You can configure RealVNC Server by changing parameters either in the Options > Expert dialog box, at the command line, using policy or by customising the installer (Windows only).
Note that:
- RealVNC Server parameters override equivalent RealVNC Viewer parameters unless otherwise stated.
- Changes made to parameters in the Options > Expert dialog box take effect as soon as the Apply button is clicked, unless otherwise stated.
AcceptCutText
Platform | Default value |
---|---|
All | TRUE |
Specify FALSE
to prevent connected VNC Viewer users pasting text to the VNC Server computer.
See also: SendCutText, ClipboardFT
AcceptKeyEvents
Platform | Default value |
---|---|
All | TRUE |
Specify FALSE
to prevent connected VNC Viewer users controlling the VNC Server computer using their keyboards.
Use in conjunction with AcceptPointerEvents to make connections view-only, and with AcceptCutText, SendCutText, ShareFiles, and EnableChat to prevent all user interaction with the computer.
AcceptPointerEvents
Platform | Default value |
---|---|
All | TRUE |
Specify FALSE
to prevent connected VNC Viewer users controlling the VNC Server computer using their mice.
Use in conjunction with AcceptKeyEvents to make connections view-only, and with AcceptCutText, SendCutText, ShareFiles, and EnableChat to prevent all user interaction with the computer.
AllowChangeDefaultPrinter
Platform | Subscription | Default value |
---|---|---|
All | Enterprise, Professional | TRUE |
Specify FALSE
to prevent the VNC Server computer’s default printer being changed to that of the first VNC Viewer computer that connects.
*This parameter is ignored unless EnableRemotePrinting is TRUE
.
AllowCloudRelay
Platform | Default value | Since |
---|---|---|
All | TRUE |
6.4.0 |
Specify FALSE
to prevent cloud connections to the VNC Server computer if they would be relayed via RealVNC’s cloud service.
All cloud connections are brokered by RealVNC’s cloud service. Where possible, the cloud service then negotiates peer-to-peer sessions between endpoints, so session data is transmitted directly between them; this is likely to be more performant. However, intermediate network hardware may mean this is not possible, so the cloud service automatically falls back to relaying session data; this ensures cloud connections succeed. Note that session data relayed via our cloud service is encrypted end-to-end, so cannot be deciphered by RealVNC, nor anyone else.
Setting this parameter to FALSE
will cause an unquantifiable percentage of cloud connections to fail. However, it may be useful in the context of some regulatory compliance regimes, to guarantee that session data will never be transmitted via third party servers.
An equivalent VNC Viewer AllowCloudRelay parameter is available to prevent cloud connections from particular desktop computers.
See also: AllowCloudRfb
AllowCloudRfb
Platform | Default value | Since |
---|---|---|
All | TRUE |
6.0.0 |
*This parameter has no effect unless cloud connectivity has been enabled for the VNC Server computer.
Specify FALSE
to prevent cloud connections to VNC Server. Existing cloud connections are not terminated.
See also: AllowIpListenRfb, AllowCloudRelay
AllowDynamicResolution
Platform | Default value | Since |
---|---|---|
Linux | TRUE |
7.6.0 |
*This parameter applies to Virtual Mode only.
Allow VNC Viewer to change the resolution of the VNC Server.
When set to TRUE
, the RealVNC Server's virtual desktop resolution will be changed to match the connected RealVNC Viewer application window size.
AllowIpListenRfb
Platform | Subscription | Default value |
---|---|---|
All | Enterprise | TRUE |
*This parameter was called AllowTcpListenRfb
until version 6.4.0.
Specify FALSE
to prevent direct connections to VNC Server. Existing direct connections are not terminated.
See also: RfbPort, IpListenAddresses, IpListenProtocols AllowCloudRfb
AlwaysShared
Platform | Default value |
---|---|
All | FALSE |
Specify TRUE
or FALSE
in conjunction with NeverShared, DisconnectClients, and the VNC Viewer Shared parameter to determine whether just one or multiple VNC Viewer users can connect to and control the VNC Server computer at the same time.
AlwaysShared | NeverShared | DisconnectClients | Shared | Concurrent connections allowed? |
---|---|---|---|---|
TRUE |
FALSE |
ignored | ignored | Yes. |
FALSE |
TRUE |
TRUE |
ignored | No. A new user will disconnect an existing user. |
FALSE |
TRUE |
FALSE |
ignored | No. A new user will not be able to connect. |
FALSE |
FALSE |
ignored | TRUE |
Yes. |
FALSE |
FALSE |
TRUE |
FALSE |
No. A new user will disconnect an existing user. |
FALSE |
FALSE |
FALSE |
FALSE |
No. A new user will not be able to connect. |
AlwaysShowCursor
Platform | Default value | Since |
---|---|---|
Windows | FALSE |
6.11.0 |
Always show a mouse cursor, even when Windows doesn't provide one.
AudioEnable
Platform | Default value | Since |
---|---|---|
All | <subscription-specific> | 6.6.0 |
This enables capturing and sending audio to connected Viewers from audio-capable Servers.
Authentication
Platform | Default value | Since |
---|---|---|
All | <subscription-specific> | 5.3.0 |
*This parameter replaces SecurityTypes from version 5.3.0, in conjunction with Encryption.
If you have an Enterprise or Professional subscription, specify the authentication scheme to use for VNC Server.
*Do not edit this parameter if you have a Home subscription, or remote access will not be available.
Authentication scheme | Parameter value | How does a VNC Viewer user authenticate? |
---|---|---|
VNC password | VncAuth |
A password specific to VNC Server. |
System authentication | SystemAuth |
User account (system login) credentials. |
Interactive system authentication (Mac / Linux only) |
InteractiveSystemAuth |
User account email, and then responses to one or more PAM modules. |
Single sign-on |
Note: when Single sign-on is selected using the Authentication dropdown in VNC Server's Options it sets a parameter value of SingleSignOn,SystemAuth to allow for fallback. |
User account credentials, provided transparently. |
Smartcard/certificate store | Certificate |
An X.509 certificate, provided transparently. |
System authentication + RADIUS authentication | SystemAuth+Radius |
User account credentials, and then responses to a third party RADIUS server. |
System authentication + Duo authentication | SystemAuth+Duo |
User account credentials, and then responses to Duo 2FA. |
None |
|
Not recommended |
Note that:
-
VncAuth
is the only scheme that allows direct connections from non-RealVNC VNC Viewers. - You can configure VNC Server to prompt for a fallback authentication method if the primary authentication fails by using the
,
character. For example, SingleSignOn,SystemAuth means VNC Server will try to authenticate the connecting VNC Viewer using Single Sign On and if this fails, use System Authentication instead. - You can create your own multi-factor custom authentication scheme by using the
+
character to require VNC Server to check multiple authentication types. For example, Certificate+SystemAuth means VNC Server requires the connecting VNC Viewer user to pass both Certificate Authentication and System Authentication. - Only specify
None
for direct connections to internal computers only, and never for direct connections to computers over the Internet, nor for cloud connections. A simple port scanning attack could see your computer taken over by a malicious entity.
See also: Encryption
AuthTimeout
Platform | Default value |
---|---|
All | 900 |
Specify a number of seconds to give connecting VNC Viewer users time to enter authentication credentials. After this, connections are rejected, even if the correct credentials are supplied.
