sâmbătă, 10 iulie 2010

Silent deploying RealVNC. Free Installation And Administration In A Computer Network

In a network based on Microsoft operating systems, administrators need sometimes that besides Remote Desktop tool offered by the manufacturer that allows remote access on any network computer station to use other access tools to allow them to interact with user because Remote Desktop block user access as long the administrator access remote that station. I know there is a tool provided by the manufacturer that require an email account on Hotmail or MSN based on launch and acceptance of invitations but it allows the user to determine the level of interaction with the managed station.
Thus appeared free tools which gives administrator the ability to establish rules for remote access and interact with the user directly on the working environment it works. In this way the administrator can view real-time event on a station or applications that a user may complain that not working properly. Often these solutions are used by consulting software firms as teaching tools, and user can view certain steps to be followed for operation of installed applications.
Among the most popular remote access solutions:
- TeamViewer - http://www.teamviewer.com/download/ - developed by TeamViewer GmbH
UltraVNC - http://www.uvnc.com/download/ - developed under a free project by UltraVNC
- TightVNC - http://www.tightvnc.com/download.php - developed by TightVNC Group
Although some of the solutions may be easier to solve what I will present in this solution, I was stopped at the free version of RealVNC solution given the high degree of its use in different networks.
Because the free version of RealVNC application does not allow remote installation of the product on network stations or its management, I will present how you can install and manage free (without using other software with money) a free version of RealVNC product.
You must install the program on an independent station.
After installing the program, performs the following steps:

01.Set a password for remote access station (eg. P@ssw0rd)
VNC Password Authentication/Configure

02.On the station which we performed program installation, call your system registry to view keys added to it.
Start/Run/regedit
My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4
and record the key Password (31 7c 13 dd b5 44 c6 c7) - here the input string corresponding to the password (P@ssw0rd) introduced after installing the program.

03.Create a batch file VNCPdel.bat:
(We will use it to delete records from the registry if the program was already installed)
@ECHO OFF
REG DELETE HKLM\Software\RealVNC\WinVNC4 /v Password /f
REG DELETE HKLM\Software\RealVNC\ WinVNC4 /v QueryConnect /f
REG DELETE HKLM\Software\RealVNC\ WinVNC4 /v QueryOnlyIfLoggedOn /f
REG DELETE HKLM\Software\RealVNC\ WinVNC4 /v ReverseSecurityTypes /f
REG DELETE HKLM\Software\RealVNC\ WinVNC4 /v SecurityTypes /f
CLS

04.Create a batch file VNCPadd.bat:
(We will use it to add the program registry keys on the station that we installed the product)
@ECHO OFF
REG ADD HKLM\Software\RealVNC\WinVNC4 /v Password /t REG_BINARY /d 317c13ddb544c6c7 /f
REG ADD HKLM\Software\RealVNC\WinVNC4 /v QueryConnect /t REG_DWORD /d 0 /f
REG ADD HKLM\Software\RealVNC\WinVNC4 /v QueryOnlyIfLoggedOn /t REG_DWORD /d 0 /f
REG ADD HKLM\Software\RealVNC\WinVNC4 /v ReverseSecurityTypes /t REG_SZ /d none /f
REG ADD HKLM\Software\RealVNC\WinVNC4 /v SecurityTypes / t REG_SZ /d VncAuth /f
CLS

05.Create a batch file VNCPkey.bat:
(We will use it to create a service "VNC Server Version 4" on the station that we installed the product)
@ECHO OFF
C:\Progra~1\RealVNC\VNC4\winvnc4.exe -noconsole -register
CLS

06.Create a batch file VNCPdw.bat:
(We will use it to stop the service on stations that program was installed)
@ECHO OFF
net stop "VNC Server Version 4"
CLS

07.Create a batch file VNCPup.bat:
(We will use it to start the service on stations that will install the program)
@ECHO OFF
net start "VNC Server Version 4"
CLS

08.Because some commands can be executed only with the administrator rights, we use free software developed by Robotronic Runasspc which allows, indeed even its encryption.
Download the package Runasspc produced by Robotronic from this location: http://robotronic.de/runasspc/runasspcEn.zip

09.Because batch files with .bat extension was transmitted in clear over the network, we will compile into executable files using the Bat2Exe program that can be downloaded from this location: http://www.f2ko.de/downloads/Bat_To_Exe_Converter.zip
This is extremely intuitive to use. We compile the previously .bat files into .exe files.

