Create your own VNC support package in 640Kb

Like a lot of people, a lot of my friends are computer-savvy - either they are in the field or have grown up with them and like using them. With that comes the expected responsibility, usually family or sometimes friends will say "My computers broken, come and fix it for me"

Assuming you are going to help them (one friend came up with the solution of telling people they need a new PC every single time or taking their PC home with them and never bothering to return it) carting yourself to your parents/family/friends every time they have an issue or question is not always convenient, so remote assistance (of course!) is the answer.

Now, there is a remote assistance built into XP. However, unless both sides are set up with uPnP routers, Windows XP, MSN messenger (and some luck) it can be troublesome.
With this in mind, we created a package at runPCrun using the popular and open source TightVNC. We've used it successfully for many years at runPCrun using reverse connections to get around the problem of NAT traversal and it's always worked very well.

I'm releasing a cut down version of the Inno Setup source we use to package it, along with simple instructions for you to follow to create your own support package.
It's a simple piece of scripting but it can be deployed quite effectively. Now I am aware there are things like UltraVNC Single Click (here is a good Lifehacker article on the subject), and it definitely has it's place and we use it ourselves. However two main limitations apply

  • It can't be run as service, so no logoff/logon can be performed and Ctrl-Alt-Del is not supported.
  • Other useful utilities aren't packaged with it

This package is created just once, which will create a setup program for people to be able to install and connect to you. This setup package can be sent via email (or linked via a website download) to anyone that needs your help.

Because it uses reverse connections, it will work through almost all NAT devices and firewalls, and is not dependent on Windows XP, MSN Messenger or anything else on their PC for it to work. It will work on Windows 98/98SE/Me/2000 as well as XP on both sides. (Even Linux/WINE) .
Of course any personal firewalls that ask for applications to be "allowed" out from the PC will need to be unblocked for this to work (as with any other application) These usually signal you at the time of install so shouldn't be any more of a problem than usual. Any hardware firewalls with "Deny" rules can affect it also but these are unlikely in a home environment.

Interested? Then lets build the package.


Making yourself available for connection

If you do not have a static IP address from your ISP then I recommend using a Dynamic DNS Provider. Dynamic DNS providers such as No-IP and DynDNS have worked very well for me in the past.
Some commercial routers support dynamic DNS from various providers out of the box also, so you don't have to run any programs or services on your PC. I know Netgear do this and some Linksys routers.

Once you have a DNS lookup for your routers IP, open port 5500 on your router and forward it to your PC. This is usually very simple but it is individual to each router so there are no step-by-step instructions here.
You should be able to leave it forwarding permanently without any problems, as no other services other than reverse VNC use it as far as I am aware.


Downloading the software you need

  1. Download and install the latest Inno Setup (it's free software)
  2. Install and leave "Associate Inno Setup with the .iss file extension" checkbox ticked - this will come in useful a bit later.
  3. Now we will get the files to include in our package. Download and extract OR if you wish to skip to the next section then you may download
  4. Get the remote support package - TightVNC by going to
  5. Download the latest "Complete set of executables, no installer"
  6. Extract these files, and then place these 3 files into your source\vnc folder.
  • WinVNC.exe
  • VNCHooks.dll
  • vncviewer.exe

You don't have to use TightVNC, UltraVNC works just as well with no changes. I am sure other flavours of VNC such as RealVNC should work also if this is your preference, the changes necessary should be minimal at best, however this is outside the scope of this article so I'll leave that for you to figure out.


Modifying the script to connect to you

Open "mysupport.iss" in InnoSetup. (you can double click on it if the file extension was ticked previously)

In the file there is a section stating

;***********THIS IS THE PART YOU MUST EDIT BELOW **********
Connect to Me
Name: "{group}\Get help"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect"; WorkingDir: "{app}";

;"Connect to" on Desktop if desktop icon checkbox selected
Name: "{commondesktop}\Get help"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect"; Tasks: desktopicon
;***********THIS IS THE PART YOU MUST EDIT ABOVE ************

You must edit the part to match the DNS of your broadband line or your IP if it is static and have no DNS assigned.

