apple remote desktop - real vnc setup guide
TRANSCRIPT
Apple Remote Desktop and
Real VNC Windows XP Setup
Table of Contents
Introduction 2
Downloading, Installing and Configuring Real VNC 3
Configuring the Windows XP Firewall for Apple Remote Desktop Access 10
Connecting Apple Remote Desktop to the Windows XP/Real VNC client 14
Appendix A : Troubleshooting 17
Introduction
This guide is not an endorsement for Real VNC or Apple Remote Desktop nor is it to be
considered the best solution for implementing these technologies. These instructions offer
an insecure but free Windows client solution for connecting from a licensed copy of Apple
Remote Desktop. Use this guide and these software titles at your own risk. This guide
offers no guarantees.
Apple Remote Desktop (ARD) offers a great solution for remotely observing or controlling
clients. Using free VNC tools available for Windows, ARD can control or observe Windows
clients as well. While Apple Remote Desktop (ARD) supports connecting to several VNC
clients including Ultra VNC, TightVNC and AT&T VNC, Real VNC is the most popular
solution available. On the client system “VNC Server” software must be installed. It is
referred to as server because it’s serving connections and images of the desktop graphical
user interface (GUI). Setting up other VNC server software may be similar to setting up
Real VNC. This guide will step through installing the free Real VNC server on Windows XP
clients, then configuring ARD to connect to those Windows machines.
To view the VNC server clients supported by Apple Remote Desktop please visit…
http://www.apple.com/remotedesktop/resources.html
Note: Apple Remote Desktop has a number of useful features. When controlling Windows
systems using Windows based VNC clients you can only observe or control the remote
systems. You cannot lock the screens, send various commands, create inventory reports,
etc. as you can with Mac OS X systems.
WARNING: The free version of Real VNC does not offer a secure connection to remote
clients. All passwords, upon connection, and keystrokes will be sent in the clear. Malicious
users can easily observe the packets to obtain the password and control the machines or
observe sensitive information, depending on what the end user is viewing at the time.
Downloading, Installing and Configuring Real VNC
Download the free Real VNC client from…
http://www.realvnc.com/products/free/4.1/download.html
An alternative and recommended solution is to purchase the Personal or Enterprise
additions of Real VNC which offer better security and additional features, when compared
to the free version. More information can be found here…
http://www.realvnc.com/products/download.html
Follow these steps to install the less secure but free version of Real VNC 4.1.2 for
Windows XP:
1.Double-click to install Real VNC. Click “Next >”
2.Select “I accept the agreement” Click “Next >”
3.Choose the installation location or leave at the default. Click “Next >”
4. Uncheck VNC Viewer (this is only for viewing other clients) and leave VNC Server
checked. Click “Next >”
5.Specify the Start Menu Folder. Click “Next >”
6. Leave “Register and configure…” and “Start the VNC Server in Service Mode”
checked. Click “Next >”
7.Verify your settings and click “Install”
8. The “VNC Server Properties (Service-Mode)” should automatically open. Select “VNC
Password Authentication” and click “Configure”
9. Enter your desired password, confirm it and click “Ok” WARNING: This password will
be sent in the clear using the free version of Real VNC. Do not use the system
administrator password or another password you may utilize for authentication to other,
secure systems.
10. It is HIGHLY RECOMMENDED that you lock down several features of Real VNC in
the Service-Mode Properties panel including:
a. “Connections” - Uncheck “Serve Java viewer via HTTP on port”
b. “Connections” - “Access Control” -> check “Only accept connections from the local machine
c. “Connections” - “Access Control” -> “Add” -> “Allow” -> to add your Apple Remote Desktop Admin machines
d. “Connections” - “Access Control” -> “Add” -> “Deny” -> to deny any other systems, even systems on the same subnet
e. “Inputs” - enable or disable various settings
Of course there are other settings you can set to make this more secure.
