RealVNC Server Parameter Reference

Follow

You can configure RealVNC Server by changing parameters either in the Options > Expert dialog box, at the command line, using policy or by customising the installer (Windows only).

Note that:

  • RealVNC Server parameters override equivalent RealVNC Viewer parameters unless otherwise stated.
  • Changes made to parameters in the Options > Expert dialog box take effect as soon as the Apply button is clicked, unless otherwise stated.

AcceptCutText

Platform Default value
All TRUE

Specify FALSE to prevent connected VNC Viewer users pasting text to the VNC Server computer.

See also: SendCutTextClipboardFT


AcceptKeyEvents

Platform Default value
All TRUE

Specify FALSE to prevent connected VNC Viewer users controlling the VNC Server computer using their keyboards.

Use in conjunction with AcceptPointerEvents to make connections view-only, and with AcceptCutTextSendCutTextShareFiles, and EnableChat to prevent all user interaction with the computer.


AcceptPointerEvents

Platform Default value
All TRUE

Specify FALSE to prevent connected VNC Viewer users controlling the VNC Server computer using their mice.

Use in conjunction with AcceptKeyEvents to make connections view-only, and with AcceptCutTextSendCutTextShareFiles, and EnableChat to prevent all user interaction with the computer.


AllowChangeDefaultPrinter

Platform Subscription Default value
All Enterprise, Professional TRUE

Specify FALSE to prevent the VNC Server computer’s default printer being changed to that of the first VNC Viewer computer that connects.

*This parameter is ignored unless EnableRemotePrinting is TRUE.


AllowCloudRelay

Platform Default value Since
All TRUE 6.4.0

Specify FALSE to prevent cloud connections to the VNC Server computer if they would be relayed via RealVNC’s cloud service.

All cloud connections are brokered by RealVNC’s cloud service. Where possible, the cloud service then negotiates peer-to-peer sessions between endpoints, so session data is transmitted directly between them; this is likely to be more performant. However, intermediate network hardware may mean this is not possible, so the cloud service automatically falls back to relaying session data; this ensures cloud connections succeed. Note that session data relayed via our cloud service is encrypted end-to-end, so cannot be deciphered by RealVNC, nor anyone else.

Setting this parameter to FALSE will cause an unquantifiable percentage of cloud connections to fail. However, it may be useful in the context of some regulatory compliance regimes, to guarantee that session data will never be transmitted via third party servers.

An equivalent VNC Viewer AllowCloudRelay parameter is available to prevent cloud connections from particular desktop computers.

See also: AllowCloudRfb


AllowCloudRfb

Platform Default value Since
All TRUE 6.0.0

*This parameter has no effect unless cloud connectivity has been enabled for the VNC Server computer.

Specify FALSE to prevent cloud connections to VNC Server. Existing cloud connections are not terminated.

See also: AllowIpListenRfbAllowCloudRelay


AllowDynamicResolution

Platform Default value Since
Linux TRUE 7.6.0

*This parameter applies to Virtual Mode only.

Allow VNC Viewer to change the resolution of the VNC Server.

When set to TRUE, the RealVNC Server's virtual desktop resolution will be changed to match the connected RealVNC Viewer application window size.


AllowIpListenRfb

Platform Subscription Default value
All Enterprise TRUE

*This parameter was called AllowTcpListenRfb until version 6.4.0.

Specify FALSE to prevent direct connections to VNC Server. Existing direct connections are not terminated.

See also: RfbPortIpListenAddressesIpListenProtocols AllowCloudRfb


AlwaysShared

Platform Default value
All FALSE

Specify TRUE or FALSE in conjunction with NeverSharedDisconnectClients, and the VNC Viewer Shared parameter to determine whether just one or multiple VNC Viewer users can connect to and control the VNC Server computer at the same time.

AlwaysShared NeverShared DisconnectClients Shared Concurrent connections allowed?
TRUE FALSE ignored ignored Yes.
FALSE TRUE TRUE ignored No. A new user will disconnect an existing user.
FALSE TRUE FALSE ignored No. A new user will not be able to connect.
FALSE FALSE ignored TRUE Yes.
FALSE FALSE TRUE FALSE No. A new user will disconnect an existing user.
FALSE FALSE FALSE FALSE No. A new user will not be able to connect.

AlwaysShowCursor

Platform Default value Since
Windows FALSE 6.11.0

Always show a mouse cursor, even when Windows doesn't provide one.


AudioEnable

Platform Default value Since
All <subscription-specific> 6.6.0

This enables capturing and sending audio to connected Viewers from audio-capable Servers.


Authentication

Platform Default value Since
All <subscription-specific> 5.3.0

*This parameter replaces SecurityTypes from version 5.3.0, in conjunction with Encryption.

If you have an Enterprise or Professional subscription, specify the authentication scheme to use for VNC Server.

*Do not edit this parameter if you have a Home subscription, or remote access will not be available.

Authentication scheme Parameter value How does a VNC Viewer user authenticate?
VNC password VncAuth password specific to VNC Server.
System authentication SystemAuth User account (system login) credentials.

Interactive system authentication

(Mac / Linux only)

InteractiveSystemAuth User account email, and then responses to one or more PAM modules.
Single sign-on

SingleSignOn

Note: when Single sign-on is selected using the Authentication dropdown in VNC Server's Options it sets a parameter value of SingleSignOn,SystemAuth to allow for fallback.

User account credentials, provided transparently.
Smartcard/certificate store Certificate An X.509 certificate, provided transparently.
System authentication + RADIUS authentication SystemAuth+Radius User account credentials, and then responses to a third party RADIUS server.
System authentication + Duo authentication SystemAuth+Duo User account credentials, and then responses to Duo 2FA
None

None

Not recommended

Note that:

  • VncAuth is the only scheme that allows direct connections from non-RealVNC VNC Viewers.
  • You can configure VNC Server to prompt for a fallback authentication method if the primary authentication fails by using the , character. For example, SingleSignOn,SystemAuth means VNC Server will try to authenticate the connecting VNC Viewer using Single Sign On and if this fails, use System Authentication instead.
  • You can create your own multi-factor custom authentication scheme by using the + character to require VNC Server to check multiple authentication types. For example, Certificate+SystemAuth means VNC Server requires the connecting VNC Viewer user to pass both Certificate Authentication and System Authentication.
  • Only specify None for direct connections to internal computers only, and never for direct connections to computers over the Internet, nor for cloud connections. A simple port scanning attack could see your computer taken over by a malicious entity.

See also: Encryption


AuthTimeout

Platform Default value
All 900

Specify a number of seconds to give connecting VNC Viewer users time to enter authentication credentials. After this, connections are rejected, even if the correct credentials are supplied.

Specify 0 to give connecting users unlimited time.

*This parameter is ignored if Authentication is set to None.

