Overview

This guide will describe the procedures and various options when deploying VNC on your network using the tools in VNCScan Enterprise Network Manager (VENM).  We’ll move through each of the screens and give an overview of each of the settings and what they do.  We’ll conclude with a look at what happens during the deployment process behind the scenes.

System Requirements for VNC Push Installs

· The remote computer must be running Windows 2000 or greater

· The Remote Registry must be started on the remote computer (in some configurations, this is disabled by default and needs to be set to “Automatic”)

· In Windows XP, Simple File Sharing needs to be disabled.

· There must be no firewall enabled that is blocking the typical file sharing ports.

· Administrator access to remote computers must be either granted to the account you are logged in as or supplied in the deployment tool at the time of deployment.

Getting Started

VNCScan uses the concept of “Deployment Profiles” to group settings for the remote server.  Instead of choosing options such as the server password, VNC version, and various other settings every time that you deploy VNC, you can create names profiles that contain all of this information; ready to be used on any computer on your network quickly.

These profiles are created using the Profile Editor.  The easiest way to get to this tool is the toolbar under the Managed Groups tab (Fig 1.0)

FIG 1.0

The Profile Editor

Using the Profile Editor, you can create new profiles or edit existing ones.  We’ll start by creating a new profile called “UltraVNC with MS Login”.  To start, click on the button that says “New Profile” as seen below.

FIG 1.1

Required Settings

Let’s take a moment to look at all of the options on the first tab of the deployment profile editor in the image below (FIG 1.2).

· Profile Name – This is what will be used to reference this profile when it’s time to deploy VNC Remote Screen Sharing to a networked computer.

· VNC Version – You have the option of deploying 4 different versions of VNC; UltraVNC, TightVNC, RealVNC Freeware, or UltraVNC Legacy.  UltraVNC is the default and most compatible with modern operating systems.  This is the official version that is best supported in VNCScan.

· The server password must always be set no matter what other settings you choose in the editor.

· The TightVNC Read-Only password will be enabled if you are deploying TightVNC and wish to enable a second password for read-only access to the remote desktop.

· VNC Port – this is the port that VNC will listen on for a connection.  If you alter this, you will need to make sure to edit the computer or group properties in VNCScan to connect on the correct port.

· Java Port – optionally, VNC Server has a built in java web client. If you set the port to 0 it will disable this server.

FIG 1.2

Connection Options

The connection options are optional and work fine as the defaults for most scenarios.  If you’d like to modify them, here’s what they do:

· Authorized Host Connections – this allows you to say who can or cannot establish a connection to the remote server based upon IP address. You can get more information about the AuthHosts here,

· Disconnect Actions allow you to do certain actions on the remote computer upon disconnect such as log off or lock the workstation

· When checked, you can make the server ask the logged on user for permission before connecting.

· The next checkbox compliments the one mentioned above by automatically accepting the connection if the logged on user doesn’t respond after x number of seconds.

· For performance reasons, you can also choose to remove the remote desktop wallpaper, pattern, or user interface effects while remotely connected.

FIG 1.3

Performance Options

There are additional performance options listed below. Things operate fine at their defaults.  Changing them can get a bit more geeky and should be done with care.

· Use VNC Hooks… – That will use “hooks” into the operating system to detect which areas of the screen has changed and need to be updated in the viewer.  This just gives a little better quality with screen updates.  The downside is the increase of CPU required at the remote computer.

· Poll the whole screen – this will poll the entire screen for updates on each cycle instead of just the foreground window(s).  As expected, it can cause a performance hit on the remote computer.

· Filter Events that have no effect – This filters out changes on the remote system that aren’t visible on the monitor.  I’d leave that checked unless there’s a specific need to uncheck it.

· Sharing – This determines at the server level what happens if two different consoles attempt to remote control the desktop at the same time.

o Always Shared – no matter what setting the connected client(s) have set, the server will override them and allow the desktop to be shared by all connections

o Never share – no matter what setting the connected client(s) have set, the server will override them and disallow the desktop to be shared by all connections

o Use Client Defaults – This lets the client settings decide.  If the connecting client is set to disallow sharing, all existing connections will be dropped in favor of the newly connecting client.

