Like a lot of people, a lot of my friends are computer-savvy - either they are in the field or have grown up with them and like using them. With that comes the expected responsibility, usually family or sometimes friends will say "My computers broken, come and fix it for me"
Assuming you are going to help them (one friend came up with the solution of telling people they need a new PC every single time or taking their PC home with them and never bothering to return it) carting yourself to your parents/family/friends every time they have an issue or question is not always convenient, so remote assistance (of course!) is the answer.
Now, there is a remote assistance built into XP. However, unless both sides are set up with uPnP routers, Windows XP, MSN messenger (and some luck) it can be troublesome.
With this in mind, we created a package at runPCrun using the popular and open source TightVNC. We've used it successfully for many years at runPCrun using reverse connections to get around the problem of NAT traversal and it's always worked very well.
I'm releasing a cut down version of the Inno Setup source we use to package it, along with simple instructions for you to follow to create your own support package.
It's a simple piece of scripting but it can be deployed quite effectively. Now I am aware there are things like UltraVNC Single Click (here is a good Lifehacker article on the subject), and it definitely has it's place and we use it ourselves. However two main limitations apply
This package is created just once, which will create a setup program for people to be able to install and connect to you. This setup package can be sent via email (or linked via a website download) to anyone that needs your help.
Because it uses reverse connections, it will work through almost all NAT devices and firewalls, and is not dependent on Windows XP, MSN Messenger or anything else on their PC for it to work. It will work on Windows 98/98SE/Me/2000 as well as XP on both sides. (Even Linux/WINE) .
Of course any personal firewalls that ask for applications to be "allowed" out from the PC will need to be unblocked for this to work (as with any other application) These usually signal you at the time of install so shouldn't be any more of a problem than usual. Any hardware firewalls with "Deny" rules can affect it also but these are unlikely in a home environment.
Interested? Then lets build the package.
If you do not have a static IP address from your ISP then I recommend using a Dynamic DNS Provider. Dynamic DNS providers such as No-IP and DynDNS have worked very well for me in the past.
Some commercial routers support dynamic DNS from various providers out of the box also, so you don't have to run any programs or services on your PC. I know Netgear do this and some Linksys routers.
Once you have a DNS lookup for your routers IP, open port 5500 on your router and forward it to your PC. This is usually very simple but it is individual to each router so there are no step-by-step instructions here.
You should be able to leave it forwarding permanently without any problems, as no other services other than reverse VNC use it as far as I am aware.
You don't have to use TightVNC, UltraVNC works just as well with no changes. I am sure other flavours of VNC such as RealVNC should work also if this is your preference, the changes necessary should be minimal at best, however this is outside the scope of this article so I'll leave that for you to figure out.
In the file there is a section stating
;***********THIS IS THE PART YOU MUST EDIT BELOW **********
Connect to Me
Name: "{group}\Get help"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect mypc.dns.com"; WorkingDir: "{app}";
;"Connect to" on Desktop if desktop icon checkbox selected
Name: "{commondesktop}\Get help"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect mypc.dns.com"; Tasks: desktopicon
;***********THIS IS THE PART YOU MUST EDIT ABOVE ************
You must edit the mypc.dns.com part to match the DNS of your broadband line or your IP if it is static and have no DNS assigned.
Under [Setup] at the start of the file there is variables like AppName, AppVerName, DefaultDirName etc. If you want you can customise the name of the setup and the resulting directory it is installed too
Once your editing is complete, press Build > Compile in InnoSetup and your resulting setup.exe will be sat in the Output folder. Here is the example compilation.
Now the next time your father/sister/uncle/girlfriend/grandmother needs your help,
No more mess, no fuss, no bother!
WARNING: This tutorial has used VNC without ANY encryption configured. It is possible that a "man in the middle" attack could be performed "sniffing" what you are doing and reconstructing any keypresses or details that you deal with whilst in the remote session. This tool is designed for troubleshooting purposes only. DO NOT log into secure networks such as banking websites etc whilst using this support tool! You have been warned!
Some useful extras in the "Diagnostics" sub-menu.
There are other pieces of software worth plugging into the package. To have them there to be ready and waiting when disaster strikes is most useful. I've presented these two components as I deem them the most important, although there are many more that are worthy of inclusion.
The first is a replacement web browser, Off By One Web Browser is perfect at 1.2Mb (~450kb compressed in our installer) in case the existing browser fails to function, especially in cases of malware/fraudware. A replacement browser waiting to download a fix is useful (I try not to assume that everyone has Mozilla Firefox / Opera or Chrome installed). Win32 wget could suffice, but not really as friendly.
