Jump to content

How To Guide: Deploy VNC via Group Policy

FN-GM
 Share

Recommended Posts

FN-GM

FN-GM

Posted
Posted (edited)

Hi,

 

I have had a few people ask how to deploy VNC via group policy. If you have a large network where you want to install VNC on a large amount of computers this would be an ideal solution.

 

For this guide i used TightVNC - the website is here: tightvnc.com

 

I decide to go for TightVNC becuase

  • Easy to use
  • Free
  • Ability to hide the icon in the system tray
  • Built in access control options
  • Very lightweight
  • Ability for the end user to approve connections
  • Fully compatible with Windows 7

 

I have tested this on the following systems

  • Windows XP x32
  • Windows 7 x32
  • Windows 7 x64
  • Windows Server 2008 R2

 

With the below guide, anything in red are paths you need to change to make it suitable for deployment in your network.

Once this script has installed VNC it is designed to automatically quit when you run it again.

 

Creating the installer files

 

  1. Create a network share on a server to store the script and installers. You will need to give the group "Domain Computers" the right to read and execute.
  2. Download TightVNC and save it in the above share and install onto 1 computer.
  3. On the computer you installed TightVNC, configure to how you like it (eg set a password). Click Here for Documentation & Click Here for FAQ
  4. Once configured go to regedit and export the following folder. "HKEY_LOCAL_MACHINE\Software\TightVNC" & save it in the above share. To export right click the TightVNC folder and press export.
  5. Open NotePad and copy the below code. Please change the red areas to the path of your network share. The script will remove the VNC stuff from the program files to stop users from playing. If you do not want to do this remove the last line of the code.
    if exist "C:\Program Files (x86)\TightVNC" goto :eof ELSE
if exist "C:\Program Files\TightVNC" goto :eof ELSE
"[color="red"]c:\vnc\tightvnc-2.0.2-setup.exe[/color]" /S
regedit /S "[color="red"]c:\vnc\tightvnc.reg[/color]"
net stop "TightVNC Server"
net start "TightVNC Server"
rmdir /s /q "C:\Documents and Settings\All Users\Start Menu\Programs\TightVNC\"


  6. Save the file in your shared folder. You need to save it as a .bat file. For example mine is called installvnc.bat

 

Adding to a group policy

 

  1. Open up an appropriate group policy that applied to your computers or create a new one.
  2. Navigate to: Computer Configuration > Policies > Windows Settings > Scripts > Startup
  3. Press add, then browse and find the .bat file we created before in the shared folder. Then press ok & ok again.
  4. Make sure the following group policy is enabled. Computer Configuration > Policies > Administrative Templates > System > Logon > Always wait for the network at computer startup & Logon

 

When your computer startup it should install VNC and be configured.

 

Enjoy!

Edited by FN-GM
  • Thanks 4
  • 3 months later...
Steve21

Steve21

Posted
Posted
Does this allow you to connect to computers which are not logged in, or just those which are in use?

 

From how I read it, it "should" be on startup, not login, aka yes those not logged in.

 

"2.Navigate to: Computer Configuration > Policies > Windows Settings > Scripts > Startup" Isn't a login script as such, however obviously depends if the VNC server has a service option, or if it's only an exe style :p Then it wouldn't I guess.

 

Steve

FN-GM

FN-GM

Posted
  • Author
Posted
Does this allow you to connect to computers which are not logged in, or just those which are in use?

If the machines are not logged on it will allow you to connect to them yes.

 

But if you have the option selected to prompt the user to allow you on it wont. There will be nobody on the other end to press ok :)

enjay

enjay

Posted
Posted

@FN-GM - works a treat, thanks so much.

 

As an aside, I didn't need to create a share for it, just a regular folder inside an existing share and then reference that location, e.g. \\servername\netsoft$\tightvnc\tightvnc.bat

Alpha2x

Alpha2x

Posted
Posted
Works a treat however has anyone found a way to hide the icon from the systray? I've tried a variety of methods found online however had no luck at all.
FN-GM

FN-GM

Posted
  • Author
Posted
Works a treat however has anyone found a way to hide the icon from the systray? I've tried a variety of methods found online however had no luck at all.

