
What you will need…..
Also on that page is a PDF that will show you all the triggers you can change during the install. (if you want you can get it -Here- ).
The PDF shows you how to install via command line, which is great, but what if you want to update the version when the next version comes out?
You would have to manually go to every computer and uninstall to push the new version out.
lets get down to brass tax here, we will be using a program called ORCA to edit the MSI file so it installs the way WE want via group policy.
(you can get orca -Here-)
Creating the Transform File….
I decided to push the x86 version out for compatability for every computer on the network.
After orca installs open the MSI package with orca File >> Open
It should look like this.
Next you want to click Transform >> New Transform
Now in the PDF file that we opened earlier, you can go through there and pick the options you want to turn on, and ill show you how to set the passwords for deployment.
the best way to find the values you want to change in orca is the Find option (Ctrl-F), although most of the options are under the Property table.
Here are the values I looked for (some are set to default in this version).
- SERVER_ADD_FIREWALL_EXCEPTION=1
- VIEWER_ADD_FIREWALL_EXCEPTION=1
- SERVER_ALLOW_SAS=1
- SET_USEVNCAUTHENTICATION=1
- VALUE_OF_USEVNCAUTHENTICATION=1
- SET_PASSWORD=1
- SET_USECONTROLAUTHENTICATION=1
- VALUE_OF_USECONTROLAUTHENTICATION=1
- SET_CONTROLPASSWORD=1
- VALUE_OF_REMOVEWALLPAPER=0
To set your passwords for connection, and so the user doesn’t turn off VNC accidentally you will need to adjust 2 values.
- VALUE_OF_CONTROLPASSWORD
- VALUE_OF_PASSWORD
These options are in CustomAction table, under the target field.
you will physically change the values by deleting VALUE_OF_PASSWORD and inputting your password, for this tutorial im going to use PasswOrd.
Once you have your tables adjusted to the options you want, its time to save the transform file.
go to Transform >> Generate Transform This will save as a .mst file you will need the MSI and the MST file when we deploy VNC via group policy.
Creating a share and setting the appropriate permissions.
Next we need to set a shared folder across the network, one that every computer that is joined to the domain can access.
I created a series of folders to house my software pushed via GPO.
Be sure to put the MSI file and the MST file in this directory.
To share this folder I went to the root folder (company) Right click and Properties.
Then advanced sharing, check the box share this folder, and click permissions near the bottom. Add “Domain Computers” group to the share permissions.
Then click Ok, and Ok again and that will bring you back to the Company folder Properties.
Click Security, Edit, Add and add Domain Computers in the security List.
Finally, Creating GPO and Linking to OU’s for Software Deployment…
Now that we have our folder set up so that all computers on the domain can see it, and have access to the files inside its time to set up our GPO.
Since I have OUs set up for laptops and desktops that are on my network, I will link this GPO both OUs.
Open group policy Management, Expand the forest, expand domains, expand the domain you are wishing to push software.
Right Click Group Policy Objects and click NEW.
Name your GPO, I named mine VNC Install MSI.
right click the new GPO you created and click Edit.
Under Computer Configuration, expand Policies, Software Settings and right click on software installation Click New >> Package.
Browse to your folder via UNC path (do not browse via hard disk path this needs to be the network share path).
Open the MSI, and you will see another box saying Deploy Software, Click Advanced.
Click ok, Go to Modifications Tab and click ADD.
Open your transform file (the .MST file) that we created earlier in Orca.
You should see the network path in modifications here.
Click OK.
Close Group Policy Management Editor,
Now we need to link the group policy to the OUs that we want to deploy to.
Simply Right click the OU (laptops and desktops in my case) and Link an Existing GPO… and select your GPO.
Close Group Policy Management.
The best way to test this is to do a “gpupdate /force” in command prompt on a computer in the OU you set up to receive the software.
after the gpupdate /force it will ask you to restart the computer. When it comes back up, Tight VNC should be installed on this machine.
Note: if you are having problems pushing the MSI, then it may be helpful to consult the Event Viewer on the client machine you are testing with
Thank you ! it helped me.
If you want to install TightVNC server without the viewer I used the software “InstEd” and deleted the feature “viewer” in the feature tab.
Your page tops google when searching for VNC GP DEPLOY. Thank you very much i am going to give this a try tomorrow. Wish me luck and in case of anything ill contact you.
and keep posting such great tutorials. It really helps a lot of noobs like me.
Do you have any IM to contact you directly. I tried but it doesn’t work, there is no entry on domain users ADD/REMOVE programs neither there is anything in PROGRAM FILES but if i install it manually it works fine. I followed each and every step and didn’t find any errors in GPO push as well.
Very usefull tutorial for me. But one thing still under question… How with ORCA help hide VNC tray icon? May be there is other way to do this? Thank you anyway!
Thanks for nice post. One question how to I deploy tightVNC for 32bit and 64bit version, I mean does i make one policy for all OU. how policy will determine which version it has to push for which versions 32bit or 64bit of windows..
Thanks this was very helpful! Working like a BOSS!