I have had a few people ask how to deploy VNC via group policy. If you have a large network where you want to install VNC on a large amount of computers this would be an ideal solution.
For this guide i used TightVNC - the website is here: tightvnc.com
I decide to go for TightVNC becuase
- Easy to use
- Ability to hide the icon in the system tray
- Built in access control options
- Very lightweight
- Ability for the end user to approve connections
- Fully compatible with Windows 7
I have tested this on the following systems
- Windows XP x32
- Windows 7 x32
- Windows 7 x64
- Windows Server 2008 R2
With the below guide, anything in red are paths you need to change to make it suitable for deployment in your network.
Once this script has installed VNC it is designed to automatically quit when you run it again.
Creating the installer files
- Create a network share on a server to store the script and installers. You will need to give the group "Domain Computers" the right to read and execute.
- Download TightVNC and save it in the above share and install onto 1 computer.
- On the computer you installed TightVNC, configure to how you like it (eg set a password). Click Here for Documentation & Click Here for FAQ
- Once configured go to regedit and export the following folder. "HKEY_LOCAL_MACHINE\Software\TightVNC" & save it in the above share. To export right click the TightVNC folder and press export.
- Open NotePad and copy the below code. Please change the red areas to the path of your network share. The script will remove the VNC stuff from the program files to stop users from playing. If you do not want to do this remove the last line of the code.
Code:if exist "C:\Program Files (x86)\TightVNC" goto :eof ELSE if exist "C:\Program Files\TightVNC" goto :eof ELSE "c:\vnc\tightvnc-2.0.2-setup.exe" /S regedit /S "c:\vnc\tightvnc.reg" net stop "TightVNC Server" net start "TightVNC Server" rmdir /s /q "C:\Documents and Settings\All Users\Start Menu\Programs\TightVNC\"
- Save the file in your shared folder. You need to save it as a .bat file. For example mine is called installvnc.bat
Adding to a group policy
- Open up an appropriate group policy that applied to your computers or create a new one.
- Navigate to: Computer Configuration > Policies > Windows Settings > Scripts > Startup
- Press add, then browse and find the .bat file we created before in the shared folder. Then press ok & ok again.
- Make sure the following group policy is enabled. Computer Configuration > Policies > Administrative Templates > System > Logon > Always wait for the network at computer startup & Logon
When your computer startup it should install VNC and be configured.
Last edited by FN-GM; 17th April 2011 at 07:15 PM.
Does this allow you to connect to computers which are not logged in, or just those which are in use?
"2.Navigate to: Computer Configuration > Policies > Windows Settings > Scripts > Startup" Isn't a login script as such, however obviously depends if the VNC server has a service option, or if it's only an exe style :P Then it wouldn't I guess.
Thanks, I'll give that a try then - VNC is one thing I'm really missing from our Win7 network...
speckytecky (23rd March 2012)
@FN-GM - works a treat, thanks so much.
As an aside, I didn't need to create a share for it, just a regular folder inside an existing share and then reference that location, e.g. \\servername\netsoft$\tightvnc\tightvnc.bat
Works a treat however has anyone found a way to hide the icon from the systray? I've tried a variety of methods found online however had no luck at all.
If you're using the newer version there's a tick box under server I think
I've seen this, but its not really practical to have to set this on every machine manually, only way I guess would be to incorporated a pre-configured VNC into our build.
Unless it's changed recently it just sets a reg value by clicking the box. Think it's HKLM\SOFTWARE\ORL\WinVNC3\DisableTrayIcon DWORD "1" ?
Not 100% though, stopped using Tight a while ago :P
Spent ages trying to get the DisableTrayIcon to work, got absolutely nowhere with it. Did you more to anything more... preferable?
Guys, read FN-GM's post above - if you follow his instructions and export the reg key, then the clients won't have the icon. RTFM :-)
There are currently 2 users browsing this thread. (0 members and 2 guests)