 

There is a preference in tight VNC to remove it. You set that then you export the registery and deploy it as shown on post one.

Alpha2x

Alpha2x

Posted
Posted

Hi Steve,

 

I've seen this, but its not really practical to have to set this on every machine manually, only way I guess would be to incorporated a pre-configured VNC into our build.

Steve21

Steve21

Posted
Posted

Unless it's changed recently it just sets a reg value by clicking the box. Think it's HKLM\SOFTWARE\ORL\WinVNC3\DisableTrayIcon DWORD "1" ?

 

Not 100% though, stopped using Tight a while ago :p

 

Steve

Steve21

Steve21

Posted
Posted (edited)
Spent ages trying to get the DisableTrayIcon to work, got absolutely nowhere with it. Did you more to anything more... preferable?

 

Which version you using atm?

 

Try:

 

HKEY_CURRENT_USER\SOFTWARE\TIGHTVNC\SERVER\RUNCONTROLINTERFACE = 0

 

(or HKLM w/e you want)

 

Think it's 0, but may be 1 (Try 0 first)

 

Steve

Edited by Steve21
FN-GM

FN-GM

Posted
  • Author
Posted
Guys, read FN-GM's post above - if you follow his instructions and export the reg key, then the clients won't have the icon. RTFM :-)

 

Hes right you know, i have sent it to hundreds of machines via group policy and not one of them has the icon tray.

 

You untick the box, export the reg settings and send them settings to the clients as shown above.

FN-GM

FN-GM

Posted
  • Author
Posted
I dont quite understand this thread about deploying VNC.........

 

Just download: RealVNC - VNC® Deployment Tool (VNC Deployment Tool) and you can push the free vnc version out with a config file.

 

I did this at my last place, deployed to 300 machines within 30mins with config file.

 

The problem with the free RealVNC is that it doesn't support Windows 7. Also a start script would be better if you have a large environment.

  • 1 year later...
dannydr

dannydr

Posted
Posted
What version are you using?

 

same as the thread author, tightvnc-2.0.2

i even checked and the registry in all pc's got changed (i see passwords set) but when i open the icon no passwords are set and i can't connect to none of these pcs.

Thanks,

Danny.

FN-GM

FN-GM

Posted
  • Author
Posted
same as the thread author, tightvnc-2.0.2

i even checked and the registry in all pc's got changed (i see passwords set) but when i open the icon no passwords are set and i can't connect to none of these pcs.

Thanks,

Danny.

 

Did you set the password on the machine you configured all the settings?

dannydr

dannydr

Posted
Posted
Did you set the password on the machine you configured all the settings?

 

yeah, i ran the setup from a shared folder (on a server) onto the first PC, in the setup i configured the password.

after installation this PC was great but the reg file i exported didn't do the trick to other pc getting the gpo.

for some reason the viewer gets installed too even though i wanted just the server.

very annoying..

dannydr

dannydr

Posted
Posted

found the problem, i exported 32bit OS reg file that worked only with 32bit OS's because the tightVNC reg is in a different location in 32\64 OS's.

so i exported a 64bit ver as well and got 2 vers of the reg file.

then just added another IF in original script. script included:

 

if exist "C:\Program Files (x86)\TightVNC" goto :eof ELSE

if exist "C:\Program Files\TightVNC" goto :eof ELSE

"\\beta\TVNC\tightvnc-2.0.2-setup.exe" /S

 

if exist "C:\Program Files (x86)\" goto :X64 ELSE

regedit /S "\\beta\TVNC\32bit.reg

goto :finish

 

:X64

 

regedit /S "\\beta\TVNC\64bit.reg"

goto :finish

 

:finish

net stop "TightVNC Server"

net start "TightVNC Server"

rmdir /s /q "C:\Documents and Settings\All Users\Start Menu\Programs\TightVNC\"

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • 43 When would you like EduGeek EDIT 2025 to be held?

    1. 1. Select a time period you can attend


      • I can make it in June\July
      • I can make it in August\Sept
      • Other time period. Comment below
      • Either time
×
×
  • Create New...