How To Deploy VNC via Group Policy

deploy vnc via group policy
If you know how to deploy a .MSI package via a group policy object (or GPO) then you know how easy it can make your life as a network or systems administrator. For a long time I was wanting to deploy a VNC client across my domain in order for my helpdesk to support end users on our company’s network. The biggest issue I faced with this was not how to push it but how to configure it. There seems to be a shortage of blogs out there that describe how this can be done so I worked with a friend of mine (Jesse Vaughn) and we decided that we would blog about our experience with this. We hope this can help you deploy and configure VNC via group policy pre-configured with passwords and other settings that you may want to use.      Enjoy 😀

What you will need…..

We will be deploying Tight VNC 2.7.10 to our network, I downloaded the MSI package -Here-.

Also on that page is a PDF that will show you all the triggers you can change during the install. (if you want you can get it -Here- ).

The PDF shows you how to install via command line, which is great, but what if you want to update the version when the next version comes out?

You would have to manually go to every computer and uninstall to push the new version out.

lets get down to brass tax here, we will be using a program called ORCA to edit the MSI file so it installs the way WE want via group policy.

(you can get orca -Here-)

Creating the Transform File….

I decided to push the x86 version out for compatability for every computer on the network.

After orca installs open the MSI package with orca File >> Open

It should look like this.

<h2>deploy vnc via group policy</h2>

Next you want to click Transform >> New Transform

deploy vnc via group policy

Now in the PDF file that we opened earlier, you can go through there and pick the options you want to turn on, and ill show you how to set the passwords for deployment.

the best way to find the values you want to change in orca is the Find option (Ctrl-F), although most of the options are under the Property table.

Here are the values I looked for (some are set to default in this version).


To set your passwords for connection, and so the user doesn’t turn off VNC accidentally you will need to adjust 2 values.


These options are in CustomAction table, under the target field.

you will physically change the values by deleting VALUE_OF_PASSWORD and inputting your password, for this tutorial im going to use PasswOrd.

deploy vnc via group policy

Once you have your tables adjusted to the options you want, its time to save the transform file.

go to Transform >> Generate Transform  This will save as a .mst file you will need the MSI and the MST file when we deploy VNC via group policy.

deploy vnc via group policy

Creating a share and setting the appropriate permissions.

Next we need to set a shared folder across the network, one that every computer that is joined to the domain can access.

I created a series of folders to house my software pushed via GPO.

Be sure to put the MSI file and the MST file in this directory.

deploy vnc via group policy

To share this folder I went to the root folder (company) Right click and Properties.

deploy vnc via group policy

Then advanced sharing, check the box share this folder, and click permissions near the bottom. Add “Domain Computers” group to the share permissions.

deploy vnc via group policy

Then click Ok, and Ok again and that will bring you back to the Company folder  Properties.

Click Security, Edit, Add  and add Domain Computers in the security List.

deploy vnc via group policy

Finally, Creating GPO and Linking to OU’s for Software Deployment…

Now that we have our folder set up so that all computers on the domain can see it, and have access to the files inside its time to set up our GPO.

Since I have OUs set up for laptops and desktops that are on my network, I will link this GPO both OUs.

Open group policy Management, Expand the forest, expand domains, expand the domain you are wishing to push software.

deploy vnc via group policy

Right Click Group Policy Objects and click NEW.

deploy vnc via group policy

Name your GPO, I named mine VNC Install MSI.

deploy vnc via group policy

right click the new GPO you created and click Edit.

deploy vnc via group policy

Under Computer Configuration, expand Policies, Software Settings  and right click  on software installation Click New >> Package.

deploy vnc via group policy

Browse to your folder via UNC path (do not browse via hard disk path this needs to be the network share path).

deploy vnc via group policy

Open the MSI, and you will see another box saying Deploy Software, Click Advanced.

deploy vnc via group policy

Click ok, Go to Modifications Tab and click ADD.

deploy vnc via group policy

Open your transform file (the .MST file) that we created earlier in Orca.

deploy vnc via group policy

You should see the network path in modifications here.

Click OK.

Close Group Policy Management Editor,

Now we need to link the group policy to the OUs that we want to deploy to.

Simply Right click the OU (laptops and desktops in my case) and Link an Existing GPO… and select your GPO.

Close Group Policy Management.

The best way to test this is to do a “gpupdate /force” in command prompt on a computer in the OU you set up to receive the software.

after the gpupdate /force it will ask you to restart the computer. When it comes back up, Tight VNC should be installed on this machine.

Note:  if you are having problems pushing the MSI, then it may be helpful to consult the Event Viewer on the client machine you are testing with

Thank you for viewing my tutorial on how to deploy vnc via group policy.

7 comments to How To Deploy VNC via Group Policy

  • Dracarys  says:

    Thank you ! it helped me.
    If you want to install TightVNC server without the viewer I used the software “InstEd” and deleted the feature “viewer” in the feature tab.

  • Ibrahim  says:

    Your page tops google when searching for VNC GP DEPLOY. Thank you very much i am going to give this a try tomorrow. Wish me luck and in case of anything ill contact you.

  • Ibrahim  says:

    and keep posting such great tutorials. It really helps a lot of noobs like me.

  • Ibrahim  says:

    Do you have any IM to contact you directly. I tried but it doesn’t work, there is no entry on domain users ADD/REMOVE programs neither there is anything in PROGRAM FILES but if i install it manually it works fine. I followed each and every step and didn’t find any errors in GPO push as well.

  • Jurijs Smulko  says:

    Very usefull tutorial for me. But one thing still under question… How with ORCA help hide VNC tray icon? May be there is other way to do this? Thank you anyway!

  • Satish  says:

    Thanks for nice post. One question how to I deploy tightVNC for 32bit and 64bit version, I mean does i make one policy for all OU. how policy will determine which version it has to push for which versions 32bit or 64bit of windows..

  • Justin  says:

    Thanks this was very helpful! Working like a BOSS!

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>