VNC Deployment Tool user guide

Index

Overview

VNCTool provides system administrators with a powerful and easy-to-use tool for deploying and maintaining VNC installations. When run, VNCTool presents the following user interface:

VNCTool Main Window

The Network View displays the results of the most recent network scan. Selecting a host in the Network View displays information in the Detail View about the version of VNC installed on that host.

Scanning Your Network

VNCTool provides three scanning modes, selectable via the Scan Options dialog (select Options... from the Scan menu):

VNCTool Options Menu

Scan Options Window

Select Network neighbourhood to scan hosts that are members of the local Windows NT domain; select Entire network to scan all hosts in the Windows NT domain forest; or select IP address range to scan a specific, contiguous range of IP address. For normal operation, ensure that the Product version field is set to All known versions; see the Legacy Support section for information on how to use this field.

To start the scan, select Start Scan from the Scan menu. The progress of the scan is displayed in the Network View:

VNCTool Scan Menu

VNCTool Main Window

The Network View displays a tree structure representing your network, with a node for each host, domain and network. The icons in the tree have the following meanings:

entire network
The top-level node for scans of the entire network.
network neighbourhood
The top-level node for scans of the network neighbourhood.
network
A network.
domain
A Windows domain, or the top-level node for scans of an IP address range.
host
A successfully-scanned host.
host error
An unsuccessfully-scanned host. The Detail View displays information regarding the type of error encountered. Common reasons for failure are that the host is unavailable or is not running Windows, or that VNCTool does not have permission to access it.
host attention
A successfully-scanned host that requires attention. The Detail View displays information regarding the attention required, usually an issue with the license key.
unkown error
An unknown node. The Detail View displays information regarding the error encountered.

Selecting a node in this tree displays information in the Detail View for all successfully-scanned descendant nodes. The information includes the hostname, the VNC product name, the internal version number and the status of the WinVNC service. If there is no valid license installed, or only a trial license, this information is also displayed here.

Credentials

VNCTool must be run with suitable administrative privilages in order to gain access to remote machines. If your normal user account does not have this level of access, VNCTool allows additional credentials to be entered explicitly. To enter additional credentials, select Credentials... from the Scan menu. Click on the Add... button and enter the username and password for an account that has administrative access to the hosts you want to administer:

credentials menu

credentials window

When scanning the network, VNCTool first attempts access using the default credentials; if this fails, it tries each additional credential in turn. Because of this, scanning using additional credentials entered in this manner is slower than scanning with only the default credentials.

Note that this feature can be used to allow administration of multiple domains if a suitable foriegn domain account is used.

Installing VNC

The installation process can be configured using the Install Options dialog (select Options... from the Installation menu):

VNCTool Options Menu

Install Options Window

The Installer entry field allows the user to specify the installer to be used. This allows the same copy of VNCTool to be used to install and administer multiple versions of VNC. VNCTool is packaged with a VNC installer and will use that installer by default.

The Password settings... button brings up a dialog that can be used to determine the action taken by the installer regarding the VNC password. There are three options: set the VNC password unconditionally; set the VNC password only if it currently unset or invalid; or never set the VNC password.

The License key drop-down menu allows the user to select which license keys are used by the installer, as follows:

  • Do not install a license key may be appropriate if VNC Free Edition is being installed, but you will not be able to remotely administer installations that do not have a license key.
  • Automatic will attempt to allocate a license key for each host that does not already have one, up to the maximum number of copies allowed for each license.
  • Selecting any other key will use that key for installations.

Selecting Replace existing keys will apply the selected license key to all hosts, including those that already have a valid license key installed; if this option is not selected then the license key will only be installed on hosts that do not already have one.

See the License Key Managementsection for information on how to use VNCTool to manage your license keys.

After a scan of the network has been conducted, right-clicking in either the Network View or the Detail View pops up a menu allowing VNC to be installed or reinstalled on a collection of hosts:

Installing Using the Network View

Installing Using the Detail View

In the Network View, VNC is installed on all successfully-scanned hosts that are descendants of the selected node; in the Detail View, VNC is installed on all selected hosts. In either case, the Detail View displays the progress of the installation as follows:

Preparing for installation
Copying the installer and auxiliary files to the remote host.
Starting installer service
Starting the installer service on the remote host.
Stopping WinVNC service
Stopping the WinVNC service and closing down any VNC-related applications on the remote host in prior to installation.
Installing WinVNC
Running the installer process.
Testing RSA key integrity
Ensuring that a valid RSA private/public key pair exists on the host.
Generating new RSA keys
Generating a new RSA private/public key pair (if the previous test fails).
Installing license key
Installing a license key.
Cleaning up installer service
Deleting the installer and auxiliary files and stopping the installer service.

