To create a new KACE UltraVNC distribution policy, click on the Scripting Tab>UltraVNC Wizard. You will see these options:
Choose what you want your users to have for set as their UltraVNC Settings and click save. You will now have a new script available by clicking the Scripting Tab, usually named UltraVNC policy. I don't like the users to know anything about UltraVNC, so I edited the policy by clicking the "edit the policy using this editor, click here." link. I added in this task to the policy: Launch “SYS\
Next you will want to create some "Smart Labels" to deploy the software to your users. I created one Called Needs UltraVNC Deployed with criteria Software Titles does not contain UltraVNC. I then edited my UltraVNC Policy's Deployment section to Limit deployment to selected labels: "Needs UltraVNC Deployed". I selected Don't Run on a Schedule "Also Run Once at next Client Checkin" and saved. This deploys the software to anyone that does not have it installed. When they check-in again KACE sees they have the software and they drop out of this Smart Label.
Next, you will want to ensure that you have VNC Viewer installed on any of the Help Desk Staff members' PCs. Easy enough, you can download the latest copy from www.ultravnc.com.
Now to remote control one of the PCs you've deployed VNC to, you will want to create a custom machine action. This allows you to simply click an icon next to the PC in your inventory to take control (only works in IE.) To create a custom machine action, click the Settings Tab>General Settings and scroll down to the "Machine Actions" section. Click on edit mode, click the drop down list for Action #2 and choose VNC Remote Control Using HOST NAME. Click "Set Actions". That's it. You'll see a new icon next to your PC's in your inventory. Click on one that you know you have VNC deployed to and test.
I'm assuming you have opened up the appropriate ports for your KBOX Agents to connect to your k1000 from anywhere in the world. This is a big part of how we're going to get around remote controlling NAT'ed home users. Once VNC is deployed to their systems the rest is pretty simple. You will want to setup a dedicated Windows Server to be your VNC Proxy. The TCP ports 5901 and 5500 (80 if you want to be able to access the admin web page) must be open to it through your firewall on the server and your company's VPN. It must have an internet routable IP Address as well, so you'll need to implement a NAT rule on your firewall to accomplish this. Now you need to setup the UltraVNC Repeater software. You can obtain it from www.ultravnc.com. Once you've downloaded the .zip Extract it to C:\Program Files\UltraVNC_Repeater\. Run C:\Program Files\UltraVNC_Repeater\distributer.exe -install to install as a service. The default TCP Port 80 is where the web server will run. You should be able to open up a web browser to the admin page. The default username and password is admin. You want to change that first and foremost. Click the settings button and uncheck mode I. We only want mode II (2) running. You can also specify a different Web GUI Port at this point if desired. That's all the configuration we need to do for the Repeater server to be up and running.
Now to actually be able to establish connections to the home users using this Proxy/Repeater server we will create a new script in KACE. What I did was give each Help Desk Administrator their own script with built in ID. This script will be run on target home users when remote control access is required on them. A repeater connection requires an ID of 4 numbers to begin. So click on the Scripting Tab. Click the "Choose Action" drop down menu and select Add New Item. We want an Online KScript.
Give it a name like "UltraVNC Connection - ID 1234 - <your help desk admin's name>.
Status Production.
Check Enabled.
Leave the Deployment section empty. You will choose individual machines on an as needed basis to establish connections to the Repeater server.
Supported OS: MS Windows.
Run As Local System
Leave Alerts blank unless desired.
Don't Run on a Schedule
Add the tasks:
- Launch “SYS\
cmd.exe” with params “/C ”C:\ Program Files\ UltraVNC\ winvnc.exe“ -autoreconnect ID:<give it a 4 digit Unique ID> -connect <your external IP to the Repeater Server>::5500”. - Log “DOS Command Issued Successfully.” to “status”.
Make it Attempt 1 time. On Failure: Break.
Save the Script.
Now when your Help Desk needs to Remote Control a Home User, they can add the user to the deployment list (making sure they remove any old users from the list first) and click on Run Now. They will be notified when the script has been run, and they can verify they have a waiting session on the Web GUI of the Repeater Server if desired.
Once they have a waiting connection on the Repeater server they will want to view it. To do so I created the Help Desk Administrators each their own batch script that they can easily double-click to connect to their assigned Repeater IDs. This is all that needs to be inside of the script:
"C:\Program Files\UltraVNC\vncviewer.exe" -proxy <IP/Hostname of your repeater server>::5901 ID:<4 digit Unique ID you want to Connect To>
That's it. Once you run the batch file, you will be launching VNC Viewer and connecting directly into the session.
If you wanted to do this manually by opening up the VNC Viewer application you would do this:
if you are looking for a remote control program easy to use and do not give you any annoyance to the configuration of ports, firewalls and more use Ammyy Admin is quite useful.
ReplyDelete