See also: BlacklistThresholdIdleTimeout


AutoLogonOverride

Platform Mode Default value
Windows Service FALSE

Specify TRUE to allow connected VNC Viewer users pressing the Shift key while logging off from the VNC Server computer to override the ForceAutoLogon and IgnoreShiftOverride Windows Registry values, and show the login screen. This enables connected users to choose a different user account to log back on to.

By default, the Shift key press is ignored and the same user account is automatically logged back on.


BlacklistThreshold

Platform Default value
All 5

Specify a number of unsuccessful authentication attempts that can be made from a VNC Viewer computer (identified by its IP address) before all connections from that computer are rejected for BlacklistTimeout. This may help protect against brute-force dictionary attacks on the VNC Server password.

*This parameter is ignored if Authentication is set to None. Under Linux, if Authentication is SystemAuth, the underlying authentication system may also provide a protection mechanism after 10 unsuccessful attempts.

Specify 0 to allow unlimited unsuccessful authentication attempts from a VNC Viewer computer.


BlacklistTimeout

Platform Default value
All 10

Specify a number of seconds during which connections from the VNC Viewer computer identified by BlacklistThreshold are forbidden. After this time, one further unsuccessful authentication attempt is permitted before BlacklistTimeout is doubled and applied again.

*To reset BlacklistThreshold and BlacklistTimeout to their original values, restart VNC Server.


BlankScreen

Platform Default value
Windows FALSE

Specify TRUE to blank the monitor of the VNC Server computer when VNC Viewer users are connected, in order to protect their privacy. More information.


CaptureMethod

Platform Mode Default value
All Service, User 0

*This parameter was called UpdateMethod until version 5.3.0.

Specify one of the values in the platform-specific section below to determine the method used by VNC Server to capture changes to the computer desktop, in order to send screen updates to VNC Viewer. Note all connections must be terminated before changes to this parameter take effect.

Windows

  • 0 to use the optimal method using DirectX.

  • 1 to poll the display system for changes to the entire desktop. This may be the slowest method, but can be useful to track changes to applications that interface directly with the graphics card.

macOS

  • 0 to use the optimal method. This uses ScreenCaptureKit if it is available (macOS 13 and later), otherwise DisplayStream is used.

  • 1 to use CGScreen callbacks.

  • 2 to use DisplayStream.

Linux

  • 0 to use the optimal method, which is the DAMAGE extension if it is enabled and responsive, and to fall back to polling if not.
  • 1 to poll the display system for changes to the entire desktop. This may be the slowest method, but can be useful to track changes to applications that interface directly with the graphics card.
  • 2 to force use of the DAMAGE extension, and not fall back to polling. If DAMAGE is not working correctly, some regions may not update correctly but CPU utilization will be minimized.

See also: UseCaptureBltPollInterval


ClipboardFT

Platform Subscription Default value
Windows Enterprise, Professional TRUE

Specify FALSE to prevent connected VNC Viewer users on Windows computers exchanging files with the VNC Server computer using the standard operating system copy and paste mechanism.

*VNC Server must be restarted in order for a change to this parameter to take effect. In addition, this parameter is ignored unless AcceptCutText and SendCutText are both TRUE.

See also: ShareFiles


CompareFB

Platform Default value
All TRUE

Specify TRUE to perform pixel comparison on framebuffer to reduce unnecessary updates.


ConnectToExisting

Platform Subscription Mode Default value
Linux Enterprise Virtual Daemon 0

Specify 1 to cause individual virtual desktops created on demand by the vncserver-virtuald daemon to persist when their VNC Viewer user disconnects. When the VNC Viewer user reconnects to the daemon using the same authentication credentials, that user is redirected to their still-running virtual desktop.

By default, a virtual desktop created on demand by the daemon is destroyed when the last VNC Viewer user disconnects.


ConnNotifyAlways

Platform Default value
All FALSE

Specify TRUE to display the name of the connected user throughout the session, or the most recently connected if more than one.


ConnNotifyStyle

Platform Default value Since
All 7.11.0

The style of connection and disconnection notification messages. Specify a comma-separated list of zero or more of Movable, Closable, Minimizable, NoSystem.


ConnNotifyTimeout

Platform Default value
All 4

Specify a number of seconds between 1 and 255 to display connection and disconnection notification messages for.

Specify 0 to disable notification messages.

See also: QueryConnect


ConnTimeout

Platform Default value
All 0

Specify a number of seconds for connections to last. By default there is no timeout, though IdleTimeout disconnects if the VNC Viewer user is inactive.


DaemonPort

Platform Subscription Mode Default value
Linux Enterprise Virtual Daemon 5999

Specify a number between 1 and 65535 representing an available port on which the vncserver-virtuald daemon can listen for direct connection requests from VNC Viewer, in order to create virtual desktops on demand.


Desktop

Platform Default value
All <mode-specific>

Specify a name for the VNC Server computer desktop to display on the title bar of connected VNC Viewer app windows.

*VNC Server must be restarted in order for a change to this parameter to take effect.


DisableAddNewClient

Platform Subscription Default value
All Enterprise FALSE

Specify TRUE to disable the Connect to Listening VNC Viewer option on the VNC Server shortcut menu, preventing users establishing reverse direct connections via the user interface. Note that reverse direct connections can still be established from the command line.

See also: DisableTrayIconDisableCloseDisableOptions


DisableAero

Platform Default value
Windows FALSE

Specify TRUE to disable Windows Aero (the default graphical user interface and theme in most editions of Windows Vista and 7) while sessions are in progress. This may improve performance. This option has no effect since Windows 8.

See also: DisableEffectsRemovePatternRemoveWallpaper


DisableClose

Platform Default value
All FALSE

Specify TRUE to disable the Stop VNC Server option on the VNC Server shortcut menu, preventing users stopping VNC Server via the user interface.

*VNC Server can still be stopped from the command line, or (for example) using Control Panel > Administrative Tools > Services under Windows.

See also: DisableTrayIconDisableCloseDisableOptions


DisableEffects

Platform Default value
Windows FALSE

Specify TRUE to disable particular graphical user interface effects such as font smoothing while sessions are in progress. This may improve performance.

See also: DisableAeroRemovePatternRemoveWallpaper


DisableFileTransferAtLockScreen

Platform Default value Since
Windows FALSE 7.10.0

Specify TRUE to prevent connected VNC Viewer users from transferring files while the RealVNC Server computer's desktop is locked.


DisableLocalInputs

Platform Default value
Windows FALSE

Specify TRUE to disable the keyboard and mouse of the VNC Server computer while sessions are in progress, preventing a local user interrupting connected VNC Viewer users.

See also: AcceptKeyEvents


DisableOptions

Platform Default value
All FALSE

Specify TRUE to disable the Options option on the VNC Server shortcut menu, preventing users configuring VNC Server via the user interface.