· Accept Pointer Events – to accept mouse input from the connected clients or not

· Accept Keyboard Events – to accept keyboard input from the connected clients or not

· Accept clipboard Updates – When checked, anything copied to and from the clipboard at either computer is passed through the VNC connection to the remote computer.  If this is enabled, be careful of what you copy into the clipboard while in a VNC session.

· Send Clipboard Updates – this controls whether anything copied to the clipboard on the server is sent back to the client’s clipboard for pasting.

· Clipboard events affect the screen saver – If enabled, the screen saver will be disrupted on the server if the client copies something to their clipbard

· Disable local inputs – This will disable the remote servers keyboard and mouse while someone is connected to the server.

Special Options

Here’s where we can set some things that are specific to UltraVNC along with other settings that you may be interested in.

· Disable Tray Icon – This hides the VNC icon on the remote computer.  Normally, while the service is running, there’s a little icon by the clock that gives information about the server and allows users to change settings.  Hiding the icon can take away the temptation to tamper.

· Allow users to shut down VNC – When this is checked and the user right-clicks the icon in the task bar for the server mentioned above, the option to shut down the server will be grayed out.

· Allow users to change and access settings – When this is checked and the user right-clicks the icon in the task bar for the server mentioned above, the option to open the settings window for the server will be grayed out.

· Use DSM Encryption – This is specific to UltraVNC.  It enables encryption for the IP traffic between the server and the viewer.  This happens using a shared private key file.  If the server is deployed with this check box checked, it will refuse connections from any viewer that is not configured for encryption with the same private key.  More information on this is here.

· MS Authentication – This is also specific to ULtraVNC.  It will ignore the password configured in the “Required Settings” tab and use Windows authentication to control the connection instead.  The ACL lingo is explained here.

Custom

The custom section of the profile editor is getting a little out dated.  In older versions of VNC, settings were stored in the registry.  Now they are most stored in a file in the same folder as the server.  If you’re still deploying older registry based VNC versions, this section could come in handy to you.

You can add custom registry keys to the remote computer during the deployment using this screen.  If you chose UltraVNC DSM encryption in the previous tab, a path will be specified here to the rc4.key private key file that will be used on the server end.  If you’ve created your own key, be sure that the same key file is in the folder where your vncviewer.exe is located.  Again, more information on this can be found here.

That’s it!  Save your settings and you’re ready to deploy it to a workstation.

Deploying the Profile

We’re going to start with the premise that the computer you are wishing to deploy VNC remote desktop to is not already added to a group in your console.  We’ll start by right-clicking a group and choosing to register a new computer manually.

FIG 2.0

Now, type in the workstation name, then hit the button that says “Resolve From HostName”

FIG 2.1

You can optionally enter any other information in this dialog but this is all that is required to continue.  Press the OK button to return to the main window.

Click the “VNC Deployment” toolbar and select “Deploy to Selected”

FIG 2.3

The following window is displayed (FIG 2.4).  Let’s go over some of the options that you see here.

· Selected Computers – these are the computers selected to have VNC deployed to

· Deploy Profile – this is the profile of settings to be applied to the selected computers once VNC has been pushed to them.  Look familiar?

· Add computers to group – Once the push process has been initiated, the computer(s) will be added to the group selected

· Use alternative login credentials – This will be the user account used to access the remote computer and its registry.  Make sure that it’s a user account with administrative access to each computer in the selected computers list.

· Do not copy start menu icons – this prevents the icons for VNC server from showing up on the remote computer’s start menu

· Deploy UltraVNC video driver – When checked, the push script will attempt to install the UltraVNC performance enhancing video driver on the remote system.  Be aware that Windows Vista, 7, and server 2008 have driver signing restrictions that may cause a prompt to show up on the remote computer during deployment.

FIG 2.4

FIG 2.5

You’re done!  If everything went right, you should be able to connect to the remote computer and remote control it by simply double-clicking on the computer in the main window.

how-to Comments February 11th, 2010

If you’ve been having problems with your groups and computers reverting to the default upon the previous update, this version should resolve that issue.  I apologize for the rough process in the last version upgrade.  Measures have been put into place to prevent this  from happening again.  Please let us know if you experience any problems with this new version.