Under [Setup] at the start of the file there is variables like AppName, AppVerName, DefaultDirName etc. If you want you can customise the name of the setup and the resulting directory it is installed too

Once your editing is complete, press Build > Compile in InnoSetup and your resulting setup.exe will be sat in the Output folder. Here is the example compilation.


How to use it

  • Have your Dynamic DNS program running (if necessary)
  • Have the VNCViewer program running in "Listen" mode, preferably with 8-bit colour for the best performance. (you can make a shortcut with "vncviewer.exe" /8bit /listen if you want)

Now the next time your father/sister/uncle/girlfriend/grandmother needs your help,

  1. Tell them download the setup. You can send it via email or a web download link.
  2. Ask them to install it. Just double click the install and click "Next" until finished.
  3. If the PC pops up a firewall or antispyware warning, talk them through it. Windows XP SP2 will quite often ask if you want to "Block" VNC. In which case blocking is fine because we don't need inbound connections. If similar firewall software asks you what to do you may block inbound, but don't block outbound. VNC is sometimes identified as a "Potentially Unwanted Program". Of course any remote support program could be put to evil use so this identification is normal. If you want this to work then leave the "PUP" installed.
  4. Ask them click on the "Get Help" icon, and their screen pops up on yours.
get help icon

Any more help requests just need this double click on this "Get Help" icon. (with your listener running), nothing more.

No more mess, no fuss, no bother!

WARNING: This tutorial has used VNC without ANY encryption configured. It is possible that a "man in the middle" attack could be performed "sniffing" what you are doing and reconstructing any keypresses or details that you deal with whilst in the remote session. This tool is designed for troubleshooting purposes only. DO NOT log into secure networks such as banking websites etc whilst using this support tool! You have been warned!


So what else is in there?

Some useful extras in the "Diagnostics" sub-menu.

diagnostics menu

  • Edit Hosts - Opens the hosts file in notepad.
  • IP Config -Puts ipconfig /all up in a command box, useful if they have no connectivity.
  • IP Renew - Does a ipconfig /renew
  • Network Diagnostics - Shows the your current IP, and does various tests to diagnose network and Internet connectivity if you can't connect.
  • Network Diagnostics (log) - In the cases of intermittent failure of network or Internet this does the above test but logs it quietly to a text file for later analysis.
  • Reset TCPIP-log (log) - Resets TCP/IP stack using the netsh command.
  • Restart Print Spooler - Stop/start printer spooler. Cures some common printer problems.
  • Router web interface - Opens up the Default Gateway in the default browser. A lot of routers have web interfaces.
  • System Restore - The standard Windows System Restore feature.

Plugging in extra software to cover more situations

There are other pieces of software worth plugging into the package. To have them there to be ready and waiting when disaster strikes is most useful. I've presented these two components as I deem them the most important, although there are many more that are worthy of inclusion.

Web browser

The first is a replacement web browser, Off By One Web Browser is perfect at 1.2Mb (~450kb compressed in our installer) in case the existing browser fails to function, especially in cases of malware/fraudware. A replacement browser waiting to download a fix is useful (I try not to assume that everyone has Mozilla Firefox / Opera or Chrome installed). Win32 wget could suffice, but not really as friendly.

  • Go to
  • and download the Off by One in ZIP (with or without SSL)
  • Extract and place it in \source\diagnosis folder
  • Remove the ; from the start of line 43 - changing

;Name: "{group}\Diagnostics\OB1 Browser"; Filename: "{app}\diagnosis\ob1.exe";
Name: "{group}\Diagnostics\OB1 Browser"; Filename: "{app}\diagnosis\ob1.exe";

Spyware removal and other startup programs removal

Secondly, HiJackThis - as well as being a general hijackers detector and remover, I find it is a quick way of seeing all the programs that run at startup, and be able to prune them as necessary.

  • Download the latest HijackThis and place in \source\diagnosis folder.
  • Remove the ; from the start of line 46 - changing

;Name: "{group}\Diagnostics\HijackThis"; Filename: "{app}\diagnosis\HijackThis.exe";
Name: "{group}\Diagnostics\HijackThis"; Filename: "{app}\diagnosis\HijackThis.exe";

Please note that since this article was written Trend Micros have bought HijackThis. Please refer to the current EULA if distributing commercially. 