*VNC Server can still be configured from the command line.

See also: DisableAddNewClientDisableCloseDisableTrayIcon


DisableTrayIcon

Platform Default value
All 0

Specify one of the following values to control the appearance of the VNC Server icon in the notification tray (Windows and Linux) or on the Status Bar (Mac):

  • 0 to show the VNC Server icon at all times.
  • 1 to hide the VNC Server icon while no sessions are in progress, preventing a local user performing certain operations via the user interface. The icon is shown when a connection is first established.
  • 2 to hide the VNC Server icon permanently. This is effective only for special license keys.

If you are interested in acquiring a special license key to enable this feature please contact our sales team.  

See also: DisableAddNewClientDisableCloseDisableOptions


DisconnectAction

Platform Mode Default value
Windows, Mac Service NONE

Specify one of the following values to determine the behavior of the VNC Server computer when the last user disconnects (or is disconnected):

  • None to leave the computer ‘as is’ (that is, potentially with a user account logged on).
  • Lock to lock the computer. Connections can immediately be re-established, but at least one connected VNC Viewer user must know how to unlock the computer in order to continue.
  • Either:
    • Under Windows, Logoff to log the current user account out. Connections can immediately be re-established, but at least one connected user must log on to a user account in order to continue.
    • Under Mac, StartScreensaver to start the screen saver.

DisconnectClients

Platform Default value
All TRUE

See AlwaysShared.


display

Platform Mode Default value
Linux Service, User  

Specify the X Window display and optionally the screen number to remote to connected VNC Viewer users, for example :1.0.

*This parameter overrides the DISPLAY environment variable.

See also: DisplayDeviceMonitor


DisplayDevice

Platform Default value
Windows  

Specify the name of a particular monitor or similar device attached to the VNC Server computer to remote to connected VNC Viewer users, for example \\.\Display1. Available names (IDs) are shown on the Diagnostics page of the Information Center dialog.

By default, or if the value is not recognized, all monitors are remoted.

See also: Monitordisplay


Dscp

Platform Default value Since
All 0 7.0.0

Value to classify network traffic to provide Quality of Service.


DuoDeviceChoice

Platform Default value Since
All BestDevice 7.1.0

Whether to list all methods for all devices (AllDevices), or the best device for each method (BestDevice).


DynamicResolutionMaxSize

Platform Default value Since
Linux 7.6.0

*This parameter applies to Virtual Mode (Xvnc) only.

Maximum resolution that the display can be dynamically set to.

When blank, RealVNC Server uses the largest resolution specified using the RandR parameter and/or -geometry switch if set, or 1024 x 768.


EnableAnalytics

Platform Default value Since
All FALSE 6.0.0

Specify TRUE to allow RealVNC to collect anonymous usage data to help improve our products.


EnableAutoUpdateChecks

Platform Default value
All <subscription-specific>

Specify:

  • 0 to prevent VNC Server automatically checking for critical software patches and product updates to which you are entitled every UpdateCheckFrequencyDays.
  • 1 to ensure VNC Server automatically checks.
  • 2 to cause VNC Server to prompt for one of the options above at install-time.

See also: EnableManualUpdateChecks


EnableChat

Platform Subscription Default value
All Enterprise, Professional FALSE

Specify FALSE to prevent connected VNC Viewer users participating in chat sessions.


EnableManualUpdateChecks

Platform Default value
All TRUE

Specify FALSE to disable the Check for updates option on the VNC Server shortcut menu, preventing checking for critical software patches or product updates.

See also: EnableAutoUpdateChecks


EnableRemotePrinting

Platform Subscription Default value
All Enterprise, Professional TRUE

Specify FALSE to prevent connected VNC Viewer users printing VNC Server computer files to their local printers.

See also: AllowChangeDefaultPrinter


EnableScreenRecording

Platform Subscription Default value Since
All Enterprise, Professional TRUE 6.8.0

Allow connected VNC Viewer users to record sessions.


Encryption

Platform Default value Since
All AlwaysOn 5.3.0

*This parameter replaces SecurityTypes from version 5.3.0, in conjunction with Authentication.

Determine, in conjunction with VNC Viewer, whether:

  • Remote control sessions are upgraded to 256-bit AES (available for both cloud connections and direct connections).
  • The initial exchange of authentication credentials is encrypted, but subsequent sessions are unencrypted (direct connections only). Turning encryption off may register a small performance benefit, but data may be decipherable if intercepted by malicious parties.

By default, AlwaysOn means that sessions are encrypted end-to-end using 128-bit AES. From the table below, choose a different value appropriate to the level of encryption you wish VNC Server to offer.

Encryption preference Parameter value Connection method
Always Maximum AlwaysMaximum Cloud and direct
Always on AlwaysOn Cloud and direct
Prefer on PreferOn Direct only
Prefer off PreferOff Direct only
Always off AlwaysOff Direct only

Note that the actual level of encryption that results for a connection depends upon the preference set by the connecting user; see the VNC Viewer Encryption parameter. Note some combinations prevent VNC Viewer users being able to connect:

VNC Server Encryption parameter VNC Viewer Encryption parameter Resulting level of encryption
AlwaysMaximum Server 256-bit AES
AlwaysMaximum 256-bit AES
AlwaysOn 256-bit AES
PreferOn 256-bit AES
PreferOff 256-bit AES
AlwaysOn Server 128-bit AES
AlwaysMaximum 256-bit AES
AlwaysOn 128-bit AES
PreferOn 128-bit AES
PreferOff 128-bit AES
PreferOn Server 128-bit AES
AlwaysMaximum 256-bit AES
AlwaysOn 128-bit AES
PreferOn 128-bit AES
PreferOff Unencrypted direct connection
PreferOff Server Unencrypted direct connection
AlwaysMaximum 256-bit AES
AlwaysOn 128-bit AES
PreferOn 128-bit AES
PreferOff Unencrypted direct connection
AlwaysOff Server Unencrypted direct connection
AlwaysMaximum Cannot connect
AlwaysOn Cannot connect
PreferOn Unencrypted direct connection
PreferOff Unencrypted direct connection

See also: Authentication


FloorControlAllowLegacyClients

Platform Default value Since
All 1 7.12.0

Specify one of the following values to determine whether legacy VNC Viewer users can connect when FloorControlEnable is TRUE.

  • 0 to disallow legacy users VNC Viewer users to connect.
  • 1to allow legacy VNC Viewer users to connect in view only mode.
  • 2to allow legacy VNC Viewer users to control if no other user has control.

FloorControlEnable

Platform Default value Since
All FALSE 7.12.0

Specify TRUE to enable floor control so that only one VNC Viewer user has control of this computer at a time.


GuestAccessEnable

Platform Subscription Default value
All Enterprise FALSE

*This parameter was called EnableGuestLogin until version 6.5.0.