Specify 0
to give connecting users unlimited time.
*This parameter is ignored if Authentication is set to None
.
See also: BlacklistThreshold, IdleTimeout
AutoLogonOverride
Platform | Mode | Default value |
---|---|---|
Windows | Service | FALSE |
Specify TRUE
to allow connected VNC Viewer users pressing the Shift key while logging off from the VNC Server computer to override the ForceAutoLogon
and IgnoreShiftOverride
Windows Registry values, and show the login screen. This enables connected users to choose a different user account to log back on to.
By default, the Shift key press is ignored and the same user account is automatically logged back on.
BlacklistThreshold
Platform | Default value |
---|---|
All | 5 |
Specify a number of unsuccessful authentication attempts that can be made from a VNC Viewer computer (identified by its IP address) before all connections from that computer are rejected for BlacklistTimeout. This may help protect against brute-force dictionary attacks on the VNC Server password.
*This parameter is ignored if Authentication is set to None
. Under Linux, if Authentication
is SystemAuth
, the underlying authentication system may also provide a protection mechanism after 10 unsuccessful attempts.
Specify 0
to allow unlimited unsuccessful authentication attempts from a VNC Viewer computer.
BlacklistTimeout
Platform | Default value |
---|---|
All | 10 |
Specify a number of seconds during which connections from the VNC Viewer computer identified by BlacklistThreshold are forbidden. After this time, one further unsuccessful authentication attempt is permitted before BlacklistTimeout
is doubled and applied again.
*To reset BlacklistThreshold and BlacklistTimeout
to their original values, restart VNC Server.
BlankScreen
Platform | Default value |
---|---|
Windows | FALSE |
Specify TRUE
to blank the monitor of the VNC Server computer when VNC Viewer users are connected, in order to protect their privacy. More information.
CaptureMethod
Platform | Mode | Default value |
---|---|---|
All | Service, User | 0 |
*This parameter was called UpdateMethod
until version 5.3.0.
Specify one of the values in the platform-specific section below to determine the method used by VNC Server to capture changes to the computer desktop, in order to send screen updates to VNC Viewer. Note all connections must be terminated before changes to this parameter take effect.
Windows
-
0
to use the optimal method using DirectX. -
1
to poll the display system for changes to the entire desktop. This may be the slowest method, but can be useful to track changes to applications that interface directly with the graphics card.
macOS
-
0
to use the optimal method. This uses ScreenCaptureKit if it is available (macOS 13 and later), otherwise DisplayStream is used. -
1
to use CGScreen callbacks. -
2
to use DisplayStream.
Linux
-
0
to use the optimal method, which is the DAMAGE extension if it is enabled and responsive, and to fall back to polling if not. -
1
to poll the display system for changes to the entire desktop. This may be the slowest method, but can be useful to track changes to applications that interface directly with the graphics card. -
2
to force use of the DAMAGE extension, and not fall back to polling. If DAMAGE is not working correctly, some regions may not update correctly but CPU utilization will be minimized.
See also: UseCaptureBlt, PollInterval
ClipboardFT
Platform | Subscription | Default value |
---|---|---|
Windows | Enterprise, Professional | TRUE |
Specify FALSE
to prevent connected VNC Viewer users on Windows computers exchanging files with the VNC Server computer using the standard operating system copy and paste mechanism.
*VNC Server must be restarted in order for a change to this parameter to take effect. In addition, this parameter is ignored unless AcceptCutText and SendCutText are both TRUE
.
See also: ShareFiles
CompareFB
Platform | Default value |
---|---|
All | TRUE |
Specify TRUE
to perform pixel comparison on framebuffer to reduce unnecessary updates.
ConnectToExisting
Platform | Subscription | Mode | Default value |
---|---|---|---|
Linux | Enterprise | Virtual Daemon | 0 |
Specify 1
to cause individual virtual desktops created on demand by the vncserver-virtuald
daemon
to persist when their VNC Viewer user disconnects. When the VNC Viewer user reconnects to the daemon using the same authentication credentials, that user is redirected to their still-running virtual desktop.
By default, a virtual desktop created on demand by the daemon is destroyed when the last VNC Viewer user disconnects.
ConnNotifyAlways
Platform | Default value |
---|---|
All | FALSE |
Specify TRUE
to display the name of the connected user throughout the session, or the most recently connected if more than one.
ConnNotifyStyle
Platform | Default value | Since |
---|---|---|
All |
|
7.11.0 |
The style of connection and disconnection notification messages. Specify a comma-separated list of zero or more of Movable
, Closable
, Minimizable
, NoSystem
.
ConnNotifyTimeout
Platform | Default value |
---|---|
All | 4 |
Specify a number of seconds between 1
and 255
to display connection and disconnection notification messages for.
Specify 0
to disable notification messages.
See also: QueryConnect
ConnTimeout
Platform | Default value |
---|---|
All | 0 |
Specify a number of seconds for connections to last. By default there is no timeout, though IdleTimeout disconnects if the VNC Viewer user is inactive.
DaemonPort
Platform | Subscription | Mode | Default value |
---|---|---|---|
Linux | Enterprise | Virtual Daemon | 5999 |
Specify a number between 1
and 65535
representing an available port on which the vncserver-virtuald
daemon
can listen for direct connection requests from VNC Viewer, in order to create virtual desktops on demand.
Desktop
Platform | Default value |
---|---|
All | <mode-specific> |
Specify a name for the VNC Server computer desktop to display on the title bar of connected VNC Viewer app windows.
*VNC Server must be restarted in order for a change to this parameter to take effect.
DisableAddNewClient
Platform | Subscription | Default value |
---|---|---|
All | Enterprise | FALSE |
Specify TRUE
to disable the Connect to Listening VNC Viewer option on the VNC Server shortcut menu, preventing users establishing reverse direct connections via the user interface. Note that reverse direct connections can still be established from the command line.
See also: DisableTrayIcon, DisableClose, DisableOptions
DisableAero
Platform | Default value |
---|---|
Windows | FALSE |
Specify TRUE
to disable Windows Aero (the default graphical user interface and theme in most editions of Windows Vista and 7) while sessions are in progress. This may improve performance. This option has no effect since Windows 8.
See also: DisableEffects, RemovePattern, RemoveWallpaper
DisableClose
Platform | Default value |
---|---|
All | FALSE |
Specify TRUE
to disable the Stop VNC Server option on the VNC Server shortcut menu, preventing users stopping VNC Server via the user interface.
*VNC Server can still be stopped from the command line, or (for example) using Control Panel > Administrative Tools > Services under Windows.
See also: DisableTrayIcon, DisableClose, DisableOptions
DisableEffects
Platform | Default value |
---|---|
Windows | FALSE |
Specify TRUE
to disable particular graphical user interface effects such as font smoothing while sessions are in progress. This may improve performance.
See also: DisableAero, RemovePattern, RemoveWallpaper
DisableFileTransferAtLockScreen
Platform | Default value | Since |
---|---|---|
Windows | FALSE |
7.10.0 |
Specify TRUE
to prevent connected VNC Viewer users from transferring files while the RealVNC Server computer's desktop is locked.