;Name: "{group}\Diagnostics\OB1 Browser"; Filename: "{app}\diagnosis\ob1.exe";
to
Name: "{group}\Diagnostics\OB1 Browser"; Filename: "{app}\diagnosis\ob1.exe";
Secondly, HiJackThis - as well as being a general hijackers detector and remover, I find it is a quick way of seeing all the programs that run at startup, and be able to prune them as necessary.
;Name: "{group}\Diagnostics\HijackThis"; Filename: "{app}\diagnosis\HijackThis.exe";
to
Name: "{group}\Diagnostics\HijackThis"; Filename: "{app}\diagnosis\HijackThis.exe";
Please note that since this article was written Trend Micros have bought HijackThis. Please refer to the current EULA if distributing commercially.
Of course if you want add more, you can add them to the diagnosis folder, and create the shortcuts in the Innosetup script similar to the ones already present.
Obviously there are also many,many more useful (and small) programs out there for PC repair and diagnosis that you can package up with this if you so wish. (See the 32Mb USB PC Repair Kit for a whole bunch) My aim here was to keep the package as small as possible and just show how easy it is to create this tool.
Just remove as normal using the Control Panel > Add / Remove Files window.
So that's it. If anyone decides to add more tools, improve and make this remote support package much better then I would love to see the results, just comment here or send them in to support@runpcrun.com
| Attachment | Size |
|---|---|
| mysupportwithfiles.zip | 446.58 KB |
| mysupport.zip | 11.07 KB |
| setupexample.exe | 638.95 KB |
Thank you for the tutorial on the TightVnc support tool.
I do however have one question - regarding the default password created in tight vnc.
I noticed that when compiling the support tool there is a section for the password, which is
listed in HEX. How can this be changed, and what is the default password? I have tried
initiating an outbound connection and it does require a password.
Please email me back at tech at fixthecomputer dot net
Thanks,
Robert
We use this behind NAT's, or if they are that 1% of the population directly connected to the Internet, that they make sure Windows or their 3rd party firewall blocks incoming connections.
To change the password is quite easy. Simply change it on your machine to the password you would like (no more than 8 characters as TightVNC truncates it to 8) and then take the hex directly from the key in the registry.
and copy it into the relevant part of the script.
Re: Changing the default VNC icon, and Windows Vista script to allow Windows Defender exception and startup service??
Where would I go to change the default icon for tightvnc? I have tools to create my own icons, however I have not been able to find the icon files for tight vnc
Also - I recently tried to provide support for a Windows Vista customer, and went through hell and back trying to get this to work. The only way I could get it to work on the client computer was to allow for exceptions in Windows Defender and create a short-cut (in addition to the default support icon), to START the VNC Server (once already in windows), and then the user would have to click on the support short-cut to launch the session. Do you have any scripts already developed to create exception rules for Vista and Windows Defender. Please email me back with an answer.
Thanks,
Robert
CAT Computers
Regarding the VNC icon. You can't without recompiling the code in TightVNC. Otherwise use UltraVNC instead.
Vista - We haven't developed anything for the OS yet - we support businesses and we recommend to our customers to buy and use XP still for maximum compatibility and lower support costs.
However if you develop the scripts yourself, please feel free to share them.
Good tutorial, but there is a smarter way : www.crossloop.com
Franco
Interesting site, I will have a look. Five things strike me immediately though (in order of decreasing importance to us).
i) We can't package all the other useful utilities with it.
ii) The "NO COMMERCIAL USE" clause in the ToS seems a bit murky to me. (IANAL)
iii) No file transfer (shame as it's built into the TightVNC binary)
iv) Crossloop is proprietary.
v) No Linux version as yet.
So, it's interesting and definitely worth a look. I'll hold judgment though on whether it's a "smarter way" for our purposes.
To change the icon, you have to change the icon in the winvnc.exe file. You can do this with Resource Hacker (Google "Resource Hacker"). Piece of cake.
I just created a little application (ConnectVNC) that will prevent us to register the WinVNC as a service and still be able to make a one-click connection...
Place the program in the same directory as WinVNC.exe or it won't work.
The program will detect if an instance of WinVNC is already running if not it will start it (WinVNC -run) and then it will execute WinVNC with the exact same parameters you used to launch ConnectVNC.
I though it would be cool to close the WinVNC when the connection is over, but I don't have time to program a TCP monitor, so the server will remain active after the connection is lost.
Dont forget to change the program that your icon launch in Inno Setup...
You can get the program for free from http://www.mageminds.com/ConnectVNC.exe
If you want to donate run the program without parameters to see how to use it and you'll have my PayPal address to donate!
(Logmeinfree) or (Hamachi + Windows Remote Desktop) would work too..?
Thanks for this package, great tool to help.
One question though, is it possible to create a desktop icon that has an option to either go to myself or my brother rather than just the one connection?
Any help would be appreciated.