10.To hide trayicon, we use an executable recompiled of winvnc4.exe.
From this location will be download the executable winvnc4.exe-secret: http://www.jankratochvil.net/project/winvnc/vnc-4_1_2-x86_win32-winvnc4.exe-SECRET.zip and will change the extension to .exe

11.On a workstation or network server we create a shared location RealVNC and Tools location.

12.In shared location copy the following:
- in \\IP shared station\RealVNC\ we will copy the contents of the folder C:\Program Files\RealVNC\
- in \\IP shared station\RealVNC\VNC4\ we will copy the file winvnc4.exe recompiled downloaded in section 10
- in \\IP shared station\Tools\ we will copy the files: runasspc.exe, VNCPadd.exe, VNCPdel.exe, VNCPdw.bat, VNCPkey.exe, VNCPrem.exe, VNCPup.bat.
(.exe files are the result of compilation above)

13.We create RealVNC.bat file that will make all connections between them.
@ECHO OFF
IF EXIST C:\Progra~1\RealVNC\VNC4\ (
C:
CD \
CD C:\Progra~1\
RD Tools /S /Q
MD Tools
xcopy /q /z /y \\\IP shared station\\Tools C:\Progra~1\Tools\
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPdw.bat" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
RD RealVNC /S /Q
CLS
xcopy /q /z /y \\IP shared station\RealVNC\VNC4 C:\Progra~1\RealVNC\VNC4\
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPdel.exe" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPadd.exe" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPup.bat" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
CD \
CLS
) ELSE (
C:
CD \
CD C:\Progra~1\
MD Tools
xcopy /q /z /y \\IP shared station\Tools C:\Progra~1\Tools\
MD RealVNC
CD RealVNC
MD VNC4
xcopy /q /z /y \\IP shared station\RealVNC\VNC4 C:\Progra~1\RealVNC\VNC4\
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPkey.exe" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPadd.exe" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPup.bat" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
CD \
CLS
)
\\IP shared station\Tools\VNCPrem.exe
CLS

Explanation for this .bat:
- Check existing previous program installation
- If it is installed, the service will stop "VNC Server Version 4", will be copied files from the \\IP shared station\Tools into a local created location C:\Program Files\Tools\, will be removed existing program files from C:\Program Files\RealVNC\, will be copied fom the location specified in \\IP shared station\RealVNC\VNC4 in the local location C:\Program Files\RealVNC\VNC4\. From the registry will be deleted existing keys and will be created new ones, and then restart the "VNC Server Version 4" service.
- If it is not installed, will be created local folders C:\Program Files\RealVNC\ and C:\Program Files\RealVNC\VNC4\, will be copied all files from the \\IP shared station\Tools in a local created location C:\Program Files\Tools\, will be copied all files from the location \\IP shared station\RealVNC\VNC4 in the local location C:\Program Files\RealVNC\VNC4\. Will be created a local service called "VNC Server Version 4", will be created registry keys associated with desired application and then will be started "VNC Server Version 4" service.
- Will be deleted the local content and location C:\Program Files\Tools\.

14. Create the policy called "RealVNC Policy" which will contain:
a. Computer Configuration/Policies/Windows Settings/Security Settings/File System and we will add
-%ProgramFiles%\RealVNC
-%ProgramFiles%\Tools
on which we will give full rights to Authenticated Users
b. Computer Configuration/Policies/Windows Settings/Security Settings/System Services/ and we will add WinVNC4 service and will specify to start automatically and give full rights to Authenticated on this service.
c. User Configuration/Policies/Windows Settings/Scripts/Logon
where we copy the batch file RealVNC.bat created earlier.

15.We apply group policy for computers that we want to install this application.