Specify TRUE to turn on the Guest Login option on the VNC Server shortcut menu, allowing particular connecting VNC Viewer users to bypass the VNC Server authentication scheme.

*This parameter is ignored if GuestPermissions is set to 0.


GuestPermissions

Platform Subscription Default value
All Enterprise  

*This parameter was called GuestAccess until version 6.5.0.

Determine whether VNC Viewer users can establish direct connections (not cloud connections) as guests, bypassing the VNC Server authentication scheme. In addition, grant session permissions to connected guests.

*For a value other than 0GuestAccessEnable must also be set to TRUE.

Specify a value consisting of one or particular combinations of the following characters:

  • 0 or empty to prevent users connecting as guests, even if GuestAccessEnable is TRUE.
  • s to allow connected guests to view the desktop. Note that omitting this value means guests see a blank screen.
  • v to give connected guests a view-only set of permissions (equivalent to s in this release).
  • k to allow connected guests to exercise control using their keyboards (subject to AcceptKeyEvents).
  • p to allow connected guests to exercise control using their mice (subject to AcceptPointerEvents).
  • c to allow connected guests to copy and paste text between the computers (subject to SendCutText and AcceptCutText).
  • l to allow connected users to hear audio from the desktop (subject to AudioEnable).
  • t to allow connected guests to transfer files between the computers (subject to ShareFiles).
  • r to allow connected guests to print to local printers (subject to EnableRemotePrinting).
  • h to allow connected guests to chat (subject to EnableChat).
  • w to allow connected users to record sessions (subject to EnableScreenRecording).
  • d to give connected guests a default set of permissions (equivalent to skpctrh).
  • q to allow connected guests to bypass accept/reject prompts (subject to QueryConnect).
  • f to give connected guests a full set of permissions (equivalent to dq).

For example, skpc grants connected guests viewing (s), controlling (k and p), and copy and paste (c) permissions. The other permissions are omitted, which means the corresponding features are not available.


HideOSKWindow

Platform Default value Since
Windows FALSE 7.11.0

Specify TRUE to prevent the On-Screen Keyboard (osk.exe) from being displayed to connected VNC Viewers.


IdleTimeout

Platform Default value
All 3600

Specify a number of seconds to wait before disconnecting VNC Viewer users who have not interacted with the VNC Server computer during that time.

Specify 0 to never disconnect idle users.

See also: DisconnectAction


IpClientAddresses

Platform Subscription Default value
All Enterprise +

*This parameter was called hosts until version 6.4.0.

Filter incoming direct connections by IP address. VNC Viewer computers can either be permitted to connect, be rejected, or be flagged up for verification by a VNC Server computer (or an already-connected) user. Note that the default + value permits direct connections from all VNC Viewer computers.

*This parameter does not filter cloud connections.

Specify an ordered, comma-separated list of actions and network addresses, each of the form:

<action><ip address-or-range>

where <action> is either:

  • + to permit direct connections
  • - to reject direct connections
  • ? to flag direct connections

and <ip address-or-range> is either a particular IP address, or a range suffixed by a forward slash (/) and either a subnet mask (for example 192.168.0.187/255.255.0.0) or the number of bits in the routing prefix (for example 192.168.0.187/24).

Consider the following example:

+192.168.0.1,?192.168.4.0/255.255.255.0,-

  • The first entry permits direct connections from a VNC Viewer computer with the IP address 192.168.0.1.
  • The second entry flags direct connections from any VNC Viewer computer situated in the 192.168.4 subnet.
  • The third entry rejects direct connections from all other VNC Viewer computers.

To exclude particular addresses (or small ranges) from within an included range, add the address and suitable subnet mask before the include entry and prefix with .

See also: localhost


IpListenAddresses

Default value

Platform Subscription
All Enterprise  

*This parameter was called TcpListenAddresses until version 6.4.0.

Specify one or more IP addresses owned by the computer (separated by commas) to restrict VNC Server to listening on just those addresses for direct connections. Alternatively, specify:

  • 0.0.0.0 to listen on all IPv4 addresses, but not IPv6.
  • [::] to listen on all IPv6 addresses, but not IPv4.

By default, VNC Server listens on all available addresses for direct connections.

See also: AllowIpListenRfbIpListenProtocols


IpListenProtocols

Platform Subscription Default value Since
All Enterprise TCP,UDP 6.4.0

Specify just TCP to prevent direct connections that would use the UDP protocol, and vice versa.

See also: AllowIpListenRfbIpListenAddresses


KerberosServicePrincipalName

Platform Subscription Default value
Mac, Linux Enterprise host/<computer-name>

*This parameter was called KerberosPrincipalName until 6.3.2.

Specify the ‘host’ service principle name as it is registered for the VNC Server computer with the domain controller, for example host/papaya.dev.acmecorp.com. This may be useful if connecting VNC Viewer users are experiencing problems authenticating automatically to VNC Server.

*This parameter is ignored unless Authentication is set to SingleSignOn.

KeyEventMethod

Platform Default value Since
Mac CGPostKeyboardEvent 7.9.0

Method to use for injecting key events (CGPostKeyboardEvent, CGEventPost, IOHIDPostEvent).


LdapCertificateCrlLimit

Platform Subscription Default value Since
All Enterprise, Professional 26214400 6.2.1

Specify a maximum size (in bytes) of the CRL (certificate revocation list) that VNC Server should download.

See also: LdapCertificateRevocationLdapCertificateUserStore


LdapCertificateIntermediateStore

Platform Subscription Default value Since
All Enterprise, Professional <platform-specific> 6.1.0

Specify the location of an intermediate certificate store for verifying the public key certificates of connecting VNC Viewer users.

The values file:// and ldap:// are supported on every platform. enterprise:// is additionally supported under Windows.

See also: LdapCertificateUserStore


LdapCertificateRevocation

Platform Subscription Default value Since
All Enterprise, Professional Enforce 6.1.0

Specify:

  • CheckIfAvailable to skip if OCSP cannot be checked, or the CRL (certificate revocation list) cannot be fetched.
  • Ignore to bypass OCSP and CRL checking.
  • EnforceOcsp to enforce OCSP, and not fall back to CRL (requires VNC Server 6.3.0+).

By default, Enforce checks certificates fetched from LDAP for revocation using OCSP, falling back to CRL.

See also: LdapCertificateCrlLimitLdapCertificateUserStore


LdapCertificateTrustStore

Platform Subscription Default value Since
All Enterprise, Professional <platform-specific> 6.1.0

Specify the location of a trusted root certificate store for verifying the public key certificates of connecting VNC Viewer users.

The values file:// and ldap:// are supported on every platform. enterprise:// is additionally supported under Windows.