Of course if you want add more, you can add them to the diagnosis folder, and create the shortcuts in the Innosetup script similar to the ones already present.
Obviously there are also many,many more useful (and small) programs out there for PC repair and diagnosis that you can package up with this if you so wish. (See the 32Mb USB PC Repair Kit for a whole bunch) My aim here was to keep the package as small as possible and just show how easy it is to create this tool.

Removing the support package

Just remove as normal using the Control Panel > Add / Remove Files window.

add remove programs window

So that's it. If anyone decides to add more tools, improve and make this remote support package much better then I would love to see the results, just comment here or send them in to

mysupportwithfiles.zip446.58 KB
mysupport.zip11.07 KB
setupexample.exe638.95 KB


Thank you for the tutorial on the TightVnc support tool. I do however have one question - regarding the default password created in tight vnc. I noticed that when compiling the support tool there is a section for the password, which is listed in HEX. How can this be changed, and what is the default password? I have tried initiating an outbound connection and it does require a password. Please email me back at tech at fixthecomputer dot net Thanks, Robert

The default password is "runpcrun".

We use this behind NAT's, or if they are that 1% of the population directly connected to the Internet, that they make sure Windows or their 3rd party firewall blocks incoming connections.

To change the password is quite easy. Simply change it on your machine to the password you would like (no more than 8 characters as TightVNC truncates it to 8) and then take the hex directly from the key in the registry.


and copy it into the relevant part of the script.

Re: Changing the default VNC icon, and Windows Vista script to allow Windows Defender exception and startup service?? Where would I go to change the default icon for tightvnc? I have tools to create my own icons, however I have not been able to find the icon files for tight vnc Also - I recently tried to provide support for a Windows Vista customer, and went through hell and back trying to get this to work. The only way I could get it to work on the client computer was to allow for exceptions in Windows Defender and create a short-cut (in addition to the default support icon), to START the VNC Server (once already in windows), and then the user would have to click on the support short-cut to launch the session. Do you have any scripts already developed to create exception rules for Vista and Windows Defender. Please email me back with an answer. Thanks, Robert CAT Computers

Regarding the VNC icon. You can't without recompiling the code in TightVNC. Otherwise use UltraVNC instead. Vista - We haven't developed anything for the OS yet - we support businesses and we recommend to our customers to buy and use XP still for maximum compatibility and lower support costs. However if you develop the scripts yourself, please feel free to share them.

Good tutorial, but there is a smarter way : Franco

Interesting site, I will have a look. Five things strike me immediately though (in order of decreasing importance to us). i) We can't package all the other useful utilities with it. ii) The "NO COMMERCIAL USE" clause in the ToS seems a bit murky to me. (IANAL) iii) No file transfer (shame as it's built into the TightVNC binary) iv) Crossloop is proprietary. v) No Linux version as yet. So, it's interesting and definitely worth a look. I'll hold judgment though on whether it's a "smarter way" for our purposes.

To change the icon, you have to change the icon in the winvnc.exe file. You can do this with Resource Hacker (Google "Resource Hacker"). Piece of cake.

I just created a little application (ConnectVNC) that will prevent us to register the WinVNC as a service and still be able to make a one-click connection... Place the program in the same directory as WinVNC.exe or it won't work. The program will detect if an instance of WinVNC is already running if not it will start it (WinVNC -run) and then it will execute WinVNC with the exact same parameters you used to launch ConnectVNC. I though it would be cool to close the WinVNC when the connection is over, but I don't have time to program a TCP monitor, so the server will remain active after the connection is lost. Dont forget to change the program that your icon launch in Inno Setup... You can get the program for free from If you want to donate run the program without parameters to see how to use it and you'll have my PayPal address to donate!

(Logmeinfree) or (Hamachi + Windows Remote Desktop) would work too..?

