Remote Control applications
- Installing and running the server (ie. the part that sits on the customer's
host) must be a no-brainer, ideally a pan-Windows single, small EXE, or
better yet, a DLL or OCX so can be called from the app to support, and localized
interface (mercy on non-English speaking customers)
- Good performance even over modem connections
- Can connect out, so as to bypass firewalls (Watch out for firewalls that won't let the app run and connect out,
and anti-virus that may quarantine it)
- If a firewall is silently blocking outgoing or incoming connections,
the remote control application should be able to tell that this is the cause
of the problem (eg. the remote control app should have a firewall tester
like STUN to be able to
tell if a firewall is standing in the way somewhere)
- TX/RX of files
- TX/RX of the clipboard contents to avoid sending/receiving information
through a temporary file over an FTP server
- Reflector, ie. a meeting point so that you don't have to set up port
forwarding on your router and let the client connect to a host inside the
- Open-source or moderately priced
TeamViewer is free for non-commercial
use. The customer downloads the QuickSupport server which displays an ID and
password, and the support person downloads the TeamViewer client before typing
the ID and password provided by the customer. Both applications connect out
through TCP80 to TeamViewer's servers, which act as a repeater between the two
Note: Ports 80 and 5938 are used by default for TeamViewer's DirectIn -feature,
which enables faster connection openings by trying to configure a NAT route
automatically by using UPnP. You can disable the DirectIn performance optimizations
from TeamViewer's options menu in Extras -> Options -> Advanced ->
Show advanced options and by unchecking the "Enable DirectIn Performance
One of the open source derivatives from the venerable VNC, and available
here. What makes VNC stand out
from other remote control softwares, is that, in case a NAT router stands in
front of the server, you can have the server connect out to the client; Typically,
other remote control softwares require opening a TCP port on the server's router,
which just isn't possible most of the time. If you need help, a forum
As of June 2007, here's the gist of what UltraVNC is and can do for you:
The server, winvnc.exe, can either be run as is with no other file required,
be installed using an installer, or be ran with some of its files through the
SingleClick option. For help desk support, SingleClick is the recommended solution,
as the user simply downloads and runs an EXE that will connect out to support's
viewer, ie. there's no need to run an installer and specify the viewer's IP
The server listens on either TCP5900 (standard mode), or TCP5800 (embedded
Java web server, so the viewer can connect to out with a regular web browser)
The viewer, vncviewer.exe can either connect out to the server listening
on TCP5900, or be launched in listening mode so that it waits for an incoming
connection from the server on TCP5500. Once the two hosts are connected, the
viewer can drive the server
When used on a LAN, you can get higher performance by installing a video
driver (a.k.a. "video hook driver", or "mirror driver")
on the server. It is available for W2K and XP; For 9x hosts, you'll install
hookdll and ddi. Is performance also higher when used over
a WAN connection?
As explained, there are different ways to the server and viewer to be connected,
depending on whether the server waits for incoming viewer connections, and whether
there's a NAT router standing in front of the server (and the viewer):
- The easiest solution is to launch the viewer in listening mode (vncviewer
-listen) so that it waits for incoming server connections on TCP5500. Unless
the router supports UPnP, packets sent to the router on TCP5500 must be
forwarded to the viewer.
To connect out using the plain-vanilla server, use the following parameter when launching the server: -connect
host[::port]. You can add the " -autoreconnect" switch in case
of bad connections (Note: -autoreconnect must come before the -connect
A more user-friendly solution is using Single Click,
which doesn't require typing the viewer's IP or hostname
- Forwarding TCP5900 to the server on the server's router so that the
viewer can connect to the server in normal mode
- Repeater: Used when you need to view multiple servers on a remote LAN behind a firewall:
One host there is running the repeater to which the viewer connects, and through
which it can connect to other servers on the LAN. More
There are two modes available with the UltraVNC repeater: mode I (Server
and Viewer both in normal mode) and mode II (both server and viewer initiate
an outgoing connection; Repeater has to run on a machine that can be accessed
from server and viewer PC.)
- Nat-to-Nat connector:
"The NAT to NAT connector allows for connections between UltraVNC viewer
and server behind NAT different routers without any router modification.
The connection is established with a helper service (NH, i.e. NAT helper)
located in the Internet. The helper service only aids during initiation of the
connection, the actual VNC connection goes directly from NSC to NVC (NAT Server
Connector and NAT Viewer Connector)."