See also: LdapCertificateUserStore


LdapCertificateUserStore

Platform Subscription Default value Since
All Enterprise, Professional <platform-specific> 6.1.0

Identify the domain controller hosting the LDAP server that will verify the public key certificates of connecting VNC Viewer users, when VNC Server is set up to use smartcard/certificate store authentication.

The domain controller URL should take the form ldap[s]://[credentials@][host]/[search-base], where credentials@ is either:

  • GSSAPI@ for Kerberos authentication.
  • binddn:password@ for a simple bind.
  • empty for anonymous access.

If host or search-base is omitted, the system default is used. If you are not using LDAPS, see LdapSecurity.

See also: LdapCertificateTrustStoreLdapCertificateIntermediateStore


LdapSecurity

Platform Subscription Default value Since
All Enterprise, Professional Auto 6.1.0

Specify the LDAP security to use if not LDAPS:

  • Auto to use signatures with Kerberos and StartTLS with simple binding.
  • StartTLS to always use StartTLS.
  • None to disable LDAP encryption (not recommended).

See also: LdapCertificateUserStore


LeftCmdKey

Platform Default value
Mac Alt_L

Map one of the following keysyms received from VNC Viewer to the left Command key:

  • Alt_L
  • Alt_R
  • Super_L
  • Super_R
  • ExtendedChars

The default value of Alt_L means that, for connections from:

  • Windows or Linux computers with PC keyboards, connected users can press the left Alt key to simulate a press of the left Command key.
  • Mac computers, it is recommended you do not change this parameter unless you are also able to make the same change to the VNC Viewer LeftCmdKey parameter, which by default maps the left Command key to the Alt_L keysym.

Note that ExtendedChars refers to the key typically used to create extended characters, for example AltGr on non-US PC keyboards.

*This parameter is ignored unless AcceptKeyEvents is TRUE.

See also: LeftOptKeyRightCmdKeyRightOptKey


LeftOptKey

Platform Default value
Mac ExtendedChars

See LeftCmdKey, but for the left Option key.


Locale

Platform Default Value
All  

Specify one of the following values to choose a display language for VNC Server:

  • en_US for English
  • fr_FR for French
  • de_DE for German
  • es_ES for Spanish

By default, this parameter is empty, and the VNC Server user interface inherits the desktop language of the currently logged-on computer user, or falls back to English if this language has not yet been translated in the software.

There are two aspects to the display language; specifying this parameter in different locations enables these aspects to be controlled separately (if required):

  • The language in which the VNC Server user interface is displayed. Note VNC Server must be restarted in order for any change to take effect.
  • The language in which connectivity and other messages are transmitted to VNC Viewer users.

To change the user interface language, specify the Locale parameter:

  • Under Windows, in the Software\RealVNC\vncserverui-service (Service Mode) or Software\RealVNC\vncserverui-user (User Mode) Registry key. Note these keys are both in the HKEY_CURRENT_USER hive.
  • Under Linux, in the vncserverui-service (Service Mode), vncserverui-user (User Mode), or vncserverui-virtual (Virtual Mode) VNC configuration file. You can create these files if they do not exist in any appropriate location in this table.
  • Under Mac, in the vncserverui-service (Service Mode) or vncserverui-user (User Mode) VNC configuration file. You can create these files if they do not exist in any appropriate location in this table.

To change the language of transmitted messages, you can either edit the Locale parameter in the VNC Server Options > Expert dialog box, or alternatively:

  • Under Windows, in the HKEY_LOCAL_MACHINE\Software\RealVNC\vncserver (Service Mode) or HKEY_CURRENT_USER\Software\RealVNC\vncserver (User Mode) Registry key.
  • Under Linux, in the /root/.vnc/config.d/vncserver-x11 (Service Mode), ~/.vnc/config.d/vncserver-x11 (User Mode), or ~/.vnc/config.d/Xvnc (Virtual Mode) VNC configuration file.
  • Under Mac, in the /var/root/.vnc/config.d/vncserver (Service Mode) or ~/.vnc/config.d/vncserver (User Mode) VNC configuration file.

*Under Linux and Mac, you can configure both language aspects together (and for all programs) by specifying this parameter in a global location such as /etc/vnc/config.d/common.custom.


localhost

Platform Subscription Default value
All Enterprise FALSE

Specify TRUE to only permit direct connections from VNC Viewer running on the same computer as VNC Server.

*This parameter does not affect cloud connections.

See also: IpClientAddresses


Log

Platform Default value
All <platform-specific>

Record information about the main VNC Server process.

*It is possible to separately record information about sub-processes, for example the VNC Server service under Windows, and also for VNC Viewer.

Specify an ordered, comma-separated list of activities, each of the form:

<log>:<target>:<level>

where:

  • <log> determines the type of activity to record, for example connection, printing or file transfer activity, or * to record all. To see a list of available activities, examine the Log names section in the advanced help output (run the command <app> -help all).

  • <target> determines the output destination:

    • Under Windows, either stderrfile (configured using LogDir and LogFile), or EventLog (to write to the Windows Event Log service).
    • Under Mac and Linux, either syslog (configured using SyslogFacility under Linux), stderr or file.
  • <level> determines severity: 0 includes only serious errors, 10 includes basic audit information, 30 includes general information, and 100 includes all possible information, potentially including keystrokes.

    If you use SysLog, <level> translates as follows: 0 is Syslog 3 (Error), 1 to 5 is 4 (Warning), 6 to 10 is 5 (Notice), 11 to 30 is 6 (Informational), and more than 30 is 7 (Debug).

Consider the following example:

*:file:10,Connections:file:100

  • The first entry (*:file:10) specifies that all activity is recorded to file at level 10.
  • The second entry (Connections:file:100) overrides this for connection activity, recording it (to the same file) at level 100.

LogDir

Platform Default value
All <platform-specific>

Specify a directory in which VNC Server should create a LogFile, for example C:/Data/RealVNCLogs. This location must be writable.

*This parameter is ignored unless at least one Log entry has an output destination of file.


LogFile

Platform Default value
All <platform-specific>

Specify a name for the file VNC Server should create in LogDir, for example realvnc-debug.log.

*This parameter is ignored unless at least one Log entry has an output destination of file.


MaxDesktops

Platform Default Since
Linux   7.12.0

Specify the maximum number of Virtual Mode desktops to allow on this machine.Please note that the MaxDesktops parameter does not appear in the VNC Server Options > Expert dialog box.


Monitor

Platform Default value
Mac, Linux -1

Specify the number of a particular monitor or similar device attached to the VNC Server computer to remote to connected VNC Viewer users, for example 0 for the primary monitor, 1 for a secondary monitor, and so on.

*All existing sessions must be terminated in order for a change to this parameter to take effect.

By default, or if the value is not recognized, all monitors are displayed.

See also: DisplayDevicedisplay


NeverShared

Platform Default value
All FALSE

See AlwaysShared.