DisableLocalInputs
Platform | Default value |
---|---|
Windows | FALSE |
Specify TRUE
to disable the keyboard and mouse of the VNC Server computer while sessions are in progress, preventing a local user interrupting connected VNC Viewer users.
See also: AcceptKeyEvents
DisableOptions
Platform | Default value |
---|---|
All | FALSE |
Specify TRUE
to disable the Options option on the VNC Server shortcut menu, preventing users configuring VNC Server via the user interface.
*VNC Server can still be configured from the command line.
See also: DisableAddNewClient, DisableClose, DisableTrayIcon
DisableTrayIcon
Platform | Default value |
---|---|
All | 0 |
Specify one of the following values to control the appearance of the VNC Server icon in the notification tray (Windows and Linux) or on the Status Bar (Mac):
-
0
to show the VNC Server icon at all times. -
1
to hide the VNC Server icon while no sessions are in progress, preventing a local user performing certain operations via the user interface. The icon is shown when a connection is first established. -
2
to hide the VNC Server icon permanently. This is effective only for special license keys.
If you are interested in acquiring a special license key to enable this feature please contact our sales team.
See also: DisableAddNewClient, DisableClose, DisableOptions
DisconnectAction
Platform | Mode | Default value |
---|---|---|
Windows, Mac | Service | NONE |
Specify one of the following values to determine the behavior of the VNC Server computer when the last user disconnects (or is disconnected):
-
None
to leave the computer ‘as is’ (that is, potentially with a user account logged on). -
Lock
to lock the computer. Connections can immediately be re-established, but at least one connected VNC Viewer user must know how to unlock the computer in order to continue. - Either:
- Under Windows,
Logoff
to log the current user account out. Connections can immediately be re-established, but at least one connected user must log on to a user account in order to continue. - Under Mac,
StartScreensaver
to start the screen saver.
- Under Windows,
DisconnectClients
Platform | Default value |
---|---|
All | TRUE |
See AlwaysShared.
display
Platform | Mode | Default value |
---|---|---|
Linux | Service, User |
Specify the X Window display and optionally the screen number to remote to connected VNC Viewer users, for example :1.0
.
See also: DisplayDevice, Monitor
DisplayDevice
Platform | Default value |
---|---|
Windows |
Specify the name of a particular monitor or similar device attached to the VNC Server computer to remote to connected VNC Viewer users, for example \\.\Display1
. Available names (IDs) are shown on the Diagnostics page of the Information Center dialog.
By default, or if the value is not recognized, all monitors are remoted.
Dscp
Platform | Default value | Since |
---|---|---|
All | 0 |
7.0.0 |
Value to classify network traffic to provide Quality of Service.
DuoDeviceChoice
Platform | Default value | Since |
---|---|---|
All | BestDevice |
7.1.0 |
Whether to list all methods for all devices (AllDevices), or the best device for each method (BestDevice).
DynamicResolutionMaxSize
Platform | Default value | Since |
---|---|---|
Linux |
|
7.6.0 |
*This parameter applies to Virtual Mode (Xvnc) only.
Maximum resolution that the display can be dynamically set to.
When blank, RealVNC Server uses the largest resolution specified using the RandR parameter and/or -geometry switch if set, or 1024 x 768.
EnableAnalytics
Platform | Default value | Since |
---|---|---|
All | FALSE |
6.0.0 |
Specify TRUE
to allow RealVNC to collect anonymous usage data to help improve our products.
EnableAutoUpdateChecks
Platform | Default value |
---|---|
All | <subscription-specific> |
Specify:
-
0
to prevent VNC Server automatically checking for critical software patches and product updates to which you are entitled every UpdateCheckFrequencyDays. -
1
to ensure VNC Server automatically checks. -
2
to cause VNC Server to prompt for one of the options above at install-time.
See also: EnableManualUpdateChecks
EnableChat
Platform | Subscription | Default value |
---|---|---|
All | Enterprise, Professional | FALSE |
Specify FALSE
to prevent connected VNC Viewer users participating in chat sessions.
EnableManualUpdateChecks
Platform | Default value |
---|---|
All | TRUE |
Specify FALSE
to disable the Check for updates option on the VNC Server shortcut menu, preventing checking for critical software patches or product updates.
See also: EnableAutoUpdateChecks
EnableRemotePrinting
Platform | Subscription | Default value |
---|---|---|
All | Enterprise, Professional | TRUE |
Specify FALSE
to prevent connected VNC Viewer users printing VNC Server computer files to their local printers.
See also: AllowChangeDefaultPrinter
EnableScreenRecording
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | TRUE |
6.8.0 |
Allow connected VNC Viewer users to record sessions.
Encryption
Platform | Default value | Since |
---|---|---|
All | AlwaysOn | 5.3.0 |
*This parameter replaces SecurityTypes from version 5.3.0, in conjunction with Authentication.
Determine, in conjunction with VNC Viewer, whether:
- Remote control sessions are upgraded to 256-bit AES (available for both cloud connections and direct connections).
- The initial exchange of authentication credentials is encrypted, but subsequent sessions are unencrypted (direct connections only). Turning encryption off may register a small performance benefit, but data may be decipherable if intercepted by malicious parties.
By default, AlwaysOn
means that sessions are encrypted end-to-end using 128-bit AES. From the table below, choose a different value appropriate to the level of encryption you wish VNC Server to offer.
Encryption preference | Parameter value | Connection method |
---|---|---|
Always Maximum | AlwaysMaximum |
Cloud and direct |
Always on | AlwaysOn |
Cloud and direct |
Prefer on | PreferOn |
Direct only |
Prefer off | PreferOff |
Direct only |
Always off | AlwaysOff |
Direct only |
Note that the actual level of encryption that results for a connection depends upon the preference set by the connecting user; see the VNC Viewer Encryption parameter. Note some combinations prevent VNC Viewer users being able to connect:
VNC Server Encryption parameter | VNC Viewer Encryption parameter | Resulting level of encryption |
---|---|---|
AlwaysMaximum |
Server |
256-bit AES |
AlwaysMaximum |
256-bit AES | |
AlwaysOn |
256-bit AES | |
PreferOn |
256-bit AES | |
PreferOff |
256-bit AES | |
AlwaysOn |
Server |
128-bit AES |
AlwaysMaximum |
256-bit AES | |
AlwaysOn |
128-bit AES | |
PreferOn |
128-bit AES | |
PreferOff |
128-bit AES | |
PreferOn |
Server |
128-bit AES |
AlwaysMaximum |
256-bit AES | |
AlwaysOn |
128-bit AES | |
PreferOn |
128-bit AES | |
PreferOff |
Unencrypted direct connection | |
PreferOff |
Server |
Unencrypted direct connection |
AlwaysMaximum |
256-bit AES | |
AlwaysOn |
128-bit AES | |
PreferOn |
128-bit AES | |
PreferOff |
Unencrypted direct connection | |
AlwaysOff |
Server |
Unencrypted direct connection |
AlwaysMaximum |
Cannot connect | |
AlwaysOn |
Cannot connect | |
PreferOn |
Unencrypted direct connection | |
PreferOff |
Unencrypted direct connection |
See also: Authentication
FloorControlAllowLegacyClients
Platform | Default value | Since |
---|---|---|
All | 1 |
7.12.0 |
Specify one of the following values to determine whether legacy VNC Viewer users can connect when FloorControlEnable is TRUE
.