16.To have the same local administrator password for all stations in the network, you can create a file AdminPwd.bat like:
@ECHO OFF
C:\WINDOWS\system32\net user administrator [password of your choice]
C:\WINNT\system32\net user administrator [password of your choice]
CLS

and will create a new policy "Local Admin Password"
Computer Configuration/Policies/Windows Settings/Scripts/Logon where we copy the file AdminPwd.bat

After achieving its purpose, you can disable these policies or re-apply to another group as needed.

With the help of SmartCode VNC Manager (Enterprise Edition) I could only view PCs where RealVNC was installed and remote password reset. The remote installation failed, and I was forced to use the solution presented above.In addition to install and manage remotely using SmatCode application must be activated on each network station DCOM service that requiring a new policy "DCOM Settings" which should include:
a. Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies/Security Option
- DCOM: Machine Access Restrictions in Security Descriptor Definition Language
by adding the Everyone group and SYSTEM access rights locally and remotely by activating the "Edit Security .."
- DCOM: Machine Launch Restrictions in Security Descriptor Definition Language
by adding the Everyone group and SYSTEM rights to launch and activate local and remote by activating the "Edit Security .."
b. Computer Configuration / Policies / Windows Settings / Security Settings / System Services / DCOM Server Process Launcher
- Automatic startup - no additional settings
Great care with this policy "DCOM Settings"! Once activated on the network stations it will override existing security permissions.

If you want to change your password again, it will be created a different locally password, read its value from the registry and the file will be changed with the corresponding value in VNCPadd.bat as shown in Section 3 and 4 and we will compile the file again, following as VNCPadd.exe to be copied over in \\IP shared station\Tools\. Of course not all content will be necessary in RealVNC.bat file and not all .exe files created earlier.
a. VNCPdel1.bat will be:
@ECHO OFF
REG DELETE HKLM\Software\RealVNC\WinVNC4 /v Password /f
CLS

b. VNCPadd1.bat will be:
@ECHO OFF
REG ADD HKLM\Software\RealVNC\WinVNC4 /v Password /t REG_BINARY /d 89D58D7D0F5E5C23 /f
CLS

corresponding character string of "Remote13" password readed from the registry in accordance with item 2

c. RemoteVNC1.bat will be as follows:
@ECHO OFF
C:
CD \
CD C:\Progra~1\
RD Tools /S /Q
MD Tools
xcopy /q /z /y \\IP shared station\Tools C:\Progra~1\Tools\
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPdw.bat" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPdel.exe" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPadd.exe" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
C:\Progra~1\Tools\runasspc /program:"C:\Progra~1\Tools\VNCPup.bat" /domain:"localhost" /user:"Administrator" /password:"local Administrator password" /quiet
\\IP shared station\Tools\VNCPrem.exe
CD \
CLS

in the Tools folder must exist following files: runasspc.exe, VNCPadd1.exe, VNCPdel1.exe, VNCPdw.bat, VNCPrem.exe, VNCPup.bat.

In the same way you can install any free application on network PCs always looking at:
- Location where application was installed
- Files to be installed
- Registry keys and their value

Good luck!

7 comentarii:

  1. buna,
    esti de acord cu un link exchange ?
    eu te-am adăugat.
    numai bine

    RăspundețiȘtergere
  2. Stiu ca este offtopic dar te rog mult sa vii sa vezi poza mea de pe facebook, cu care particip la un concurs de fotografie, si, daca iti place, voteaza-ma! DEtaliile le gasesti pe ultimul meu articol (din pacate stiu ca iar nu se actualizeaza articolele si momentan nu prea am ce-i face)! Multumesc frumos!
    http://www.facebook.com/photo.php?pid=389882&id=114797778548103&ref=fbx_album

    RăspundețiȘtergere
  3. Am observat ca nu ai mai scris nimic de mult timp. Sper ca esti sanatos, tu si familia ta. Cu bine !

    RăspundețiȘtergere
  4. Thanks for sharing..!! I love your post .. I am looking more post like this one on
    this blog .. this post proves really helpful for me .
    RealVNC

    RăspundețiȘtergere
  5. Does this work with Windows 7? Any changes?

    RăspundețiȘtergere