NtLogonAsInteractive

Platform Subscription Default value
Windows Enterprise, Professional FALSE

Specify TRUE to establish connections as Interactive logon type 2 rather than Network logon type 3.

*This parameter is ignored unless Authentication includes SystemAuth.

This may be useful if user accounts valid for logging on to the VNC Server computer (and whose credentials VNC Viewer users therefore supply in order to connect) are not accorded the higher privileges of the Network logon type, and would consequently be rejected. Alternatively, if network access to a domain controller cannot be guaranteed, connections may be more reliable since the Interactive logon type caches credentials.

See also: Permissions


PamAccountCheck

Platform Subscription Default value
Linux, Mac Enterprise, Professional TRUE

Specify FALSE to check just PAM authentication rules. By default, PAM account rules are checked as well.

*This parameter is ignored unless Authentication includes SystemAuth.

This may be useful if connecting VNC Viewer users are experiencing problems authenticating to VNC Server, since account rule checks must be run as root.

See also: PamApplicationName


PamApplicationName

Platform Subscription Default value
Linux, Mac Enterprise, Professional vncserver

Specify vncserver.custom to use the custom PAM library and authentication and account rules specified in the /etc/pam.d/vncserver.custom file.

*This parameter is ignored unless Authentication includes SystemAuth.

Under Linux, this may be useful to enable connecting users to authenticate to VNC Server using the credentials of domain accounts.

See also: PamAccountCheck


Password

Platform Default value
All  

Specify a password specific to VNC Server in the correct obfuscated format.

*This parameter is ignored unless Authentication is set to VncAuth.

This parameter is normally set automatically when you install VNC Server or attempt to run it for the first time. It is not normally necessary to set it manually. For this reason, it does not appear in the VNC Server Options > Expert dialog box.

You can set this parameter manually in policy template files. Use the vncpasswd utility with the -print flag to generate a password in the correct format.


Permissions

Platform Subscription Default value
All Enterprise, Professional <platform-specific>

Register user accounts or groups with VNC Server so connecting VNC Viewer users are able to authenticate. In addition, grant session permissions to use remote control features while connections are in progress.

*This parameter is ignored if Authentication is set to VncAuth. Note also that VNC Permissions Creator is freely available to help create a permissions string in the correct format for VNC Server.

Certain user accounts/groups are pre-registered to provide connectivity out-of-the-box. More information on setting up domain accounts under Linux is available here.

Specify a comma-separated list of users/groups and permissions, each of the form:

<name>:<feature>

where <name> is the name of a valid user account, preceded by % to distinguish a group, and <feature> is a string consisting of particular combinations of at least one of the following characters:

  • s to allow connected users to view the desktop. Note that omitting this value means users see only a blank screen.
  • v to give connected users a view-only set of permissions (equivalent to s in this release).
  • k to allow connected users to exercise control using their keyboards (subject to AcceptKeyEvents).
  • p to allow connected users to exercise control using their mice (subject to AcceptPointerEvents).
  • c to allow connected users to copy and paste between computers (subject to SendCutText and AcceptCutText).
  • z to allow connected users to blank the server screen while connected (subject to BlankScreen).
  • l to allow connected users to hear audio from the desktop (subject to AudioEnable).
  • t to allow connected users to transfer files between the computers (subject to ShareFiles).
  • r to allow connected users to print to local printers (subject to EnableRemotePrinting).
  • h to allow connected users to chat (subject to EnableChat).
  • w to allow connected users to record sessions (subject to EnableScreenRecording).
  • d to give connected users a normal set of permissions (equivalent to skpctrh).
  • q to allow connected users to bypass accept/reject prompts (subject to QueryConnect).
  • f to give connected users an administrative set of permissions (equivalent to dq).

*Under Linux and Mac, you can omit <name> to infer the VNC Server process owner (User Mode and Virtual Mode) or the root user account (Service Mode). Under Windows, you can use the built-in CREATOR OWNER user to infer the VNC Server process owner (User Mode) or the currently-logged on user account (Service Mode).

Specifying a character corresponds to turning the Allow checkbox on for that feature on VNC Server’s Options > Users & Permissions page. Other behaviors can be modelled as follows:

  • Omit a character to disallow that feature, corresponding to turning the Allow checkbox off. Note that for a group, this can be overridden by individual members. Alternatively, specify -<feature> to disallow that feature from a set, so for example johndoe:d-t grants a normal set of permissions, with the exception of file transfer.
  • ! to explicitly deny a feature, corresponding to turning the Deny checkbox on. This cannot be overridden.

*If you use - (to disallow) and ! (to deny) then the order of characters must be allow > disallow > deny.

Consider the following example:

superuser:f,%vncusers:d,johndoe:v,janedoe:skp-t!r

  • The superuser user account grants an administrative set of permissions.
  • The vncusers group grants a normal set of permissions.
  • The johndoe user account grants view-only permissions (assuming johndoe is not a member of vncusers).
  • The janedoe user account grants viewing (s) and controlling permissions (k and p), disallows file transfer, and explicitly denies printing. No position is taken on copy and paste (c) or chat (h). If janedoe is a member of vncusers, then any grant of these permissions is inherited, and those two features are allowed. If janedoe is not a member of vncusers, then these features are disallowed.

PollCursorTime

Platform Mode Default value
Linux Service, User 100

Specify a number of milliseconds to wait before polling the display system for cursor movement.


PollInterval

Platform Mode Default value
Linux Service, User 50

Specify a number of milliseconds to wait before polling the display system for screen updates. A larger number may improve performance, at a potential risk of increasing latency.


ProtocolVersion

Platform Default value
All  

If you have an Enterprise subscription and intend to establish direct connections only, specify a particular value to compel VNC Server to advertize only that version or lower of the underlying RFB protocol.

*Do not edit this parameter if you have a Home or Professional subscription, or an Enterprise subscription and intend to establish cloud connections, else remote access will not be available.

  • 3.3
  • 3.7
  • 3.8
  • 4.0
  • 4.1
  • 5.0
  • 6.0

The lower the version, the wider the range of VNC-compatible Viewer technology from third parties able to establish direct connections, but the fewer the premium features (such as encryption, high-speed streaming, file transfer, printing, and chat) available to connected users.

By default, the latest version of the RFB protocol is advertized.


ProxyServer

Platform Default value Since
All <system> 6.0.0

Specify the proxy type, network address and port number of a proxy server if the VNC Server computer is protected by one, for example http://myhttpproxyserver.com:8080 or socks://mysocksproxyserver.com:8080.

The default value of <system>:

  • Under Windows, uses the proxy server settings of Microsoft Internet Explorer for VNC Server in User Mode.

    *This default value is ignored by VNC Server in Service Mode. Use the netsh utility instead to specify a proxy server for all users that will be detected by VNC Server, for example netsh winhttp set proxy <proxy-server>.