- PCHelpWare :
A service similar to FogCreek's CoPilot,
but free; Uses a repeater on UltraVNC's server to which the server and viewer
connect so that no change needs to be made of either router. Step
by Step for Pchelpware
- UltraVnc screenrecorder
: requires and is included with the mirror driver; requires any codec that
Building and Using the SingleClick server
Note: SC doesn't work well with Vista. Use PcHelpware instead (see below)
Here's how to build a basic, no-thrill SingleClick
server that will connect out to your viewer with no effort by the user other
than downloading and running the SC EXE:
- Launch your favorite text editor, and copy/paste the following text
(comments start with --; Unused sections must be present and left empty)
Support Person #1
-connect 192.168.0.1:5500 -noregistry
Support Person #2
-- support #2
-- Important : leave an empty line after
each unused section
- Save this file as helpdesk.txt, and zip it as a unique file name (important!
Otherwise, it might be replaced with someone else's file on the UVNC server
in the next step)
- Aim your browser to UltraVNC's Online
Creator, upload your zip file...
- ... and download the compiled EXE that you'll provide to customers.
Note: This EXE is actually a self-decompressing ZIP file (just change the
extension from EXE to ZIP) that contains vnchooks.dll, msrc4plugin.dsm,
winvnc.exe, icon1.ico, and your helpdesk.txt
More information on building a custom SC:
Building and Using the PcHelpware server
June 2009: UVNC Server 188.8.131.52 is supposed to work OK on Vista, and could
be used when building a SingleClick server.
PcHelpware is a rewrite of
the UltraVNC server to replace the SingleClick server. Its protocol is incompatible
with UltraVNC, so provides its own server and viewer. A step-by-step document
is available here.
Here's a breakdown of what the PCHW zip file contains:
- Connections: This folder is used the save Viewer profiles
- Create_server: This folder contain the needed files to generate the
customized server exe
- PcHelpWare_viewer.exe: an integrated all-in-one "server-creator"
- Drivers: If you wish to speedup your connections, you can install special
Mirror Drivers under Windows 2000, XP and Vista.
- My Servers: In this folder you find the generated servers. The servers
are saved in a sub folder with the same name as the viewer profile eg: creating
a server called "Test" creates a sub-folder called "Test"
and inside that sub-folder
- Repeater: This folder contains the Repeater. An instance is most time
running on the uvnc.com server
- Server_res: Contain the background and icon of the server exe. Can be
- cache: Where a background cache is saved to disk, for reuse with the
As of Feb 2009, a PCHW server can show a login/password screen (that the
user can fill out, or can has its fields greyed out), or connect out silently
to a viewer.
Here's how to build a server that shows the login/password fields greyed
- Launch PcHelpWare_viewer.exe
- Fill the login/password settings, and port (5500)
- Click on Save, followed by Create Server
- When prompted, click either on Yes (to prompt the user for the password),
or No (to have this field greyed out)
- The output server can be found under "myservers\" in a sub-directory
named after the login that you chose above
Here's how to build a server that tries to connect out directly, without
showing the login/password screen:
- Launch PcHelpWare_viewer.exe, and create the EXE per the instructions
- Go to the sub-directory "create_server\custom"
- Edit its helpdesk.txt to add the "-direct" option
- Go up one level to the parent sub-directory "create_server",
and launch Create.bat to create a new EXE
- The output PcHelpWare_server.exe with the -direct switch can be
found in \myservers
Confusingly, PcHelpWare_viewer.exe is used both to create a server, and to
run as the viewer to wait for incoming connections from the server.
To run this application as viewer, select a server configuration in the list
on the right (eg. test.phw), and click on Start.
A couple of tricks to increase performance under Vista:
- Install the optional Mirror Driver available in \drivers\
- Disable Aero
- In the viewer, click on LOW on the bottom-left (It will be black and
white and helps a lot.However, you can't reduce the colors down to 4 bits
like in SingleClick)
It's pretty slow even on a 100Mbps LAN. What about WAN performance?
Let the server with default settings ("System HookDLL" checked,
and "Video hook driver" unchecked).
Can I launch VNCVIEWER.EXE in /listen mode at boot time?
... besides creating a batch file and include it in either the Registry's
Run section, or the user's Start folder?
What are SingleClick II and III?
"UltraVnc SCII is the version that can be found with the online creator.
SC III is a Single click version that make use of the repeater in mode (III).
SCIII require a repeater(SSL), a special viewer(SSL) or a Java(SSL) viewer."
How to build my own server install?
Either run the standard server installer
mode, or build my own installer; Must run "setupdrv.exe install"
to install mirror driver
Does the video driver...
- require admin rights?
- solve the occasional freeze issue?