-
0
to disallow legacy users VNC Viewer users to connect. -
1
to allow legacy VNC Viewer users to connect in view only mode. -
2
to allow legacy VNC Viewer users to control if no other user has control.
FloorControlEnable
Platform | Default value | Since |
---|---|---|
All | FALSE |
7.12.0 |
Specify TRUE
to enable floor control so that only one VNC Viewer user has control of this computer at a time.
GuestAccessEnable
Platform | Subscription | Default value |
---|---|---|
All | Enterprise | FALSE |
*This parameter was called EnableGuestLogin
until version 6.5.0.
Specify TRUE
to turn on the Guest Login option on the VNC Server shortcut menu, allowing particular connecting VNC Viewer users to bypass the VNC Server authentication scheme.
*This parameter is ignored if GuestPermissions is set to 0
.
GuestPermissions
Platform | Subscription | Default value |
---|---|---|
All | Enterprise |
*This parameter was called GuestAccess
until version 6.5.0.
Determine whether VNC Viewer users can establish direct connections (not cloud connections) as guests, bypassing the VNC Server authentication scheme. In addition, grant session permissions to connected guests.
*For a value other than 0
, GuestAccessEnable must also be set to TRUE
.
Specify a value consisting of one or particular combinations of the following characters:
-
0
or empty to prevent users connecting as guests, even if GuestAccessEnable isTRUE
. -
s
to allow connected guests to view the desktop. Note that omitting this value means guests see a blank screen. -
v
to give connected guests a view-only set of permissions (equivalent tos
in this release). -
k
to allow connected guests to exercise control using their keyboards (subject to AcceptKeyEvents). -
p
to allow connected guests to exercise control using their mice (subject to AcceptPointerEvents). -
c
to allow connected guests to copy and paste text between the computers (subject to SendCutText and AcceptCutText). - l to allow connected users to hear audio from the desktop (subject to AudioEnable).
-
t
to allow connected guests to transfer files between the computers (subject to ShareFiles). -
r
to allow connected guests to print to local printers (subject to EnableRemotePrinting). -
h
to allow connected guests to chat (subject to EnableChat). -
w
to allow connected users to record sessions (subject to EnableScreenRecording). -
d
to give connected guests a default set of permissions (equivalent toskpctrh
). -
q
to allow connected guests to bypass accept/reject prompts (subject to QueryConnect). -
f
to give connected guests a full set of permissions (equivalent todq
).
For example, skpc
grants connected guests viewing (s
), controlling (k
and p
), and copy and paste (c
) permissions. The other permissions are omitted, which means the corresponding features are not available.
HideOSKWindow
Platform | Default value | Since |
---|---|---|
Windows | FALSE |
7.11.0 |
Specify TRUE
to prevent the On-Screen Keyboard (osk.exe) from being displayed to connected VNC Viewers.
IdleTimeout
Platform | Default value |
---|---|
All | 3600 |
Specify a number of seconds to wait before disconnecting VNC Viewer users who have not interacted with the VNC Server computer during that time.
Specify 0
to never disconnect idle users.
See also: DisconnectAction
IpClientAddresses
Platform | Subscription | Default value |
---|---|---|
All | Enterprise | + |
*This parameter was called hosts
until version 6.4.0.
Filter incoming direct connections by IP address. VNC Viewer computers can either be permitted to connect, be rejected, or be flagged up for verification by a VNC Server computer (or an already-connected) user. Note that the default +
value permits direct connections from all VNC Viewer computers.
*This parameter does not filter cloud connections.
Specify an ordered, comma-separated list of actions and network addresses, each of the form:
<action><ip address-or-range>
where <action>
is either:
-
+
to permit direct connections -
-
to reject direct connections -
?
to flag direct connections
and <ip address-or-range>
is either a particular IP address, or a range suffixed by a forward slash (/
) and either a subnet mask (for example 192.168.0.187/255.255.0.0
) or the number of bits in the routing prefix (for example 192.168.0.187/24
).
Consider the following example:
+192.168.0.1,?192.168.4.0/255.255.255.0,-
- The first entry permits direct connections from a VNC Viewer computer with the IP address
192.168.0.1
. - The second entry flags direct connections from any VNC Viewer computer situated in the
192.168.4
subnet. - The third entry rejects direct connections from all other VNC Viewer computers.
To exclude particular addresses (or small ranges) from within an included range, add the address and suitable subnet mask before the include entry and prefix with –
.
See also: localhost
IpListenAddresses
Default value
Platform | Subscription | |
---|---|---|
All | Enterprise |
*This parameter was called TcpListenAddresses
until version 6.4.0.
Specify one or more IP addresses owned by the computer (separated by commas) to restrict VNC Server to listening on just those addresses for direct connections. Alternatively, specify:
-
0.0.0.0
to listen on all IPv4 addresses, but not IPv6. -
[::]
to listen on all IPv6 addresses, but not IPv4.
By default, VNC Server listens on all available addresses for direct connections.
See also: AllowIpListenRfb, IpListenProtocols
IpListenProtocols
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise | TCP,UDP |
6.4.0 |
Specify just TCP
to prevent direct connections that would use the UDP protocol, and vice versa.
See also: AllowIpListenRfb, IpListenAddresses
KerberosServicePrincipalName
Platform | Subscription | Default value |
---|---|---|
Mac, Linux | Enterprise | host/<computer-name> |
*This parameter was called KerberosPrincipalName
until 6.3.2.
Specify the ‘host’ service principle name as it is registered for the VNC Server computer with the domain controller, for example host/papaya.dev.acmecorp.com
. This may be useful if connecting VNC Viewer users are experiencing problems authenticating automatically to VNC Server.
*This parameter is ignored unless Authentication is set to SingleSignOn
.
KeyEventMethod
Platform | Default value | Since |
---|---|---|
Mac | CGPostKeyboardEvent |
7.9.0 |
Method to use for injecting key events (CGPostKeyboardEvent
, CGEventPost
, IOHIDPostEvent
).
LdapCertificateCrlLimit
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | 26214400 |
6.2.1 |
Specify a maximum size (in bytes) of the CRL (certificate revocation list) that VNC Server should download.
See also: LdapCertificateRevocation, LdapCertificateUserStore
LdapCertificateIntermediateStore
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | <platform-specific> | 6.1.0 |
Specify the location of an intermediate certificate store for verifying the public key certificates of connecting VNC Viewer users.
The values file://
and ldap://
are supported on every platform. enterprise://
is additionally supported under Windows.
See also: LdapCertificateUserStore
LdapCertificateRevocation
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | Enforce |
6.1.0 |
Specify:
-
CheckIfAvailable
to skip if OCSP cannot be checked, or the CRL (certificate revocation list) cannot be fetched. -
Ignore
to bypass OCSP and CRL checking. -
EnforceOcsp
to enforce OCSP, and not fall back to CRL (requires VNC Server 6.3.0+).
By default, Enforce
checks certificates fetched from LDAP for revocation using OCSP, falling back to CRL.
