Introduction VNC Server and VNC Viewer can be downloaded as separate MSIs. If you are a Windows system administrator, you can use thes...
Introduction
VNC Server and VNC Viewer can be downloaded as separate MSIs. If you are a Windows system administrator, you can use these to deploy VNC to target computers/users using Group Policy.
You can apply a transform to the VNC Server MSI that enables you to configure certain aspects of VNC Server, as well as licensing it as part of the deployment process. This saves end-users from the hassle of installation, prevents them from making unwanted changes to settings, and will save you needing to distribute your license key.
Start by downloading the VNC for Windows MSI archive linked below and extracting it to a network share. This archive contains 32 and 64-bit versions of VNC Server and VNC Viewer.
https://www.realvnc.com/download/deployment/msis/
Note that Group Policy can also be used to lock down VNC software to non-administrative users. An upcoming Spiceworks How-to will cover this in detail.
Steps (7 total)
Before deploying VNC Server, you must assign it to a Group Policy Object and configure this GPO in Group Policy Management Editor. You will also need to decide whether to deploy VNC Mirror Driver and VNC Printer Driver, both optional components that add extra functionality to VNC Server.
Note: if you wish to deploy VNC Server without these drivers, see step 5; if you wish to deploy only VNC Viewer, see step 7.
First, open the Group Policy Management console and create an Organizational Unit in your regular domain. Right-click this new OU and select Create a GPO in this domain, and Link it here. Once named, right-click your GPO and select Edit to open Group Policy Management Editor.
Expand either Computer Configuration or User Configuration (depending on whether you want to deploy VNC Server to computers or users), then Policies > Software Settings > Software installation. Right-click here and select New > Package. Locate and select the VNC Server MSI and decide whether you want to publish or assign the software package (if applying a transform, select Advanced; see step 4 for information).
Next, right-click the GPO and select Edit to open Group Policy Management Editor. If you are also deploying VNC Mirror Driver and VNC Printer Driver, you will need to apply the configurations beginning in step 2 (note that the only way to avoid this is by applying a transform to disable both drivers; see step 5):
You must first configure deployment of VNC Mirror Driver, which enhances VNC Server’s performance and is available for all target platforms except NT4 and 8+. To deploy:
1. Expand Computer Configuration (even if deploying to users), then Policies > Administrative Templates > System > Device Installation > Device Installation Restrictions.
2. The second-top setting will be called Allow installation of devices using drivers that match these device setup classes. Right-click and select Edit. Click Enabled, then Show, and paste in the following (as seen in the screenshot above):
4D36E968-E325-11CE-BFC1-08002BE10318
3. Further down the list will be a setting called Allow installation of devices that match any of these device IDs. Right-click and select Edit. Click Enabled, then Show, and paste in the following:
VNC_MIRROR_DRIVER
VNC Mirror Driver will now automatically be deployed alongside VNC Server.
You must now configure deployment of VNC Printer Driver, which allows connected users to print to local printers. To deploy:
1. Expand Computer Configuration (even if deploying to users), then Policies > Administrative Templates > System > Driver Installation.
2. The top setting will be called Allow non-administrators to install drivers for these device setup classes. Right-click and edit this setting. Click Enabled, then Show, and paste in the following (as seen in the screenshot above):
4658ee7e-f050-11d1-b6bd-00c04fa372a7
3. Expand Computer Configuration (even if deploying to users), then Policies > Windows Settings > Security Settings > Local Policies > Security Options. Here, there are two settings you will need to change:
- Midway down the list as you see it will be a setting called Devices: Prevent users from installing printer drivers. Right-click here and select Properties. Check Define this policy setting, then check Disabled. Hit OK.
- Scroll down to the bottom of the list of policies. Towards the end, you will see User Account Control: Detect application installations and prompt for elevation. Right-click here and select Properties. Check Define this policy setting, then check Disabled. Hit OK.
VNC Printer Driver will now automatically be deployed alongside VNC Server.
You can apply a transform that automatically licenses VNC Server as part of the deployment process. Begin by downloading and installing Orca from the following link:
Once this is installed, right-click on the VNC Server MSI and select Edit with Orca. From the menu bar, select Transform > New Transform, then select the Property heading from the tables list on the left. Right-click on the table of properties and select Add Row. Paste ‘LICENSEKEY’ into the Property column and your license key into the Value column (as seen in the screenshot above).
Click Transform > Generate Transform, and save the MST file in the same network share as your MSI.
Now, follow the steps to assign VNC Server to a GPO until you come to the point where you create a new software package (instructions for this can be found in step 1). Instead of choosing to publish or assign your software package, click Advanced. Then go to the Modifications tab, click Add, and locate and select your MST.
Keep Group Policy Management Editor open. Follow the instructions in step 1 to configure VNC Mirror Driver and VNC Printer Driver.
Note that the transform values listed in steps 4, 5 and 6 can be combined and applied to the same transform.
Another transform value can exclude VNC Mirror Driver and/or VNC Printer Driver, enabling you to deploy VNC Server without needing to make configurations in Group Policy Management Editor.
Note that excluding either of these drivers results in the loss of certain functionality.
First, follow step 4 until you arrive at the Add Row dialog. Depending on which property you add, you can exclude either VNC Mirror Driver, VNC Printer Driver, or both (note that if you only exclude VNC Mirror Driver, you will still need to configure VNC Printer Driver in Group Policy Management Editor, and vice versa).
Under the Property heading, paste ‘ADDLOCAL’. Under the Value heading, paste the following (minus the speech marks):
"FeatureServer"
to exclude both VNC Mirror Driver and VNC Printer Driver (as seen in the screenshot above).
to exclude both VNC Mirror Driver and VNC Printer Driver (as seen in the screenshot above).
“FeatureServer,FeaturePrinterDriver”
to exclude VNC Mirror Driver only.
to exclude VNC Mirror Driver only.
"FeatureServer,FeatureMirrorDriver"
to exclude VNC Printer Driver only.
to exclude VNC Printer Driver only.
Select Transform > Generate Transform and apply it to VNC Server in the way outlined in step 4. You can now deploy VNC Server in the usual way for a GPO.
The final transform value you can apply to VNC Server can stop an end-user receiving update notifications, reducing the risk of them upgrading VNC Server erroneously.
The property used to control update notifications already exists, under the name ‘ENABLEAUTOUPDATECHECKS’. You will notice its value is set to 99 by default. Double-click this figure, and replace it with either:
0 – to disable update notifications (as seen in the screenshot above).
1 – to enable update notifications.
2 – to give the user the choice when VNC Server first runs.
1 – to enable update notifications.
2 – to give the user the choice when VNC Server first runs.
Now select Transform > Generate Transform and apply it to VNC Server in the way outlined in step 4.
Unlike VNC Server, VNC Viewer can be deployed ‘as-is’.
Open the Group Policy Management console and create a new Organizational Unit in your regular domain. Right-click this OU and select Create a GPO in this domain, and Link it here. Once you have named your GPO, right-click on it and select Edit to open Group Policy Management Editor.
Expand either Computer Configuration or User Configuration (depending on whether you want to deploy the GPO to computers or users), then Policies > Software Settings > Software installation. Right-click here and select New > Package. Locate and select the VNC Viewer MSI and decide whether you want to publish or assign the software package. Close Group Policy Management Editor.
You can now deploy the VNC Viewer GPO in your usual way.
No comments
Post a Comment