- improve performance over WAN connections? Does it require being logged
on as admin?
Why not use UDP and STUN?
Generally speaking, why have the client connect to the server, instead of
the server connecting out, and why use TCP instead of UDP?
Why does the viewer listen on both TCP 5500 and TCP 5400?
TCP 5400 is legacy code. More information here.
When launching the server in outoing mode, "No existing instance of
WinVNC could be contacted"?
Server and viewer on same host
When distributing the server myself, what files do I need besides winvnc.exe,
- WinVNC.exe :
- zip32.dll :
These 2 dlls are used by vncviewer.exe and
- unzip32.dll :
WinVNC to perform Directory Transfers
- VNCHooks.dll : tells
vnc about screen changes; Without it, must poll the whole screen; Not needed
in XP/W2K if using the video hook driver
- Vncddihk.dll : Win9x
video hook driver dll
- 16bithlp.exe : Win9x
video hook driver exe
Depending on the language you've chosen, you can get one off several
How to launch the server and connect to a remote listening client automatically?
Here's how to avoid having a customer launch the WinVNC server on his side,
and then select "Add new client" to connect out to your VNC client
running in listen mode (put this in a batch file):
- winvnc -run
- rem VNC client running on host 10.0.0.1, and listening on the non standard
port TCP 5503
- winvnc -connect 10.0.0.1::5503
What is the difference between the repeater and the VNC Reflector?
You run vnc_repeater.exe on a host that is already running the VNC server, and from there,
you can drive other servers.
- Since VNC is no longer being developed ("RealVNC is a new venture
founded and staffed by the original AT&T team who created VNC"),
the project has been picked up by a new team and is available here.
- Note that recent versions of xVNC come with an embedded web server, allowing
you to connect to the server through http://192.168.0.1:5800
- As of March 2004, seems to offer better performance than TightVNC or
- Only requires one ":" between hostname and port number, eg.
- Victor Hall says: "This is useful as a free tool to hop around
internally on a network. It is not firewall agnostic, but it works
great in conjunction with Gotomypc. We can Gotomypc into a server
on the network, then VNC to other servers or workstations inside that network.
Requires software be installed on both the client and server, so it
isn’t a good solution for computers that your organization does not directly
manage, nor is it a good solution for remote support of large numbers of
end-user PCs. I’ve used this tool successfully for both personal and
business use. Great for controlling “headless” servers or even as
a partial/weak alternative to KVM switches."
http://www.tightvnc.com/ . Open-source
derivative from VNC; Offers better performance (although I haven't used it over
a 33.6Kbps connection yet); Supports hosts located behind a firewall thanks
to the viewer's ability to run in listening mode (ie. the customer launches
an outgoing connection to your computer so you can drive it.)
You have to turn off the "tight" protocol in your client or
it will actually be slower (trying to compress what's already compressed).
Installing the managed host
We will install the server part, ie. the one that needs to be installed on
the customer's host. If the host is hidden behind a firewall and uses a private
IP address, thus making the host unaccessible directly, we will also add a client
connection, ie. tell VNC to launch an outgoing connection to your host so you
can drive the customer's host:
- Download and run the TightVNC server (actually
the EXE and DLL that I got from Joel's
site, and combined into a single EXE thanks to PEBundle)
- Right-click on the VNC icon in the taskbar, and select Add Client
- Input the hostname or IP address of the remote computer that will drive
Installing the driver host
- Download the VNC viewer (ie. client) from here,
open a DOS box, and run it in listening mode with "vncviewer.exe /install".
You can view the available switches using "vncviewer.exe /?"
- Wait for the customer to connect to the viewer, and work their computer
once it's connected to you
A little-known feature is that VNC comes with a web server, which, once launched,
gives you access to the user's host through a web browser, eg. http://192.168.0.0:5800,
where 192.168.0.0 is the drivee's address.
If the drivee is located behind a firewall, VNC supports so-called listening
mode, ie. the drivee host will connect to the driver host instead of the other
- So far, the best I found
- The Gateway component needs to be installed on a PC allocated with a
static IP and accessible to both Control & Client PCs. The Gateway connectivity
is provided using HTTP and requires that the Control & Client workstations
be configured to use new HTTP transport. By default the NetSupport Gateway
will listen for Controls and Clients on the NetSupport registered Port 3085
- Video driver not compatible with LCD screen, but OK after rebooting
Windows Terminal Services client/RDP
Doesn't seem to allow the server to connect out, so customers must open their
firewall and forward connections to the server you wish to manage.
- "Remote Admin is fast. [...] we've just used PC Anywhere in
the past and we use RemoteAdmin now."