See also: LdapCertificateCrlLimit, LdapCertificateUserStore
LdapCertificateTrustStore
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | <platform-specific> | 6.1.0 |
Specify the location of a trusted root certificate store for verifying the public key certificates of connecting VNC Viewer users.
The values file://
and ldap://
are supported on every platform. enterprise://
is additionally supported under Windows.
See also: LdapCertificateUserStore
LdapCertificateUserStore
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | <platform-specific> | 6.1.0 |
Identify the domain controller hosting the LDAP server that will verify the public key certificates of connecting VNC Viewer users, when VNC Server is set up to use smartcard/certificate store authentication.
The domain controller URL should take the form ldap[s]://[credentials@][host]/[search-base]
, where credentials@
is either:
-
GSSAPI@
for Kerberos authentication. -
binddn:password@
for a simple bind. - empty for anonymous access.
If host
or search-base
is omitted, the system default is used. If you are not using LDAPS, see LdapSecurity.
See also: LdapCertificateTrustStore, LdapCertificateIntermediateStore
LdapSecurity
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | Auto |
6.1.0 |
Specify the LDAP security to use if not LDAPS:
-
Auto
to use signatures with Kerberos and StartTLS with simple binding. -
StartTLS
to always use StartTLS. -
None
to disable LDAP encryption (not recommended).
See also: LdapCertificateUserStore
LeftCmdKey
Platform | Default value |
---|---|
Mac | Alt_L |
Map one of the following keysyms received from VNC Viewer to the left Command key:
Alt_L
Alt_R
Super_L
Super_R
ExtendedChars
The default value of Alt_L
means that, for connections from:
- Windows or Linux computers with PC keyboards, connected users can press the left Alt key to simulate a press of the left Command key.
- Mac computers, it is recommended you do not change this parameter unless you are also able to make the same change to the VNC Viewer LeftCmdKey parameter, which by default maps the left Command key to the
Alt_L
keysym.
Note that ExtendedChars
refers to the key typically used to create extended characters, for example AltGr on non-US PC keyboards.
*This parameter is ignored unless AcceptKeyEvents is TRUE
.
See also: LeftOptKey, RightCmdKey, RightOptKey
LeftOptKey
Platform | Default value |
---|---|
Mac | ExtendedChars |
See LeftCmdKey, but for the left Option key.
Locale
Platform | Default Value |
---|---|
All |
Specify one of the following values to choose a display language for VNC Server:
-
en_US
for English -
fr_FR
for French -
de_DE
for German -
es_ES
for Spanish
By default, this parameter is empty, and the VNC Server user interface inherits the desktop language of the currently logged-on computer user, or falls back to English if this language has not yet been translated in the software.
There are two aspects to the display language; specifying this parameter in different locations enables these aspects to be controlled separately (if required):
- The language in which the VNC Server user interface is displayed. Note VNC Server must be restarted in order for any change to take effect.
- The language in which connectivity and other messages are transmitted to VNC Viewer users.
To change the user interface language, specify the Locale
parameter:
- Under Windows, in the
Software\RealVNC\vncserverui-service
(Service Mode) orSoftware\RealVNC\vncserverui-user
(User Mode) Registry key. Note these keys are both in theHKEY_CURRENT_USER
hive. - Under Linux, in the
vncserverui-service
(Service Mode),vncserverui-user
(User Mode), orvncserverui-virtual
(Virtual Mode) VNC configuration file. You can create these files if they do not exist in any appropriate location in this table. - Under Mac, in the
vncserverui-service
(Service Mode) orvncserverui-user
(User Mode) VNC configuration file. You can create these files if they do not exist in any appropriate location in this table.
To change the language of transmitted messages, you can either edit the Locale
parameter in the VNC Server Options > Expert dialog box, or alternatively:
- Under Windows, in the
HKEY_LOCAL_MACHINE\Software\RealVNC\vncserver
(Service Mode) orHKEY_CURRENT_USER\Software\RealVNC\vncserver
(User Mode) Registry key. - Under Linux, in the
/root/.vnc/config.d/vncserver-x11
(Service Mode),~/.vnc/config.d/vncserver-x11
(User Mode), or~/.vnc/config.d/Xvnc
(Virtual Mode) VNC configuration file. - Under Mac, in the
/var/root/.vnc/config.d/vncserver
(Service Mode) or~/.vnc/config.d/vncserver
(User Mode) VNC configuration file.
*Under Linux and Mac, you can configure both language aspects together (and for all programs) by specifying this parameter in a global location such as /etc/vnc/config.d/common.custom
.
localhost
Platform | Subscription | Default value |
---|---|---|
All | Enterprise | FALSE |
Specify TRUE
to only permit direct connections from VNC Viewer running on the same computer as VNC Server.
*This parameter does not affect cloud connections.
See also: IpClientAddresses
Log
Platform | Default value |
---|---|
All | <platform-specific> |
Record information about the main VNC Server process.
*It is possible to separately record information about sub-processes, for example the VNC Server service under Windows, and also for VNC Viewer.
Specify an ordered, comma-separated list of activities, each of the form:
<log>:<target>:<level>
where:
-
<log>
determines the type of activity to record, for example connection, printing or file transfer activity, or*
to record all. To see a list of available activities, examine the Log names section in the advanced help output (run the command<app> -help all
). -
<target>
determines the output destination:- Under Windows, either
stderr
,file
(configured using LogDir and LogFile), orEventLog
(to write to the Windows Event Log service). - Under Mac and Linux, either
syslog
(configured using SyslogFacility under Linux),stderr
orfile
.
- Under Windows, either
-
<level>
determines severity:0
includes only serious errors,10
includes basic audit information,30
includes general information, and100
includes all possible information, potentially including keystrokes.If you use SysLog,
<level>
translates as follows:0
is Syslog 3 (Error),1
to5
is 4 (Warning),6
to10
is 5 (Notice),11
to30
is 6 (Informational), and more than30
is 7 (Debug).
Consider the following example:
*:file:10,Connections:file:100
- The first entry (
*:file:10
) specifies that all activity is recorded to file at level 10. - The second entry (
Connections:file:100
) overrides this for connection activity, recording it (to the same file) at level 100.
LogDir
Platform | Default value |
---|---|
All | <platform-specific> |
Specify a directory in which VNC Server should create a LogFile, for example C:/Data/RealVNCLogs
. This location must be writable.
*This parameter is ignored unless at least one Log entry has an output destination of file
.
LogFile
Platform | Default value |
---|---|
All | <platform-specific> |
Specify a name for the file VNC Server should create in LogDir, for example realvnc-debug.log
.
*This parameter is ignored unless at least one Log entry has an output destination of file
.
MaxDesktops
Platform | Default | Since |
---|---|---|
Linux | 7.12.0 |
Specify the maximum number of Virtual Mode desktops to allow on this machine.Please note that the MaxDesktops
parameter does not appear in the VNC Server Options > Expert dialog box.
Monitor
Platform | Default value |
---|---|
Mac, Linux | -1 |
Specify the number of a particular monitor or similar device attached to the VNC Server computer to remote to connected VNC Viewer users, for example 0
for the primary monitor, 1
for a secondary monitor, and so on.