Just as a reminder, you should always make a good backup of your data before upgrading to new versions.

Download Link

Releases Comments February 10th, 2010

We’ve posted the latest release of Bozteck VNCScan Enterprise Network Manager (VENM) to our downloads page today!

If you saw that there was a version 2010.2.3 and downloaded it before we could correct the error, you probably downloaded a (less than stable) beta version instead of this release.  Please re-download the update to be sure that you’re on the stable code base.

We’ve done some more work to make moving your data files around much easier.  You can modify the root location (the folder that contains the data, profiles, and jobs folders) in the main program preferences in the “Support Files” section.

If you’re moving the data to somewhere on the same volume, you can simply hit the “Change” button and browse to a folder where you want them to be.  When prompted, let the program move the files for you into that location.

If you’re moving to a network location or another volume, manually create that destination folder and copy the data, profiles, and jobs folders into that new destination folder.  After this is completed, follow the steps above and answer “No” when asked if the program should move the files for you.

Releases Comments February 4th, 2010

View Video

The LAN tester does the following:

1. Created a dynamically sized file specified by you
2. Sends the file to a specified share on the remote computer (default is ADMIN$)
3. Times the transfer
4. Downloads the same file from the destination
5. Times the transfer
6. Cleans up the files from both ends
7. Reports the results to you

Videos Comments December 4th, 2009

We’ve had a lot of request for the ability to automatically reconnect to computers when they are rebooted.  A majority of the requests were resolved with the implementation of the background scanner and the actions that can be performed when the scanner detects that the computer is alive.

To take this a step further, we’ve modified the ping window that happens when you right-click a computer and choose “Ping Computer”.  Instead of just opening a command window with the standard ping command running, we’ve designed our own.  We’ve done this in order to bring you an exciting new feature – automatically running commands or connecting when a computer responds for X number of consecutive pings.

Here’s a quick video showing how: http://screencast.com/t/CqJI7YhE

Download the latest version here!

Polls and Opinions, Releases, Troubleshooting, how-to Comments April 9th, 2009

Overview

New in 2009, Bozteck includes background service scanning and alerting to it’s powerful Enterprise Network Manager. This paper is a brief explanation of how it works and how to best take advantage of this new feature.

Usage and Benefits

Background scanning allows you to see an accurate view of what computers are running the VNC and RDP services as well as what computers are currently pingable on your network. You set the amount of time between scans in the main program preferences and then let VENM fo the rest!

The powerful alerting features keep you up to date on what is happening even when you’re away from your desk. Each of these actions can be set in the group properties and overridden by the computer properties. Below is an overview of available alerting and actions.

• When a computer goes offline
  • Send an email to a designated address
  • Run a local custom command such as “PING -t %HOST%” or any other command that you have created using the Custom Commands feature in VENM.
• When a computer comes back online
  • Send an email to a designated address
  • Auto-connect to VNC once the VNC service has been detected
  • Run a script remotely on the computer once Windows has been fully loaded. This is a powerful way to schedule a script if the computer is currently not online.

How It Works

There is a decision tree method being employed for determining if a computer should be probed in the background. This decision tree is explained in the following bullet points.

• Scanning is enabled in the program preferences
  • Scanning is enabled in the group settings
    • Computer is inheriting settings from the group
      • Scan the computer according to group settings
    • Computer is overriding group settings
      • Services are selected in the computer settings
        • Scan the selected services
      • Services are NOT selected in the computer settings
        • Skip this computer in the group scan
  • Scanning is NOT enabled in the group settings
    • Skip the entire group from background scanning
• Scanning is disabled in the program preferences
  • Do no background scans at all

Conclusion

We’re excited about these new features in the VENM Console and will continue to build upon them. We would love to hear your feedback about this! Let us know what you think at feedback@vncscan.com

how-to Comments January 19th, 2009

how-to Comments January 15th, 2009

McAfee Antivirus is falsely detecting VNC remote control software as a malware and deleting it upon detection. This is causing a major problem for a lot of remote management tools that rely upon this popular open source software to operate.

If you are using McAfee on your network, you can use the following detection log as a checklist of files that need to be added to your “exclusion list” inside your antivirus properties.