Thanks for this package, great tool to help. One question though, is it possible to create a desktop icon that has an option to either go to myself or my brother rather than just the one connection? Any help would be appreciated. Thanks Andrew

Very easily! If you and your brother are at the same location (behind the same router), you would do it like this (changing the name part to something sensible for you):-

;***********THIS IS THE PART YOU MUST EDIT BELOW **********
Connect to Me
Name: "{group}\Get help from me"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect"; WorkingDir: "{app}";
Connect to Brother
Name: "{group}\Get help from brother"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect"; WorkingDir: "{app}";

;"Connect to" on Desktop if desktop icon checkbox selected
Name: "{commondesktop}\Get help from me"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect"; Tasks: desktopicon
Connect to Brother on Desktop if desktop icon checkbox selected
Name: "{commondesktop}\Get help from brother"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect"; WorkingDir: "{app}";
;***********THIS IS THE PART YOU MUST EDIT ABOVE ************

Then create another port forward for port 5501 to your brothers PC on your router.
Lastly get his VNCviewer to listen on that port. Either by right clicking on it, going to "default connect options" > Globals Tab and change "Listening mode" "accept reverse VNC connections on TCP port" can change this to 5501.

(You can repeat this, incrementing the number after the parameter and changing the port forward and VNCviewer in each instance.)

If you are in different locations then you simply put in his (dynamic) DNS in there instead and ignore the different ports

Is there any way during the client installation to have the "service" option without the tick as default so it is not ticked by default at installation. Thanks Steve

I believe all you need to do is add ; Flags: unchecked to the end of line 26, so it reads Name: "installservice"; Description: "&One-click remote support (Run WinVNC as a service)"; GroupDescription: "Other tasks:"; Flags: unchecked The InnoSetup documentation is comprehensive though, I recommend that if you want to modify the script to check it out.

Very often it is only necessary to access the PC once. Would it be possible to create an executable without having to install it?

As fully explained above, that is what the UltraVNC Single Click program was made for.

I have been using this program for over a year and it has performed flawlessly. I unquestionably recommend this program to others. The instructions are simplified and the outcome is very rewarding. This has proven to be a time saver. Thank you again.

Thank you for your comment. I'm in the process of creating a new version in the next month, so keep an eye out for it on our blog.

Hello! I am a software developer who needs to occasionally connect to a customer's computer. I'm wading my way through the confusing array of remote support options such as crossloop, bomgar, copilot, as well as the inexpensive solutions such as are documented here. Someone mentioned in a post on this page, for example, Hamachi, and when I go to have a look at that, it's more than all the others put together! It occurs to me that someone is wrapping the free stuff and making a killing! I have a low budget, and cannot afford these. Here's why I'm posting here: What I need (and am willing to pay for) is someone who can help me get set up so I can as painlessly as possible support my customers using the solution provided on this page. Here's my typical situation for supporting a customer: I am usually in phone contact with them when I become aware of an issue, so I can help them get things set up the first time. Then I assume, from reading the comments on this web page, that future connections to their computer will be easy to establish. As mentioned, I am willing to paypal someone any reasonable amount to get me up and running smoothly. Tell me how much it is, and if the price is reasonable, we'll go through it together, and at the end I'll email the payment. What I'd like is some nice patient person who has done this a few times, so they can make it easy for me, because I'm a bit slow on the uptake. (Otherwise, I could just struggle through all the instructions myself, couldn't I? You know, things like using Inno Setup, I think I've used it in the past but... it's not explained here why I need that. Or where is the \source folder? Maybe I didn't read the page very carefully.)

Oh! I didn't put any contact information in my post above asking for help (likely the post above). My email is and my name is Bob Macleod. Or you can phone me toll-free at 1-877-434-2537 between 8:30am and 4:30pm Pacific Daylight Time. Thank you.

Hi, Is there a way of displaying a message on the clients machine that states they are connected to a remote session - I guess like a popup that remains on the screen during an active session. Thanks

Is there a tutorial on how to make a package for linux?

I've been using a nice free cross-platform VNC based tool for remote support:
Works fine for NAT2NAT connection, you just need to forward port 5500 on the router of the side that's is giving support.

This rocks! Followed the guide to a "T" and it works great! Thanks for this post.

This is great, I just can't figure out how to configure the reverse connection. Would really appreciate some help with the setting in the program. Thanks Julie

You'll need to provide a little more information that that.

* Describe the symptoms of your problem carefully and clearly.
* Describe the environment in which it occurs
* Describe the research you did to try and understand the problem before you asked the question.
* Describe the diagnostic steps you took to try and pin down the problem yourself before you asked the question.
* If at all possible, provide a way to reproduce the problem in a controlled environment.

From How To Ask Questions The Smart Way