Thanks
Andrew
Very easily! If you and your brother are at the same location (behind the same router), you would do it like this (changing the name part to something sensible for you):-
;***********THIS IS THE PART YOU MUST EDIT BELOW **********
Connect to Me
Name: "{group}\Get help from me"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect mypc.dns.com"; WorkingDir: "{app}";
Connect to Brother
Name: "{group}\Get help from brother"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect mypc.dns.com:1"; WorkingDir: "{app}";
;"Connect to" on Desktop if desktop icon checkbox selected
Name: "{commondesktop}\Get help from me"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect mypc.dns.com"; Tasks: desktopicon
Connect to Brother on Desktop if desktop icon checkbox selected
Name: "{commondesktop}\Get help from brother"; Filename: "{app}\vnc\WinVNC.exe"; Parameters: "-connect mypc.dns.com:1"; WorkingDir: "{app}";
;***********THIS IS THE PART YOU MUST EDIT ABOVE ************
Then create another port forward for port 5501 to your brothers PC on your router.
Lastly get his VNCviewer to listen on that port. Either by right clicking on it, going to "default connect options" > Globals Tab and change "Listening mode" "accept reverse VNC connections on TCP port" can change this to 5501.
(You can repeat this, incrementing the number after the parameter and changing the port forward and VNCviewer in each instance.)
If you are in different locations then you simply put in his (dynamic) DNS in there instead and ignore the different ports
Is there any way during the client installation to have the "service" option without the tick as default so it is not ticked by default at installation.
Thanks
Steve
I believe all you need to do is add
; Flags: unchecked
to the end of line 26, so it reads
Name: "installservice"; Description: "&One-click remote support (Run WinVNC as a service)"; GroupDescription: "Other tasks:"; Flags: unchecked
The InnoSetup documentation is comprehensive though, I recommend that if you want to modify the script to check it out.
Very often it is only necessary to access the PC once. Would it be possible to create an executable without having to install it?
I have been using this program for over a year and it has performed flawlessly. I unquestionably recommend this program to others. The instructions are simplified and the outcome is very rewarding. This has proven to be a time saver. Thank you again.
Thank you for your comment. I'm in the process of creating a new version in the next month, so keep an eye out for it on our blog.
Hello!
I am a software developer who needs to occasionally connect to a customer's computer. I'm wading my way through the confusing array of remote support options such as crossloop, bomgar, copilot, as well as the inexpensive solutions such as are documented here. Someone mentioned in a post on this page, for example, Hamachi, and when I go to have a look at that, it's more than all the others put together! It occurs to me that someone is wrapping the free stuff and making a killing! I have a low budget, and cannot afford these.
Here's why I'm posting here: What I need (and am willing to pay for) is someone who can help me get set up so I can as painlessly as possible support my customers using the solution provided on this page. Here's my typical situation for supporting a customer: I am usually in phone contact with them when I become aware of an issue, so I can help them get things set up the first time. Then I assume, from reading the comments on this web page, that future connections to their computer will be easy to establish.
As mentioned, I am willing to paypal someone any reasonable amount to get me up and running smoothly. Tell me how much it is, and if the price is reasonable, we'll go through it together, and at the end I'll email the payment.
What I'd like is some nice patient person who has done this a few times, so they can make it easy for me, because I'm a bit slow on the uptake. (Otherwise, I could just struggle through all the instructions myself, couldn't I? You know, things like using Inno Setup, I think I've used it in the past but... it's not explained here why I need that. Or where is the \source folder? Maybe I didn't read the page very carefully.)
Oh! I didn't put any contact information in my post above asking for help (likely the post above). My email is bobishkindaguy@hotmail.com and my name is Bob Macleod. Or you can phone me toll-free at 1-877-434-2537 between 8:30am and 4:30pm Pacific Daylight Time. Thank you.
Hi, Is there a way of displaying a message on the clients machine that states they are connected to a remote session - I guess like a popup that remains on the screen during an active session.
Thanks
Is there a tutorial on how to make a package for linux?
Try searching for reverse vnc connections on linux
I've been using a nice free cross-platform VNC based tool for remote support: http://code.google.com/p/gitso/
Works fine for NAT2NAT connection, you just need to forward port 5500 on the router of the side that's is giving support.
This rocks! Followed the guide to a "T" and it works great!
Thanks for this post.
This is great, I just can't figure out how to configure the reverse connection.
Would really appreciate some help with the setting in the program.
Thanks
Julie
You'll need to provide a little more information that that.
* Describe the symptoms of your problem carefully and clearly.
* Describe the environment in which it occurs
* Describe the research you did to try and understand the problem before you asked the question.
* Describe the diagnostic steps you took to try and pin down the problem yourself before you asked the question.
* If at all possible, provide a way to reproduce the problem in a controlled environment.
From How To Ask Questions The Smart Way