You may also want to look into your McAfee settings for ways to change the default action from DELETE to LOG. We’ve notified McAfee of this problem and are awaiting a response. If this problem is affecting you, please contact them at vendor_questions@mcafee.com.

9/19/2008 11:30:01 AM Scan Started BMSANWS4LZ13D1\SYSTEM (managed) VirusScan 8.5 on demand friday scan
9/19/2008 11:36:51 AM Deleted SYSTEM C:\FASTPUSH\VNC7\REALVNC4\LOGMESSAGES.DLL RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:51 AM Deleted SYSTEM c:\fastpush\vnc7\realvnc4\logmessages.dll RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM C:\FASTPUSH\VNC7\REALVNC4\VNCCONFIG.EXE RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM c:\fastpush\vnc7\realvnc4\vncconfig.exe RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM C:\FASTPUSH\VNC7\REALVNC4\WINVNC4.EXE RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM c:\fastpush\vnc7\realvnc4\winvnc4.exe RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM C:\FASTPUSH\VNC7\REALVNC4\WM_HOOKS.DLL RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM c:\fastpush\vnc7\realvnc4\wm_hooks.dll RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:53 AM Deleted SYSTEM C:\FASTPUSH\VNC7\ULTRA\WINVNC.EXE RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:53 AM Deleted SYSTEM c:\fastpush\vnc7\ultra\winvnc.exe RemAdm-VNCView(Remote Admin Tool)

Troubleshooting Comments September 23rd, 2008

You need a jailbroken iPhone for this and now I’ve found the second coolest reason to jailbreak your iPhone (second only to Qik). You can download and install this using Cydia.

I installed this about an hour ago and have been having a blast with it. You can just add it to your group in VNCScan or use the standard VNC viewer from UltraVNC, TightVNC, RealVNC, or Chicken of the VNC.

There are no two-finger motions integrated into this but the text input using your PC or MAC keyboard more than makes up for that!

General Comments September 18th, 2008

I’ve had a lot of requests for a way to disable XP firewalls on the network or at least open up the required ports to remotely manage the computers. If your workstations are protected by a NAT translating router with a decent firewall built into it, there is typically little need for the XP desktop firewall to be running on them.

If you have the XP firewall enabled, there’s very little that you can do in the way of remote management for these PC’s. Fortunately, there are was to automate the configuration of the XP firewalls on your network depending on what type of a network you are using.

Login Script Method

The easiest way to do this is with a login script. If your company is using a directory services such as Novel or Active Directory, you can create a script that runs each time that a user logs in. You can use this script to open the required firewall ports.

We run into a problem, however, if the user that is logging in does not have local administrative rights on his PC. This is required to modify the settings. For this, we can employ a nice piece of freeware called CPAU. Using this tool, you can do a run-as style command to make it go. Alternatively, you can use a tool such as Admin Script Editor to compile your script into an executable that runs under a specific security account. There are other tools that can do this and feel free to add them in the comments section if you would.

Active Directory Startup Script Method

You can also run the script using Active Directory’s group policy for the machine account. This script runs under the context of the machine’s system account and does not need to be elevated by tools such as CPAU. You can do this in the Group Policy Editor under “Windows Settings => Scripts => Startup”.

The following is a script that will open the required ports on the XP firewall:

netsh firewall set portopening udp 445 WindowsNetworking enable all
netsh firewall set portopening tcp 139 WindowsNetworking enable all
netsh firewall set portopening udp 137 WindowsNetworking enable all
netsh firewall set portopening udp 138 WindowsNetworking enable all
netsh firewall set portopening tcp 5900 VNC enable all
netsh firewall set portopening tcp 5800 VNC-HTTP enable all

Group Policy Method

You can set these options using Active Directory’s Group Policy, also. You can access this in the Group Policy Editor by navigating to “Computer Configuration => Administrative Templates => Network => Network Connections => Windows Firewall”.

Extra Notes

As a side note, if you choose to use a scripting tool such as Admin Script Editor to compile your script, you can also choose to distribute it directly to the end users so that they can execute it themselves.

Make sure that you also disable Simple File Sharing on the remote computers. That can be just as much of a barrier to remote administration as the firewall. I’ll make a post about that one soon.

Troubleshooting, how-to Comments June 25th, 2008