Once the installations are complete, a dialog is displayed providing a summary of the outcome.

A similar process is used to uninstall VNC from a set of remote hosts; simply select Uninstall from the pop-up menu.

Configuring VNC

To configure an existing VNC installation, first perform a network scan as described in the Scanning Your Network section. Select the host to configure using either the Network View or the Detail View and select Quick Configure... from the pop-up menu, or by double-clicking on the host:

Editing Using the Network View

Editing Using the Detail View

This will open the Editing settings dialog viewing the configuration parameters on the selected host:

WinVNC Options Window

The settings displayed in this dialog correspond to the configuration parameters of the VNC Server. This page gives a complete list of these parameters and their interpretation.

Clicking on the Settings button pops up a menu as shown, allowing the settings to be edited, added or deleted. These functions are also available using a double-click, the Insert key and the Delete key, respectively. In addition, the Settings pop-up menu allows the settings to be imported from the registry of the local machine, making it easy to update the configuration of a remote machine to match that of the local one. Settings can also be saved as a registry file that can be applied using the Windows explorer shell or the regedit registry editing application.

This method of configuring only allows one host to be configured at a time. VNCTool also provides a more powerful mechanism for updating the configuration of multiple remote hosts at the same time. To do this, select Edit Configuration... from the Edit menu to open the above dialog, and select Add setting... from the Settings menu to add the configuration parameters required. Any parameters not specified at this stage will not be updated.

WinVNC Options Menu

WinVNC Options Window

Alternatively, import a configuration from a remote host by selecting it in either the Network View or the Detail View and selecting Import VNC settings from the pop-up menu, and use the above dialog to modify it as required. Once a suitable set of configuration parameters has been set, select the hosts to which it should be applied using either the Network View or the Detail View and select Export VNC settings from the pop-up menu.

NTLogon_Config Syntax

The NtLogon_Config parameter is entered using a convenient human-readable syntax consisting of a comma-separated list of credentials, where each credential consists of an account name followed by a colon and the desired access rights. For example, the following string specifies that the administrator account on the HOME domain is granted full access, and the local group VNC Users is granted default access:

HOME\administrator:f,VNC Users:d

In general, each account name is either a fully-qualified domain account name of the form DOMAIN\acct or an unqualified local account name1. The access permissions are specified as a string, with characters interpreted as follows:

  • v: View display contents.
  • p: Send pointer events.
  • k: Send keyboard events.
  • c: Send and receive clipboard contents.
  • d: Default access. Currently equivalent to vpkc.
  • q: Connect without accept/reject prompt.
  • d:Full access. Currently equivalent to vpkcq.

1Local accounts can also be specified as fully-qualified names of the form HOST\acct, but this is not necessary.

License Key Management

VNCTool provides a keyring that you can use to store your license keys for VNC Enterprise Edition. To use the keyring, select Add/Remove Licenses... from the Licenses menu:

License Keys Menu

License Keys Window

Click the Add... button to add a new license key to your keyring:

add license window

The New License dialog allows a mnemonic name to be associated with each license key. When adding a license key, VNCTool ensures that these names are unique, and that no two names refer to the same license key. It also detects when one key is a replacement for another, for example a new key issued by RealVNC Ltd. as part of an ongoing maintenance contract. When a replacement key is entered, a confirmation dialog is displayed and the old license is replaced with the new one.

The New License dialog also allows a trial key to be generated. Clicking the Trial license button adds a license key to your keyring that is valid for up to ten computers and for a period of seven days. You must have Administrator privilages to generate a trial license, and only one trial license can be generated in this way; to continue using VNCTool once this license has expired, purchase a license for the VNC Enterprise Edition software.

License Key Auditing

In addition to installing and configuring VNC, VNCTool provides a simple mechanism for updating license keys when replacement keys are issued, and for ensuring that no key is installed on more hosts than is allowed by your license agreement. To perform a license key audit, first perform a network scan as described in the Scanning Your Network section, then select Audit Licenses... from the Scan menu:

Audit Licenses Menu

Audit Licenses Window

The Audit Licenses dialog displays a tree containing each license key on your keyring with the hosts that have that key installed. Any hosts that do not have license keys installed, or have unrecognised license keys installed are displayed at the bottom of the list as Unlicensed or Unrecognised, respectively. Selecting a key or a host using that key displays in the upper right-hand corner of the dialog the maximum number of hosts for which that key is valid, and the number of hosts that are currently using it; for convenience, this information is also displayed in brackets next to the key in the list. The icons in the tree have the following meanings:

Tick
The number of hosts using this license key is no greater than that for which is valid.
Cross
This license key is overused—the number of hosts using it exceeds that for which is valid.
Upgrade
Some hosts are using an out-of-date version of this license key.
Unlicensed
Hosts running a version of VNC that requires a license key but that do not have one installed.
Unrecognised
Hosts with a license key that is valid but is not on your keyring.
Host
A host.