*All existing sessions must be terminated in order for a change to this parameter to take effect.
By default, or if the value is not recognized, all monitors are displayed.
See also: DisplayDevice, display
NeverShared
Platform | Default value |
---|---|
All | FALSE |
See AlwaysShared.
NtLogonAsInteractive
Platform | Subscription | Default value |
---|---|---|
Windows | Enterprise, Professional | FALSE |
Specify TRUE
to establish connections as Interactive logon type 2 rather than Network logon type 3.
*This parameter is ignored unless Authentication includes SystemAuth
.
This may be useful if user accounts valid for logging on to the VNC Server computer (and whose credentials VNC Viewer users therefore supply in order to connect) are not accorded the higher privileges of the Network logon type, and would consequently be rejected. Alternatively, if network access to a domain controller cannot be guaranteed, connections may be more reliable since the Interactive logon type caches credentials.
See also: Permissions
PamAccountCheck
Platform | Subscription | Default value |
---|---|---|
Linux, Mac | Enterprise, Professional | TRUE |
Specify FALSE
to check just PAM authentication rules. By default, PAM account rules are checked as well.
*This parameter is ignored unless Authentication includes SystemAuth
.
This may be useful if connecting VNC Viewer users are experiencing problems authenticating to VNC Server, since account rule checks must be run as root.
See also: PamApplicationName
PamApplicationName
Platform | Subscription | Default value |
---|---|---|
Linux, Mac | Enterprise, Professional | vncserver |
Specify vncserver.custom
to use the custom PAM library and authentication and account rules specified in the /etc/pam.d/vncserver.custom
file.
*This parameter is ignored unless Authentication includes SystemAuth
.
Under Linux, this may be useful to enable connecting users to authenticate to VNC Server using the credentials of domain accounts.
See also: PamAccountCheck
Password
Platform | Default value |
---|---|
All |
Specify a password specific to VNC Server in the correct obfuscated format.
*This parameter is ignored unless Authentication is set to VncAuth
.
This parameter is normally set automatically when you install VNC Server or attempt to run it for the first time. It is not normally necessary to set it manually. For this reason, it does not appear in the VNC Server Options > Expert dialog box.
You can set this parameter manually in policy template files. Use the vncpasswd utility with the -print
flag to generate a password in the correct format.
Permissions
Platform | Subscription | Default value |
---|---|---|
All | Enterprise, Professional | <platform-specific> |
Register user accounts or groups with VNC Server so connecting VNC Viewer users are able to authenticate. In addition, grant session permissions to use remote control features while connections are in progress.
*This parameter is ignored if Authentication is set to VncAuth
. Note also that VNC Permissions Creator is freely available to help create a permissions string in the correct format for VNC Server.
Certain user accounts/groups are pre-registered to provide connectivity out-of-the-box. More information on setting up domain accounts under Linux is available here.
Specify a comma-separated list of users/groups and permissions, each of the form:
<name>:<feature>
where <name>
is the name of a valid user account, preceded by %
to distinguish a group, and <feature>
is a string consisting of particular combinations of at least one of the following characters:
-
s
to allow connected users to view the desktop. Note that omitting this value means users see only a blank screen. -
v
to give connected users a view-only set of permissions (equivalent tos
in this release). -
k
to allow connected users to exercise control using their keyboards (subject to AcceptKeyEvents). -
p
to allow connected users to exercise control using their mice (subject to AcceptPointerEvents). -
c
to allow connected users to copy and paste between computers (subject to SendCutText and AcceptCutText). -
z
to allow connected users to blank the server screen while connected (subject to BlankScreen). -
l
to allow connected users to hear audio from the desktop (subject to AudioEnable). -
t
to allow connected users to transfer files between the computers (subject to ShareFiles). -
r
to allow connected users to print to local printers (subject to EnableRemotePrinting). -
h
to allow connected users to chat (subject to EnableChat). -
w
to allow connected users to record sessions (subject to EnableScreenRecording). -
d
to give connected users a normal set of permissions (equivalent toskpctrh
). -
q
to allow connected users to bypass accept/reject prompts (subject to QueryConnect). -
f
to give connected users an administrative set of permissions (equivalent todq
).
*Under Linux and Mac, you can omit <name>
to infer the VNC Server process owner (User Mode and Virtual Mode) or the root user account (Service Mode). Under Windows, you can use the built-in CREATOR OWNER
user to infer the VNC Server process owner (User Mode) or the currently-logged on user account (Service Mode).
Specifying a character corresponds to turning the Allow checkbox on for that feature on VNC Server’s Options > Users & Permissions page. Other behaviors can be modelled as follows:
- Omit a character to disallow that feature, corresponding to turning the Allow checkbox off. Note that for a group, this can be overridden by individual members. Alternatively, specify
-<feature>
to disallow that feature from a set, so for examplejohndoe:d-t
grants a normal set of permissions, with the exception of file transfer. -
!
to explicitly deny a feature, corresponding to turning the Deny checkbox on. This cannot be overridden.
*If you use -
(to disallow) and !
(to deny) then the order of characters must be allow > disallow > deny.
Consider the following example:
superuser:f,%vncusers:d,johndoe:v,janedoe:skp-t!r
- The
superuser
user account grants an administrative set of permissions. - The
vncusers
group grants a normal set of permissions. - The
johndoe
user account grants view-only permissions (assumingjohndoe
is not a member ofvncusers
). - The
janedoe
user account grants viewing (s
) and controlling permissions (k
andp
), disallows file transfer, and explicitly denies printing. No position is taken on copy and paste (c
) or chat (h
). Ifjanedoe
is a member ofvncusers
, then any grant of these permissions is inherited, and those two features are allowed. Ifjanedoe
is not a member ofvncusers
, then these features are disallowed.
PollCursorTime
Platform | Mode | Default value |
---|---|---|
Linux | Service, User | 100 |
Specify a number of milliseconds to wait before polling the display system for cursor movement.
PollInterval
Platform | Mode | Default value |
---|---|---|
Linux | Service, User | 50 |
Specify a number of milliseconds to wait before polling the display system for screen updates. A larger number may improve performance, at a potential risk of increasing latency.
ProtocolVersion
Platform | Default value |
---|---|
All |
If you have an Enterprise subscription and intend to establish direct connections only, specify a particular value to compel VNC Server to advertize only that version or lower of the underlying RFB protocol.
*Do not edit this parameter if you have a Home or Professional subscription, or an Enterprise subscription and intend to establish cloud connections, else remote access will not be available.
3.3
3.7
3.8
4.0
4.1
5.0
6.0
The lower the version, the wider the range of VNC-compatible Viewer technology from third parties able to establish direct connections, but the fewer the premium features (such as encryption, high-speed streaming, file transfer, printing, and chat) available to connected users.
By default, the latest version of the RFB protocol is advertized.
ProxyServer
Platform | Default value | Since |
---|---|---|
All | <system> |
6.0.0 |
Specify the proxy type, network address and port number of a proxy server if the VNC Server computer is protected by one, for example http://myhttpproxyserver.com:8080
or socks://mysocksproxyserver.com:8080
.
The default value of <system>
:
-
Under Windows, uses the proxy server settings of Microsoft Internet Explorer for VNC Server in User Mode.