  • Under Linux, uses standard proxy server environment variables or libproxy.

  • Under Mac, uses the proxy server settings of the Network system preference.

If the proxy server requires a password, run vncpasswd to base64-encode that password and store it in the appropriate location for the VNC Server mode:

  • vncpasswd -type ProxyPassword -service -legacy # VNC Server in Service Mode
  • vncpasswd -type ProxyPassword -virtual -legacy # VNC Server in Virtual Mode (Linux only)
  • vncpasswd -type ProxyPassword -user -legacy # VNC Server in User Mode

The vncpasswd utility is located in the directory as VNC Server, and must be run with administrative privileges for Service Mode. Please note that the ProxyPassword parameter does not appear in the VNC Server Options > Expert dialog box.

See also: ProxyUserName


ProxyUserName

Platform Default value Since
All   6.0.0

Specify a user name if ProxyServer requires authentication.


QueryConnect

Platform Default value
All FALSE

Specify TRUE to display accept/reject prompts when particular VNC Viewer users connect. Either a local computer user (if one is present) or an already-connected VNC Viewer user can choose to accept connections, make connections view only, or reject them. If no-one is available, connections are automatically granted QueryTimeoutRights after QueryConnectTimeout.

*Some VNC Viewer users may have sufficient session permissions to bypass accept/reject prompts.

See also: QueryOnlyIfLoggedOn


QueryConnectTimeout

Platform Default value
All 10

Specify a number of seconds to display accept/reject prompts for. If no response is received (either from a local computer user or an already-connected VNC Viewer user) during this time, connections are automatically granted QueryTimeoutRights.

See also: QueryConnect


QueryOfferViewOnly

Platform Default value Since
All TRUE 6.2.0

Specify FALSE to hide the view-only option from the accept/reject prompt, leaving only the reject and accept options.

See also: QueryConnect


QueryOnlyIfLoggedOn

Platform Mode Default value
All Service, Virtual FALSE

Specify TRUE to display accept/reject prompts only if a user account is currently logged on, and therefore a local computer user is likely to be present. (For VNC Server in Virtual Mode under Linux, the equivalent is if at least one VNC Viewer user is already connected, since no local computer user can be ‘present’ at a virtual desktop.)

*This parameter is ignored unless QueryConnect is TRUE.

If no user account is logged on (or if no VNC Viewer user is connected in Virtual Mode), accept/reject prompts are not displayed and all connections are automatically granted QueryTimeoutRights.


QueryTimeoutRights

Platform Default value
All  

Determine whether connections exceeding QueryConnectTimeout are accepted or rejected, and grant session permissions to connected VNC Viewer users.

*This parameter is ignored unless QueryConnect is TRUE.

Specify a value consisting of one or particular combinations of the following characters:

  • An empty value (QueryTimeoutRights=) to reject connections.
  • s to allow connected users to view the desktop. Note that omitting this value means users see a blank screen.
  • v to give connected users a view-only set of permissions (equivalent to s in this release).
  • k to allow connected users to exercise control using their keyboards (subject to AcceptKeyEvents).
  • p to allow connected users to exercise control using their mice (subject to AcceptPointerEvents).
  • c to allow connected users to copy and paste text between computers (subject to SendCutText and AcceptCutText).
  • z to allow connected users to blank the server screen while connected (subject to BlankScreen).
  • l to allow connected users to hear audio from the desktop (subject to AudioEnable).
  • t to allow connected users to transfer files between computers (subject to ShareFiles).
  • r to allow connected users to print to local printers (subject to EnableRemotePrinting).
  • h to allow connected users to chat (subject to EnableChat).
  • w to allow connected users to record sessions (subject to EnableScreenRecording).
  • d to give connected users a default set of permissions (equivalent to skpctrh).

For example, skpc grants connected users viewing (s), controlling (k and p), and copy and paste (c) permissions. The other permissions are omitted, which means the corresponding features are not available.

See also: QueryOnlyIfLoggedOn


QuitOnCloseStatusDialog

Platform Default value
All FALSE

Specify TRUE to stop VNC Server if the VNC Server dialog is closed.

By default, closing merely hides the dialog; it can be shown again from the VNC Server icon under most operating systems.


RadiusAuthenticationProtocol

Platform Subscription Default value Since
All Enterprise, Professional CHAP 6.0.0

Specify PAP to use the PAP authentication protocol. While CHAP is potentially more secure, the RADIUS server must have access to credentials stored in plaintext, so PAP is more widely supported.

See also: RadiusServer


RadiusNasId

Platform Subscription Default value Since
All Enterprise, Professional vncserver 6.0.0

Send the ‘Network Access Server’ identifier of the VNC Server computer to the RADIUS server.

Specify an empty value (RadiusNasId=) to send the value of RadiusAddress.

See also: RadiusServer


RadiusNormalizeUsername

Platform Subscription Default value Since
All Enterprise, Professional FALSE 6.0.0

Specify TRUE to strip the domain/realm component from user names when contacting the RADIUS server.

See also: RadiusServer


RadiusPacketInterval

Platform Default value Since
All 1 7.12.1

The interval between RADIUS request packets (in seconds).


RadiusPrompt

Platform Subscription Default value Since
All Enterprise, Professional RADIUS password: 6.0.0

Specify the prompt VNC Viewer users see when authenticating to a RADIUS server.

Specify an empty value (RadiusPrompt=) to initially send a blank password to the RADIUS server.

See also: RadiusServer


RadiusRequestPackets

Platform Default value Since
All 4 7.12.1

The number of RADIUS request packets to send.

RadiusServer

Platform Subscription Default value Since
All Enterprise, Professional   6.0.0

Identify the RADIUS server for connecting VNC Viewer users to authenticate against when VNC Server is set up to augment system authentication with RADIUS authentication.

You can specify additional RADIUS servers in case the primary server fails using a comma-separated list, for example 
<ip-address-1>:<port-number>, <ip-address-2>:<port-number>.

If the RADIUS server requires a secret, run the vncpasswd utility as follows to base64-encode that secret and store it in the location expected by the VNC Server mode:

  • vncpasswd -type=RadiusSecret -service -legacy # VNC Server in Service Mode
  • vncpasswd -type=RadiusSecret -virtual -legacy # VNC Server in Virtual Mode (Linux systems only)
  • vncpasswd -type=RadiusSecret -user -legacy # VNC Server in User Mode

Please note that the RadiusSecret parameter does not appear in the VNC Server Options > Expert dialog box.


RandR

Platform Subscription Mode Default value
Linux Enterprise Virtual  

Specify a comma-separated list of geometries to offer the RandR X Window extension, if enabled.