License keys can be reassigned manually by dragging a host from one key to another. Note that, if the host does not currently have a license key installed, this operation may require that the vncconfig program is run on it; in this case, a small pop-up dialog is displayed to notify the user of the progress of the operation and to prevent further interaction. If the host already has a license key installed then this is not necessary and the operation is much more responsive.

If there are any hosts that are using an out-of-date version of a key on your keyring, these are listed under the appropriate key with the text (earlier version) after the host name. If a host is using an out-of-date version of a license key, it will not be able to run the most recent version of the VNC software. The keys installed on these hosts can upgraded by right-clicking either on the host or the key and selecting Upgrade License or Upgrade Licenses, respectively:

Before

upgrade host

upgrade key

After

Alternatively, the Reallocate Licenses button can be used to automatically reassign license keys to hosts in an attempt to ensure that no license key is overused. It does this by first upgrading any hosts using out-of-date license keys to the versions on your keyring; second, it reallocates hosts from overused license keys; third it allocates license keys to hosts that do not currently have one; fourth it allocates full license keys to hosts that currently have only trial licenses; finally it reallocates hosts from unrecognised keys. Each of these steps can be disabled using the Audit Options dialog described below, and all automatic reallocations are done subject to the constraint that the target key does not become overused—this constraint does not apply for manual key reallocation. If the reallocation cannot complete due to insufficient license keys, an error dialog is displayed. In this case, the Edit Licenses... button can be used to add more licenses, as described in the previous section.

If you have license keys for more than one product, you must audit each product individually. To select the product to audit, and to control the automatic reallocation process described above, click the Options... button to bring up the Audit Options dialog:

Audit Options Window

The products for which you have license keys on your keyring are displayed in the Product list.

Immediate Administration

If you have a large network, performing a scan of it can be time-consuming. One way to avoid this overhead is to use items from the Installation or Configuration menus to manually specify a host or set of hosts to administer.

The Installation menu allows you to install or uninstall VNC on remote machines using the Install/Reinstall VNC... and Uninstall VNC... commands, respectively. Using this method to install VNC means that the current state of your network is not available to the installer. In particular, this means that automatic license key allocation cannot be done accurately. If automatic license allocation is used with this method of installation, it is recommended that you perform a license key audit afterwards.

The Configuration menu allows you to import, export or directly edit the VNC settings of remote machines using the Import VNC Settings..., Export VNC Settings... and Quick Configure... commands, respectively.

Saving Scan Results

At any stage during a network scan, the results so far can be saved by selecting Save Results... from the Scan menu:

Save Menu

Save Window

The scan results are saved in XML format and can subsequently be loaded by selecting Load Results... from the Scan menu. If your network is relatively static, this technique can be used to avoid scanning it every time you run VNCTool; the status of individual hosts can be refreshed by selecting them in either the Network View or the Detail View, and selecting Refresh from the pop-up menu.

In addition to files saved using Save Results... from the Scan menu, VNCTool will also load files consisting of a list of hostnames, one per line. Hence, it is possible to prepare in advance a list of hosts and then use the GUI to administer them in a more user-friendly manner than that provided by the Commands menu.

Legacy Support

VNCTool provides some support for remote administration of legacy versions of VNC from 3.3.4 to 3.3.7; currently this support is limited to scanning and removing such installations. To remove only legacy versions of VNC, select Options... from the Scan menu, and ensure that the Product version field is set to Version 3 (3.3.4 to 3.3.7)2. Perform a scan of your network to identify the hosts that have legacy installations; these can then be uninstalled by right-clicking on them and selecting Uninstall from the pop-up menu.

2 If this field is set to All known versions then VNCTool will scan (and hence offer to remove) legacy installations only on hosts that do not also have an installation of VNC Enterprise Edition.

System Requirements

VNCTool requires Windows NT 4 (with Internet Explorer 4) or later, Windows 2000, Windows XP Professional or Windows 2003.

© RealVNC Limited