*This default value is ignored by VNC Server in Service Mode. Use the netsh utility instead to specify a proxy server for all users that will be detected by VNC Server, for example
netsh winhttp set proxy <proxy-server>
. -
Under Linux, uses standard proxy server environment variables or
libproxy
. -
Under Mac, uses the proxy server settings of the Network system preference.
If the proxy server requires a password, run vncpasswd
to base64-encode that password and store it in the appropriate location for the VNC Server mode:
-
vncpasswd -type ProxyPassword -service -legacy
# VNC Server in Service Mode -
vncpasswd -type ProxyPassword -virtual -legacy
# VNC Server in Virtual Mode (Linux only) -
vncpasswd -type ProxyPassword -user -legacy
# VNC Server in User Mode
The vncpasswd
utility is located in the directory as VNC Server, and must be run with administrative privileges for Service Mode. Please note that the ProxyPassword
parameter does not appear in the VNC Server Options > Expert dialog box.
See also: ProxyUserName
ProxyUserName
Platform | Default value | Since |
---|---|---|
All | 6.0.0 |
Specify a user name if ProxyServer requires authentication.
QueryConnect
Platform | Default value |
---|---|
All | FALSE |
Specify TRUE
to display accept/reject prompts when particular VNC Viewer users connect. Either a local computer user (if one is present) or an already-connected VNC Viewer user can choose to accept connections, make connections view only, or reject them. If no-one is available, connections are automatically granted QueryTimeoutRights after QueryConnectTimeout.
*Some VNC Viewer users may have sufficient session permissions to bypass accept/reject prompts.
See also: QueryOnlyIfLoggedOn
QueryConnectTimeout
Platform | Default value |
---|---|
All | 10 |
Specify a number of seconds to display accept/reject prompts for. If no response is received (either from a local computer user or an already-connected VNC Viewer user) during this time, connections are automatically granted QueryTimeoutRights.
See also: QueryConnect
QueryOfferViewOnly
Platform | Default value | Since |
---|---|---|
All | TRUE |
6.2.0 |
Specify FALSE
to hide the view-only option from the accept/reject prompt, leaving only the reject and accept options.
See also: QueryConnect
QueryOnlyIfLoggedOn
Platform | Mode | Default value |
---|---|---|
All | Service, Virtual | FALSE |
Specify TRUE
to display accept/reject prompts only if a user account is currently logged on, and therefore a local computer user is likely to be present. (For VNC Server in Virtual Mode under Linux, the equivalent is if at least one VNC Viewer user is already connected, since no local computer user can be ‘present’ at a virtual desktop.)
*This parameter is ignored unless QueryConnect is TRUE
.
If no user account is logged on (or if no VNC Viewer user is connected in Virtual Mode), accept/reject prompts are not displayed and all connections are automatically granted QueryTimeoutRights.
QueryTimeoutRights
Platform | Default value |
---|---|
All |
Determine whether connections exceeding QueryConnectTimeout are accepted or rejected, and grant session permissions to connected VNC Viewer users.
*This parameter is ignored unless QueryConnect is TRUE
.
Specify a value consisting of one or particular combinations of the following characters:
- An empty value (
QueryTimeoutRights=
) to reject connections. -
s
to allow connected users to view the desktop. Note that omitting this value means users see a blank screen. -
v
to give connected users a view-only set of permissions (equivalent tos
in this release). -
k
to allow connected users to exercise control using their keyboards (subject to AcceptKeyEvents). -
p
to allow connected users to exercise control using their mice (subject to AcceptPointerEvents). -
c
to allow connected users to copy and paste text between computers (subject to SendCutText and AcceptCutText). -
z
to allow connected users to blank the server screen while connected (subject to BlankScreen). -
l
to allow connected users to hear audio from the desktop (subject to AudioEnable). -
t
to allow connected users to transfer files between computers (subject to ShareFiles). -
r
to allow connected users to print to local printers (subject to EnableRemotePrinting). -
h
to allow connected users to chat (subject to EnableChat). -
w
to allow connected users to record sessions (subject to EnableScreenRecording). -
d
to give connected users a default set of permissions (equivalent toskpctrh
).
For example, skpc
grants connected users viewing (s
), controlling (k
and p
), and copy and paste (c
) permissions. The other permissions are omitted, which means the corresponding features are not available.
See also: QueryOnlyIfLoggedOn
QuitOnCloseStatusDialog
Platform | Default value |
---|---|
All | FALSE |
Specify TRUE
to stop VNC Server if the VNC Server dialog is closed.
By default, closing merely hides the dialog; it can be shown again from the VNC Server icon under most operating systems.
RadiusAuthenticationProtocol
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | CHAP |
6.0.0 |
Specify PAP
to use the PAP authentication protocol. While CHAP is potentially more secure, the RADIUS server must have access to credentials stored in plaintext, so PAP is more widely supported.
See also: RadiusServer
RadiusNasId
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | vncserver |
6.0.0 |
Send the ‘Network Access Server’ identifier of the VNC Server computer to the RADIUS server.
Specify an empty value (RadiusNasId=
) to send the value of RadiusAddress.
See also: RadiusServer
RadiusNormalizeUsername
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | FALSE |
6.0.0 |
Specify TRUE
to strip the domain/realm component from user names when contacting the RADIUS server.
See also: RadiusServer
RadiusPacketInterval
Platform | Default value | Since |
---|---|---|
All | 1 | 7.12.1 |
The interval between RADIUS request packets (in seconds).
RadiusPrompt
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | RADIUS password: |
6.0.0 |
Specify the prompt VNC Viewer users see when authenticating to a RADIUS server.
Specify an empty value (RadiusPrompt=
) to initially send a blank password to the RADIUS server.
See also: RadiusServer
RadiusRequestPackets
Platform | Default value | Since |
---|---|---|
All | 4 | 7.12.1 |
The number of RADIUS request packets to send.
RadiusServer
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | 6.0.0 |
Identify the RADIUS server for connecting VNC Viewer users to authenticate against when VNC Server is set up to augment system authentication with RADIUS authentication.
You can specify additional RADIUS servers in case the primary server fails using a comma-separated list, for example <ip-address-1>:<port-number>, <ip-address-2>:<port-number>
.
If the RADIUS server requires a secret, run the vncpasswd utility as follows to base64-encode that secret and store it in the location expected by the VNC Server mode:
-
vncpasswd -type=RadiusSecret -service -legacy
# VNC Server in Service Mode -
vncpasswd -type=RadiusSecret -virtual -legacy
# VNC Server in Virtual Mode (Linux systems only) -
vncpasswd -type=RadiusSecret -user -legacy
# VNC Server in User Mode
Please note that the RadiusSecret
parameter does not appear in the VNC Server Options > Expert dialog box.
RandR
Platform | Subscription | Mode | Default value |
---|---|---|---|
Linux | Enterprise | Virtual |
Specify a comma-separated list of geometries to offer the RandR X Window extension, if enabled.
For example, specifying 1024x768,1280x1024,800x600
enables a connected VNC Viewer user to cycle between the three geometries by running the command xrandr -s <0|1|2>
.
