all users ([HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3]).	Overrides everything above if a specific user is logged in, or if someone cancelled out of the loging screen.	winvnc -settings

NOTE

In TightVNC-speak, password set 1 is the "default configuration", while 2 nad 3 are the "user configuration". Default configuration can be started in any of the following ways:

winvnc -defaultsettings
Start->Programs->TightVNC->Administration->ShowDefaultSettings

User configuration can be performed in any of these ways:

winvnc -settings
Start->Programs->TightVNC->ShowUserSettings
Doubleclick the VNC icon in the taskbar tray

In the previous list of registry locations, each one contains two passwords, one called "Password" and one called "PasswordViewOnly". Their purpose is self explanatory.

The following setup instructions assume that you want the VNC server to run as a service so it can run on a headless box, and that you want the same passwords whether or not somebody is logged into the Win98 box.

cd "c:\program files\tightvnc"
winvnc -defaultsettings
Type the desired password and view-only password
Click the OK button
Reboot the computer
Log in with a VNC client, and use the password you just input

The Password That Would Not Die

Once you or anyone else has used the winvnc -settings command, or doubleclicked on the VNC icon and input a password, there is no way to delete that password. Setting it to blanks does not delete it. The only way you can delete it is from regedit.

Therefore, once someone has used the winvnc -settings command or doubleclicked the VNC icon, you have only two choices, neither of which is pleasant:

Syncronize the passwords in the winvnc -settings command every time you use the winvnc -defaultsettings command or...
Using regedit or a .reg script, delete the passwords from [HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3] and [HKEY_CURRENT_USER\Software\ORL\WinVNC3].

The following is the .reg script I use make the deletion. You should NOT use this .reg script as it is likely to mess up your registry. I am not responsible for damage caused by any attempt to use this registry script, and I make no claim that this registry script is correct, safe or bug free. I put it in this web page merely as an illustration:

REGEDIT4

[HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3]
"Password"=-
"PasswordViewOnly"=-

[HKEY_CURRENT_USER\Software\ORL\WinVNC3]
"Password"=-
"PasswordViewOnly"=-

There's a more brute force method, which might come in handy some day:

Access the computer with a real console. This procedure will kill VNC half way through the session.
Decide on a password for read/write access and one for readonly access.
Kill the VNC server by leftclicking the VNC server icon in the system tray, then click "Close VNC".
Delete ALL SIX of these values from the registry, and make sure they're deleted:

HKEY_CURRENT_USER\Software\ORL\WinVNC3\Password
HKEY_CURRENT_USER\Software\ORL\WinVNC3\PasswordViewOnly
HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3\Password
HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3\PasswordViewOnly
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\Default\Password
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\Default\PasswordViewOnly

Reboot the Windows machine
DO NOTHING when confronted with the login prompt. The machine is still thinking.
After a few seconds to a minute after the login prompt appears, you will be confronted with a message saying you have no default VNC password. Click OK.
Now the gui window appears to acquire the passwords and any other info you want to change. Input the passwords you want, and click OK. Pay no attention to any default that might appear -- it's probably garbage.
Now try to log in from a remote VNC client, using the password you just input. It should work.