VNC Deployment via Group Policy

I have had a few people ask how to deploy VNC via group policy. If you have a large network where you want to install VNC on a large amount of computers this would be an ideal solution.

For this guide i used TightVNC – the website is here: tightvnc.com

I decide to go for TightVNC becuase

  • Easy to use
  • Free
  • Ability to hide the icon in the system tray
  • Built in access control options
  • Very lightweight
  • Ability for the end user to approve connections
  • Fully compatible with Windows 7

I have tested this on the following systems

  • Windows XP x32
  • Windows 7 x32
  • Windows 7 x64
  • Windows 8 x32
  • Windows 8 x64
  • Windows 8.1 x32
  • Windows 8.1 x64
  • Windows Server 2008 R2

With the below guide, anything in red are paths you need to change to make it suitable for deployment in your network.
Once this script has installed VNC it is designed to automatically quit when you run it again.

Creating the installer files

  1. Create a network share on a server to store the script and installers. You will need to give the group “Domain Computers” the right to read and execute.
  2. Download TightVNC v2.0.2 and save it in the above share and install onto 1 computer.
  3. On the computer you installed TightVNC, configure to how you like it (eg set a password). Click Here for Documentation & Click Here for FAQ
  4. Once configured go to regedit and export the following folder. “HKEY_LOCAL_MACHINE\Software\TightVNC” & save it in the above share. To export right click the TightVNC folder and press export.
  5. Open NotePad and copy the below code. Please change the red areas to the path of your network share. The script will remove the VNC stuff from the program files to stop users from playing. If you do not want to do this remove the last line of the code.
    Code:
    if exist "C:\Program Files (x86)\TightVNC" goto :eof ELSE
    if exist "C:\Program Files\TightVNC" goto :eof ELSE
    "c:\vnc\tightvnc-2.0.2-setup.exe" /S
    regedit /S "c:\vnc\tightvnc.reg"
    net stop "TightVNC Server"
    net start "TightVNC Server"
    rmdir /s /q "C:\Documents and Settings\All Users\Start Menu\Programs\TightVNC\"
  6. Save the file in your shared folder. You need to save it as a .bat file. For example mine is called installvnc.bat

Adding to a group policy

  1. Open up an appropriate group policy that applied to your computers or create a new one.
  2. Navigate to: Computer Configuration > Policies > Windows Settings > Scripts > Startup
  3. Press add, then browse and find the .bat file we created before in the shared folder. Then press ok & ok again.
  4. Make sure the following group policy is enabled. Computer Configuration > Policies > Administrative Templates > System > Logon > Always wait for the network at computer startup & Logon

When your computer startup it should install VNC and be configured.

Enjoy!