For example, specifying 1024x768,1280x1024,800x600 enables a connected VNC Viewer user to cycle between the three geometries by running the command xrandr -s <0|1|2>.


RecordNotifyAlways

Platform Subscription Default value Since
All Enterprise, Professional FALSE 6.8.0

Display a continuous notification while the session is being recorded by a connected user. If this is True then the RecordNotifyDuration parameter is not used.


RecordNotifyDuration

Platform Subscription Default value Since
All Enterprise, Professional 4 6.8.0

The number of seconds to display session recording notification messages for, or 0 to disable notifications.


RecordQuery

Platform Default value Since
All FALSE 7.1.0

Show a prompt identifying each VNC Viewer user who requests session recording, enabling recording to be accepted or rejected.


RemapKeys

Platform Default value
All  

Map or swap keyboard keys. This may be useful if VNC Viewer computer keyboards are likely to be different to the VNC Server computer keyboard.

Specify a comma-separated list of X Window hexadecimal keysyms, either of the form:

  • keysym<>keysym to swap keysyms, for example 0x22<>0x40 to swap " and @.
  • keysym->keysym to map from the first keysym to the second, for example 0x6d->0x6e to cause m to be interpreted as n.

See also: AcceptKeyEvents


RemovePattern

Platform Default value
Windows FALSE

Specify TRUE to replace a repeating pattern on the VNC Server computer’s desktop (under old versions of Windows) with a plain background while a session is in progress. This may improve performance.

See also: RemoveWallpaperDisableAeroDisableEffects


RemoveWallpaper

Platform Default value
Windows FALSE

Specify TRUE to replace a picture or photo on the VNC Server computer’s desktop with a plain background while a session is in progress. This may improve performance.

See also: RemovePatternDisableAeroDisableEffects


RfbPort

Platform Subscription Default value
All Enterprise 5900

Specify a number between 1 and 65535 representing an available port on which VNC Server can listen for direct connections. Note that ports 1 to 1024 are restricted by some operating systems.

*This parameter is ignored if AllowIpListenRfb is FALSE.

The default port, 5900, is registered for use by VNC Server with the Internet Assigned Numbers Authority (IANA), and does not need to be explicitly identified by connecting VNC Viewer users.


RightCmdKey

Platform Default value
Mac Super_L

See LeftCmdKey, but for the right Command key.


RightOptKey

Platform Default value
Mac ExtendedChars

See LeftCmdKey, but for the right Option key.


RootSecurity

Platform Subscription Mode Default value
Linux, Mac Enterprise User, Virtual FALSE

Specify TRUE to protect the system credentials of connecting VNC Viewer users from observation by a VNC Server process owner who is not root.

See also: Authentication


RsaPrivateKeyFile

Platform Default value
Linux, Mac $HOME/.vnc/private.key

Specify the full path to a file storing a private key for VNC Server.

*VNC Server in Service Mode runs as the root user.

If the private key is missing or corrupt, VNC Viewer users cannot connect. To generate a new private key, stop and restart VNC Server.

See also: Encryption


SendCutText

Platform Default value
All TRUE

Specify FALSE to prevent connected VNC Viewer users copying text on the VNC Server computer and pasting it to their own devices.

See also: AcceptCutTextClipboardFT


ServerPreferredEncoding

Platform Default value Since
All Viewer 6.0.0

Specify the encoding that VNC Server should use to send screen updates to VNC Viewer. By default, the PreferredEncoding parameter value of the connected VNC Viewer takes precedence.

For more information on encodings, consult RFC 6143.


ServiceDiscoveryEnabled

Platform Default value
All TRUE

Specify FALSE to prevent VNC Server automatically advertizing itself on Zeroconf-enabled local networks (for example, Bonjour or Avahi).


ShareFiles

Platform Subscription Default value
All Enterprise, Professional TRUE

Specify FALSE to prevent connected VNC Viewer users exchanging files with the VNC Server computer.

See also: ClipboardFT


ShowCloudHints

Platform Default value Between
All True 6.0.1 - 6.4.0

Specify FALSE to suppress links in the VNC Server interface that encourage the user to sign up for or in to a RealVNC account.


SimulateSAS

Platform Mode Default value
Windows Service 1

Specify one of the following values to determine whether connected VNC Viewer users can send the Secure Attention Sequence (SAS, the Ctrl+Alt+Del key combination) to a VNC Server computer running Windows Vista or later:

  • 0 to respect Windows group policy for SAS, which means that it cannot be sent to computers running most versions of Windows Vista and 7.
  • 1 to override group policy if it has not been explicitly set, which means SAS can be sent in most circumstances.
  • 2 to override group policy even if it has been explicitly set, which means SAS can always be sent.

See also: AcceptKeyEvents


SyslogFacility

Platform Default value
Linux user

Specify one of the following facilities for syslog to use, if available on the system:

  • daemon
  • auth
  • authpriv
  • security
  • local0..local7

*This parameter is ignored unless at least one Log entry has an output destination of syslog.


StopUserModeOnSwitchOut

Platform Subscription Mode Default value
Mac Enterprise User TRUE

Specify FALSE to keep VNC Server running when the current user account switches out. Note that not all third party applications may be displayed correctly to connected VNC Viewer users in switched out sessions, for example the Calculator app.

By default, VNC Server stops on switch out, and all VNC Viewer users are disconnected and cannot reconnect.


SystemSleepBehavior

Platform Default value Since
Mac PreventWhileConnected 7.1.0

Prevent the system from sleeping (PreventWhileRunning), prevent the system from sleeping while there are VNC Viewer users connected (PreventWhileConnected), disconnect VNC Viewer users when system goes to sleep (DisconnectViewers), or do nothing (DoNothing).


TlsProfile

Platform Default value
All Normal

The security strength to enforce when making TLS connections. For 'Normal', TLS 1.2 is mandated, no broken fallback ciphers are allowed, and key strength is checked for security (no SHA-1 or small keys). Selecting 'High' limits cipher choices to AES-256 with no legacy ciphers.


UpdateCheckFrequencyDays

Platform Default value
All 1

Specify a number of days to wait before VNC Server automatically checks for critical software patches and product updates to which you are entitled.


UseCaptureBlt

Platform Default value
Windows TRUE

Specify FALSE to stop VNC Server monitoring updates to some semi-transparent windows such as certain menus and tooltips. This may improve performance or reduce cursor flicker but does mean connected VNC Viewer users do not have perfect picture fidelity.

See also: CaptureMethod


UseLegacyFileTransfer

Platform Default value Since
All FALSE 7.9.0

Specify TRUE to use the legacy version of File Transfer instead of File Manager.


WinSsoAccountCheck

Platform Subscription Default value Since
All Enterprise TRUE 6.8.0

Perform account checks when using Windows SSO.

Was this article helpful?
44 out of 56 found this helpful

Comments

0 comments

Article is closed for comments.