The Tech Steward
June 24, 2026 · 3 min read

See Their Screen From Anywhere — Safely

An always-on remote-control setup using on-demand ZeroTier and VNC: no port-forwarding, no third-party screen-share company, just you and their machine on a private network.

When Dad calls and something’s wrong, the worst version of help is “okay, now click the green button in the top left — no, your other left.” The best version is: I see exactly what he sees, on my own screen, and I just fix it.

There are a dozen paid services that do this. I don’t want any of them touching my father’s machine. A steward keeps the keys in the family — so here’s how I do it with two free, open tools and zero strangers in the middle: ZeroTier to put both machines on the same private network, and VNC to see and control the screen across it.

Why not TeamViewer / AnyDesk / etc.? They work, but they route the connection through their servers and their accounts. This setup keeps the connection private to a network only you control. That’s the whole point of stewardship.

The shape of it

  1. ZeroTier creates a private virtual network — like both computers are plugged into the same router, even though they’re a thousand miles apart. No port-forwarding, no fiddling with the home router.
  2. VNC runs on their machine and lets yours see and control the desktop — but only reachable over that private ZeroTier network, never the open internet.
  3. On-demand is the trust piece: it’s not a wide-open door. You bring the connection up when it’s needed.

Part 1 — ZeroTier (the private network)

Step-by-step to fill in: create a ZeroTier network, install the client on both machines, authorize each device, confirm they can ping each other over the ZeroTier IP range.

  • Create a free network at the ZeroTier control panel; note the 16-character Network ID.
  • Install ZeroTier on your machine and their machine.
  • Join both to the network with the Network ID, then authorize each device in the panel.
  • Verify: from your machine, ping their ZeroTier IP. If it answers, the private network is up.

Part 2 — VNC (seeing the screen)

Step-by-step to fill in: install a VNC server on their machine, lock it to the ZeroTier interface/IP only, set a strong unique password, install a viewer on yours, connect to their ZeroTier IP.

  • Install a VNC server on their computer.
  • Critical: bind it to the ZeroTier IP only — not “all interfaces.” This is what keeps it off the public internet.
  • Set a strong, unique VNC password (and ideally require encryption).
  • Install a VNC viewer on your machine; connect to their ZeroTier IP.

Part 3 — Making it “on-demand”

Step-by-step to fill in: how you keep the VNC server from running wide-open 24/7 — a quick launcher/script your parent can trigger, or a service you bring up only during a call.

The honest tradeoff: “always reachable” is convenient but it’s a standing door. I prefer a setup where the screen-share only comes alive when we’re actually on a call together — Dad taps one thing, or I bring the service up — and goes quiet again afterward.

The dignity note

Tell them how this works and that they’re in control. The whole arrangement runs on trust; the second it feels like surveillance, you’ve lost the thing that makes you the steward instead of the spyware. They should always know when you can see the screen, and be able to say no.

Working draft — I’ll flesh out each command and screenshot as I lock the setup in on Dad’s actual machine.

remote-access zerotier vnc how-to