- "I use Remote Admin too. It's very fast, and very versatile."
- "I have to add a third on remote admin. We use it a fair
bit on our pre 2k machines, and it works like a charm. You can also
set it up to use Windows Authentication to decide who can access what, and
can also run it though whichever port you wish. It's shareware if I remember,
and full licensing is dirt cheap."
- "Another vote for Remote Admin. It's cheap, fast, and you can
easily make shortcuts to remote control items (which is a pain in Pcanywhere
with the later versions requiring the remote control items in fixed folders).
Everything in a remote control session has a keyboard shortcut (CTRL-F12
is from heaven), and did I mention it's cheap? There have been increased
port scans for RA's default port (much like port scans for PCAnywhere's
default port for years), so we change the default port on our network."
- I'd recommend nTeras' RapidAssist. It solved our problems with
reaching clients behind firewalls and proxies. It runs from their server
or we can install it on our server and then runs through a browser.
- Single User License $89.95
Buy Now Registration Only Buy
Now with CD (+$10.00)
- 3 User License $259.00 Buy Now Registration Only Buy
Now with CD (+$10.00)
- Good performance?
- Small client for easy deployment only available for 9x
- Couldn't figure out how to connect
- You might look into PC-Duo by NetSupport (http://www.pcduo.com). I have
used it for over a year and it really works well.
- Localized versions available
- Can't order online outside N.A.
Vector Networks Remote Control
- The Netop Deployment Utility (NDU) doesn't run on 9x (how do you deploy
NetOp Remote on those hosts, then?)
- Too many features for easy deployment and use
- Screen too small (black borders)
Windows XP Pro
Ships with a built-in remote control package: Remote Desktop and Remote Assistance,
but can only be used to drive XP and W2K Server hosts.
By Marty: "I'd separate the firewall issue from the remote control
issue by having the customer's machine instantiate an ssh connection to a server
at Fog Creek, with a remote port forward.
The remote port forward essentially works like this: Connect from
machine A to machine B using TCP, listen for TCP connections on machine B port
X, and forward all those connections through the secure tunnel to machine A
You could then use VNC or a variety of other TCP-based remote control
tools through this tunnel. The server at Fog Creek just needs to run an
ssh daemon, which is quite easy to set up.
An example command line for ssh would be "ssh -R 1234:127.0.0.1:5900
installhelp.fogcreek.com". This forwards connections to port 1234
on installhelp.fogcreek.com to port 5900 (vnc default) on the customer's machine.
Installhelp.fogcreek.com can be configured to only accept connections
on port 22 (ssh) from the outside, so only Fog Creek employees could connect
to port 1234 and ultimately the customer's computer.
If you want to experiment with the tunnelling, I suggest you try putty
and plink, both available at
Web-based remote control application
Back Orifice 2000
- based on the Back Orifice thingie
- Does "Network redirection of TCP/IP connections" mean that
the drivee can initiate the connection?
- Requires registering the server host, and log onto to a web server operated
by ExpertCity to drive a remote server
- A user says: "I would add a vote for GoToMyPC. I've been using it
for six months and have never had a problem. It's firewall-friendly (outbound
connections only, for both server & client), secure, fast enough. I
don't recall how much you have to go through to set it up on the server machine,
but I believe it's pretty quick. There is no client setup whatsoever,
although that doesn't really matter to you."
- Victor Hall from USA says: "Gotomypc installs a service on the
PC with which you wish to connect. That PC is now accessible from
any web browser on the internet. This is a great solution for businesses
providing turn-key solutions where access to an on-site server is required
or helpful. With our database software we must have an on-site, network
internal database server for client PCs to connect to run our software.
We can maintain our database exclusively with Gotomypc and provide
support without on-site visits. We have well over 600 servers across
the US running this software and have been using for over 2 years. It
is consistent, easy to use, and secure. It is bandwidth adaptive and
will work over dialup, but I would highly recommend minimum 256kbit internet
connection on both sides for responsiveness. Expertcity was recently
purchased by Citrix Online. Service has remained consistent. Has
two way file transfer, linear window resizing, “launch task manager” feature,
“send CTRL-ALT-DEL” feature, among others. Licensing starts at $19.95/month
per server, no cost for connection clients although only one client may
connect to a server at one time. I also use this for personal use
on my own home computer so I may access files or use my PC while at a friend’s
house, at work, on vacation, etc."
Citrix Online's GoToAssist
- Formerly ExpertCity’s Desktop Streaming
- Update 12 jan 2012: "GoToAssist is $119/month (compared to LogMeIn's
$129), and GoToManage Remote Support starts at $69/month"
The support version of GotoMyPC.