11.To continue the installation choose “Next >”
12.Select “Finish”
Configuring the Windows XP Firewall for Apple Remote Desktop Access
It is highly recommended that you enable the Windows XP Firewall for obvious enhanced
security purposes. Real VNC does not automatically open the necessary port(s) for remote
access. Fortunately, this is pretty straight forward. Follow these steps…
1. Open the Windows Firewall Control Panel - “Start” -> “Control Panel” -> select “Switch
to Classic View” -> “Open Windows Firewall”
2. Select the “Exceptions” tab
3. Choose “Add Port…”
4. Name the port “Real VNC”
5. Provide the port number “5900” and leave “TCP” as the port type
6. Click “Ok”
7. Click “Ok” again
This step is optional: By default Apple Remote Desktop will not dynamically find remote
Windows clients on the network that have VNC enabled. This is because the Windows XP
firewall is set to not answer requests by default. Below are instructions to turn on the ability
for the Windows clients to advertise their existence when requested. WARNING: enabling
this setting will make your Windows system more vulnerable to attacks.
1. Open the Windows Firewall Control Panel - “Start” -> “Control Panel” -> select “Switch
to Classic View” -> “Open Windows Firewall”
2. Select the “Advanced” tab
3. Under “Network Connection Settings” choose the network port you will use to connect
to the machine. (note: on Mac Pros there are 2 ethernet ports) Most likely you will
select “Local Area Connection” (the Mac Pro will show “Local Area Connection 2.” You
may want to select this port also, on a Mac Pro)
4. Select the port you will use to connect to then select “Settings…” in the “Network
Connection Settings” section of that property.
5. Select the “ICMP” tab and check “Allow incoming echo request”
6. Choose “Ok”
7. Close the Windows Firewall
Connecting Apple Remote Desktop to the Windows XP/Real VNC client
Connecting to the Windows XP client with Apple Remote Desktop is straightforward. If you
didn’t enable “ICMP” - “Allow incoming echo request” you can import a list of client
systems or manually add the IP Addresses or DNS names of the systems you want to
observe or control. If you did enable the “ICMP” feature, as described in the previous
section, the systems should show up in a typical network scan.
Follow these steps to connect to your Windows XP clients (assuming “ICMP” has been
enabled)…
1. Select “Scanner”
2. If your computers are on the same subnet you can choose “Local Network” from the
drop down menu. If the systems are on another subnet you can “Network Range” to
search for available systems. If your systems have a similar DNS name or range of IP
addresses you can utilize the “Filter” search to narrow down the choices.
3. Select one or multiple systems (if they all have the same VNC password) you want to
connect to. With the free version of Real VNC the “User Name:” is NOT used.
If you select a single machine you will see the screen above. Enter the “Password:” you
specified on the particular Windows XP PC.
If you selected multiple systems to add, all of which have the same password set on
them, you can add them with a single connection and you will see the screen above.
4. Because the free version of Real VNC establishes a connection insecurely you will
receive this warning:
You can now control a remote system or observe as many as 50 machines simultaneously,
with a maximum of 9 screen shots per rotating page. This screen shot shows 6 systems
being viewed simultaneously…
Appendix A : Troubleshooting
Typically problems with VNC clients arise from misconfiguring the VNC client, improper
firewall settings, etc. Below are common problems and recommended solutions...
Problem: Likely Solution:
Apple Remote Desktop cannot see any of the Windows systems on the network
Make sure Real VNC is installed properly. First try disabling the Windows Firewall, temporarily, to see if you can see the available clients. If this does not work repeat the steps listed above in Section 1
Make sure port 5900 is open in the Windows Firewall
By default, Windows clients will not respond to scan requests for available clients. ICMP must be enabled in Windows to be able to view the clients using the scanner. See the instructions in this guide to enable ICMP “Allow incoming echo request”
Verify you can view the clients from the particular subnet you’re connecting from. Perhaps sending a ping to the clients will let you know they’re there. If ICMP “Allow incoming echo request” is off, a simple ping won’t result in a response.