RecordNotifyAlways
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | FALSE |
6.8.0 |
Display a continuous notification while the session is being recorded by a connected user. If this is True then the RecordNotifyDuration parameter is not used.
RecordNotifyDuration
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise, Professional | 4 |
6.8.0 |
The number of seconds to display session recording notification messages for, or 0 to disable notifications.
RecordQuery
Platform | Default value | Since |
---|---|---|
All | FALSE |
7.1.0 |
Show a prompt identifying each VNC Viewer user who requests session recording, enabling recording to be accepted or rejected.
RemapKeys
Platform | Default value |
---|---|
All |
Map or swap keyboard keys. This may be useful if VNC Viewer computer keyboards are likely to be different to the VNC Server computer keyboard.
Specify a comma-separated list of X Window hexadecimal keysyms, either of the form:
-
keysym<>keysym
to swap keysyms, for example0x22<>0x40
to swap"
and@
. -
keysym->keysym
to map from the first keysym to the second, for example0x6d->0x6e
to causem
to be interpreted asn
.
See also: AcceptKeyEvents
RemovePattern
Platform | Default value |
---|---|
Windows | FALSE |
Specify TRUE
to replace a repeating pattern on the VNC Server computer’s desktop (under old versions of Windows) with a plain background while a session is in progress. This may improve performance.
See also: RemoveWallpaper, DisableAero, DisableEffects
RemoveWallpaper
Platform | Default value |
---|---|
Windows | FALSE |
Specify TRUE
to replace a picture or photo on the VNC Server computer’s desktop with a plain background while a session is in progress. This may improve performance.
See also: RemovePattern, DisableAero, DisableEffects
RfbPort
Platform | Subscription | Default value |
---|---|---|
All | Enterprise | 5900 |
Specify a number between 1
and 65535
representing an available port on which VNC Server can listen for direct connections. Note that ports 1 to 1024 are restricted by some operating systems.
*This parameter is ignored if AllowIpListenRfb is FALSE
.
The default port, 5900, is registered for use by VNC Server with the Internet Assigned Numbers Authority (IANA), and does not need to be explicitly identified by connecting VNC Viewer users.
RightCmdKey
Platform | Default value |
---|---|
Mac | Super_L |
See LeftCmdKey, but for the right Command key.
RightOptKey
Platform | Default value |
---|---|
Mac | ExtendedChars |
See LeftCmdKey, but for the right Option key.
RootSecurity
Platform | Subscription | Mode | Default value |
---|---|---|---|
Linux, Mac | Enterprise | User, Virtual | FALSE |
Specify TRUE
to protect the system credentials of connecting VNC Viewer users from observation by a VNC Server process owner who is not root.
See also: Authentication
RsaPrivateKeyFile
Platform | Default value |
---|---|
Linux, Mac | $HOME/.vnc/private.key |
Specify the full path to a file storing a private key for VNC Server.
*VNC Server in Service Mode runs as the root user.
If the private key is missing or corrupt, VNC Viewer users cannot connect. To generate a new private key, stop and restart VNC Server.
See also: Encryption
SendCutText
Platform | Default value |
---|---|
All | TRUE |
Specify FALSE
to prevent connected VNC Viewer users copying text on the VNC Server computer and pasting it to their own devices.
See also: AcceptCutText, ClipboardFT
ServerPreferredEncoding
Platform | Default value | Since |
---|---|---|
All | Viewer |
6.0.0 |
Specify the encoding that VNC Server should use to send screen updates to VNC Viewer. By default, the PreferredEncoding parameter value of the connected VNC Viewer takes precedence.
For more information on encodings, consult RFC 6143.
ServiceDiscoveryEnabled
Platform | Default value |
---|---|
All | TRUE |
Specify FALSE
to prevent VNC Server automatically advertizing itself on Zeroconf-enabled local networks (for example, Bonjour or Avahi).
ShareFiles
Platform | Subscription | Default value |
---|---|---|
All | Enterprise, Professional | TRUE |
Specify FALSE
to prevent connected VNC Viewer users exchanging files with the VNC Server computer.
See also: ClipboardFT
ShowCloudHints
Platform | Default value | Between |
---|---|---|
All | True |
6.0.1 - 6.4.0 |
Specify FALSE
to suppress links in the VNC Server interface that encourage the user to sign up for or in to a RealVNC account.
SimulateSAS
Platform | Mode | Default value |
---|---|---|
Windows | Service | 1 |
Specify one of the following values to determine whether connected VNC Viewer users can send the Secure Attention Sequence (SAS, the Ctrl+Alt+Del key combination) to a VNC Server computer running Windows Vista or later:
-
0
to respect Windows group policy for SAS, which means that it cannot be sent to computers running most versions of Windows Vista and 7. -
1
to override group policy if it has not been explicitly set, which means SAS can be sent in most circumstances. -
2
to override group policy even if it has been explicitly set, which means SAS can always be sent.
See also: AcceptKeyEvents
SyslogFacility
Platform | Default value |
---|---|
Linux | user |
Specify one of the following facilities for syslog to use, if available on the system:
daemon
auth
authpriv
security
local0..local7
*This parameter is ignored unless at least one Log entry has an output destination of syslog
.
StopUserModeOnSwitchOut
Platform | Subscription | Mode | Default value |
---|---|---|---|
Mac | Enterprise | User | TRUE |
Specify FALSE
to keep VNC Server running when the current user account switches out. Note that not all third party applications may be displayed correctly to connected VNC Viewer users in switched out sessions, for example the Calculator app.
By default, VNC Server stops on switch out, and all VNC Viewer users are disconnected and cannot reconnect.
SystemSleepBehavior
Platform | Default value | Since |
---|---|---|
Mac | PreventWhileConnected |
7.1.0 |
Prevent the system from sleeping (PreventWhileRunning), prevent the system from sleeping while there are VNC Viewer users connected (PreventWhileConnected), disconnect VNC Viewer users when system goes to sleep (DisconnectViewers), or do nothing (DoNothing).
TlsProfile
Platform | Default value |
---|---|
All | Normal |
The security strength to enforce when making TLS connections. For 'Normal', TLS 1.2 is mandated, no broken fallback ciphers are allowed, and key strength is checked for security (no SHA-1 or small keys). Selecting 'High' limits cipher choices to AES-256 with no legacy ciphers.
UpdateCheckFrequencyDays
Platform | Default value |
---|---|
All | 1 |
Specify a number of days to wait before VNC Server automatically checks for critical software patches and product updates to which you are entitled.
UseCaptureBlt
Platform | Default value |
---|---|
Windows | TRUE |
Specify FALSE
to stop VNC Server monitoring updates to some semi-transparent windows such as certain menus and tooltips. This may improve performance or reduce cursor flicker but does mean connected VNC Viewer users do not have perfect picture fidelity.
See also: CaptureMethod
UseLegacyFileTransfer
Platform | Default value | Since |
---|---|---|
All | FALSE |
7.9.0 |
Specify TRUE
to use the legacy version of File Transfer instead of File Manager.
WinSsoAccountCheck
Platform | Subscription | Default value | Since |
---|---|---|---|
All | Enterprise | TRUE |
6.8.0 |
Perform account checks when using Windows SSO.
Comments
Article is closed for comments.