For call centers
No one seems to have mentioned ExpertCity's DesktopStreaming.
It is comparable to a few of the other solutions mentioned: The
client downloads an executable, it connects back to the support person, and
you can chat and / or screen share with them. I have used it; it works well
There is a product which does this, ExpertCity GoToAssist, formerly called "Desktop Streaming". Zero-install solution. The client downloads a small stand-alone program that connects to a reflector, then the vendor takes control. It works perfectly through a firewall and performance is good. But I suspect it's very expensive: CDW shows what I believe to be the same product, for more than $4000/seat. (!) I believe you can also rent it for a more modest monthly fee. It is charged based on the number of simultaneous streams
Here's a vote for desktopstreaming.com. It's the support version
of ExpertCity's gotomypc.com. DesktopStreaming certainly worked for us.
I used it for support at gateway.com and eventually brought it into our
software company for remote support. It's not inexpensive, and the licensing
structure was pretty inconvenient last time we checked, but then again...
Victor Hall says: "This is a web-based solution that allows our
support representatives to remotely view and control end-user’s desktops.
If our support representatives need to connect to any Windows based
PC, they can walk the client through visiting our webpage and selecting
a support representative. The software pops up a security warning
then runs live on the PC without having any previously installed client
software. This is great for end user or call-center support without
having to preinstall software or buy a seat per PC. It is largely
firewall agnostic. Remote view window can be resized linearly (i.e.
can view a remote 1280x1024 desktop on a 1024x768 screen without scrolling).
Licensing is per support representative seat and EXTREMELY expensive.
A single seat exceeds a part-time salary! For my organization
the ROI is still in the black, but we are currently investigating more cost
effective alternatives, such as Netopia eCare. Great software, user friendly
on both sides, effective, but very cost prohibitive."
A user says: "I have used WebEx from the customer end, and I really
was impressed. We have a firewall and there was no problem getting connected.
Especially important to me is that I was in control of the process; the
connection was initiated and broken from MY end."
Joel answers: "I actually tried Webex and literally could not get
the client to set up on my machine. Combined with the per-minute billing, I
gave up on this idea, but I know many other people are using it happily."
"Just wanted to offer another vote for WebEx. It's expensive, but
very, very good"
- A user says: "Timbuktu is more difficult to use than PCAnywhere,
but I think has better security features."
- Twin pack for Windows $159.95
- Must fill form prior to downloading evaluation
- I also test-drove Netopia Ecare http://www.netopia.com/en-us/ebusiness/products/ecare.html
which is hands-down the best commercial product. It starts at about $180/month
and gets through every imaginable form of firewall. Very very slick, very
easy to use and figure out, etc. When we get bigger we may switch to this.
- Couldn't figure out how to download a trial version
- My personal favorite. Very fast file transfers.
Screen scaling to adjust for different screen resolutions. Quite
easy to use
- PCAnywhere - slow slow slow
- Even though PCAnywhere is a hassle when installing, it works effeciently
- Renamed Control It by Computer Associates (here),
or Unicenter® Remote Control
- Couldn't get either price or trialware
- Doesn't support server connecting out
- Personal Edition $89.00 . One license is required for each host machine
on which RemotelyAnywhere is installed
- You actually drive the host through its Java-capable web server.Yuck.
Remote Task Manager
- Remote Task Manager (RTM) is a systems control interface that can be
run from any remote Windows NT/2000/XP and Windows Server 2003 computer
- Is this really remote control, or just a utility to manage settings
remotely (eg. list of processes, etc.)?
- Looks like a FogCreek-like solution that relies on going through a web
server on the Net
Funk Software Remote Control
- Proxy Remote Control Gateway
- SDK Solutions for the Call Center
- The Proxy "Master" runs on your PC and lets you view and operate
other PCs. The Proxy "Host" runs on the PCs you want to view and
- Proxy v4.11 runs on Windows Server 2003/XP/2000/NT 4.0/98/Me, and requires
Internet Explorer v4.0 or later to run. Proxy Master v4.10 can view
and operate Proxy Host v3.x
- When driving a W2K host from a 98 master, video not quite right ("full
screen" wasn't, funny bits)
Currently we implement this in VB6 with an IE Web control that hosts the
VNC Java viewer. However, in order to use the "session recording"
feature of the java viewer, we would have to sign the java applet because it
needs access to the local file system. http://discuss.fogcreek.com/joelonsoftware/default.asp?cmd=show&ixPost=70160