Once the project is saved, your modified installer is ready for deployment. For example, you can simply run setup.exe. The EXE reads the setup.ini file which contains references to your transform file (MST) and any needed updates. Alternatively, you can reference the MST from the command line.
![]()
NEW: Separate MSI installers for VNC Server and VNC Viewer are available for download for deployment to target computers in a Group Policy Object. VNC Server can also be licensed at install-time. Hello ive download UltraVnc1212X64.msi and i want to deploy it. I want to edit the msi with orca to create a MST file so i can only install vnc.
Generate a transform file¶
A transform (.mst) file contains your modifications and any files added to the project (.msi) file. The Wizard updates the associated transform file every time you save a project.
To create a Transform file:
You can generate a copy of an open transform file and then apply it to another project. In order to apply the new transform file to another project, you must open the new project and load the transform file.
Examples¶Bootstrapper installation¶
You can use your customized MST for bootstrapper deployments. The bootstrapper Setup.exe file uses setup.ini as its configuration file. As you customize the installer with the Wizard, the Setup.ini file automatically updates. The Setup.exe file uses Setup.ini as it’s configuration file. Before deployment, open Setup.ini, verify it contains all the properties you need, and edit it as neccessary.
Setup.ini contains two sections:
MST usage in Setup.ini
TRANSFORMS on the cmd line¶
Installer modifications created in the Customization Wizard are saved to an MST file. The MST must be referenced in the .ini file or on the command line. This example installs a customized version of Acrobat Professional, displays a basic user interface, and enables verbose logging.
Installing with an MST
Language selection¶
You can use the LANG_LIST property to specify languages. Specify both the language code and the language-specific MST:
AIP installation¶
To create an administrative installation for a customized installer, use /a and TRANSFORMS. For example, the following installs Acrobat Pro with an MST file created with the Customization Wizard:
To create an administrative installation for a major release installer and a patch, use /a and /p. For example, the following installs Acrobat Pro 10.0 with the 10.1.0 patch:
Note
![]()
It’s always a good idea to keep the files in the same directory and cd to that directory so that you can run the commands from there.
Learning has never been so easy!
You can remotely configure VNC with an Enterprise license using policy, and then provision target Windows, Mac or Linux computers using a suitable mechanism such as Group Policy under Windows. VNC applications controlled by policy are locked down and cannot be changed by users.
VNC is controlled using VNC parameters; all of these can be remotely configured and locked down. The full list of VNC parameters can be accessed here: https://www.realvnc.com/products/vnc/documentation/5.2/parameters/
8 Steps totalStep 1: Remotely configuring and locking down Windows computers (1/4)
These steps will show you how to use Microsoft Group Policy tools to remotely configure and lock down Windows computers.
Begin by downloading the Windows policy template files (https://www.realvnc.com/download/deployment/policy/windows/). Extract these into one of the following directories, depending on your version of Windows:
• For Windows NT, 2000, XP, and Server 2003 computers, extract the ADM files to C:Windowsinf in order to load into Group Policy Object Editor (or equivalent snap-in).
• For modern Windows computers (as per the screenshot above), extract the ADMX + ADML hierarchy of files to C:WindowsPolicyDefinitions in order to load into Group Policy Management Editor (or equivalent application). Step 2: Remotely configuring and locking down Windows computers (2/4)
The table in the screenshot above shows the policy template file(s) that correspond with each VNC application (the full table - with clickable 'more' links - is available here under the 'Setting up Group Policy under Windows' heading: https://www.realvnc.com/products/vnc/deployment/policy/#windows).
The ‘Area’ column represents either User Configuration > Administrative Templates > RealVNC (referred to as UC), or Computer Configuration > Administrative Templates > RealVNC (referred to as CC). The ‘Mode’ column shows whether the policy template file affects VNC Server in Service Mode or User Mode.
For example, if you want to remotely configure and lock down VNC parameters relating to the connectivity of VNC Server in User Mode, you should expand User Configuration > Administrative Templates > RealVNC > VNC Server > User Mode.
Step 3: Remotely configuring and locking down Windows computers (3/4)
Microsoft Group Policy has three states for policy settings: Disabled, Enabled, and Not Configured. These map to VNC parameters in the following ways:
• To set a boolean VNC parameter to False, choose Disabled.
• To set a boolean VNC parameter to True, choose Enabled. • To configure a non-boolean VNC parameter, choose Enabled and edit the Value box. Select a VNC parameter from this page to see its allowed values: https://www.realvnc.com/products/vnc/documentation/5.2/parameters/.
Note that leaving a policy setting's default state of Not Configured (or changing a non-boolean VNC parameter's state to Disabled) will allow a user to configure that parameter.
Additionally, you can remotely license VNC Server by expanding the CC > Licensing policy template file and editing the License Key Code policy setting. Choose Enabled, then enter your license key into the Value box in the following format: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.
Step 4: Remotely configuring and locking down Windows computers (4/4)
When you have configured your policy template files, you can provision target computers using a suitable mechanism such as a Group Policy Object (GPO).
You should also lock down the following registry keys to prevent users making changes to policy locally:
• HKEY_LOCAL_MACHINEPoliciesRealVNC for the Computer Configuration policy template file (VNC Server in Service Mode).
• HKEY_CURRENT_USERPoliciesRealVNC for all User Configuration policy template files (for each user account running VNC applications).
For instructions on how to deploy VNC using Group Policy, you can read our previous How-to here: https://community.spiceworks.com/how_to/119937-deploying-realvnc-software-msis-using-group-policy.
Step 5: Remotely configuring and locking down Linux/UNIX computers (1/2)
Begin by downloading the Linux/UNIX policy template files (https://www.realvnc.com/download/deployment/policy/) and extracting them to a directory of your choice.
The table in the screenshot above shows the policy template file(s) that correspond with each VNC application. For example, to configure VNC parameters relating to connectivity for VNC Server in Service Mode, edit the vncserver-x11 file.
The full table - with clickable 'more' links - is available here: https://www.realvnc.com/products/vnc/deployment/policy/#unix.
Step 6: Remotely configuring and locking down Linux/UNIX computers (2/2)
Open each policy template file you wish to edit in a text editor. To lock down a VNC parameter, locate it in the text file and uncomment it. Note that any VNC parameters you leave commented out will be configurable by users.
You can lock down a VNC parameter in the following ways:
•To set a boolean VNC parameter to False, change its value to 0.
•To set a boolean VNC parameter to True, change its value to 1. •To configure a non-boolean VNC parameter, enter an allowed value. Select a VNC parameter from this page to see its allowed values: https://www.realvnc.com/products/vnc/documentation/5.2/parameters/.
In the screenshot above, users will *not* be able to configure the ringed AcceptCutText, AllowHttp and AuthTimeout VNC parameters (they will still be able to configure the other VNC parameters, as they remain commented out).
Additionally, you can remotely license VNC Server by opening the licensekey file and entering your license key in the following format: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.
Once your policy template files are edited, provision the /etc/vnc/policy.d directory of target computers. It is also recommended you update users' permissions so they cannot access this directory. Otherwise, they may be able to bypass policy by editing the policy template files locally.
Step 7: Remotely configuring and locking down Mac OS X Computers (1/2)
Begin by downloading the Mac OS X policy template files (https://www.realvnc.com/download/deployment/policy/macosx/) and extracting them to a directory of your choice.
The table in the screenshot above shows the policy template file(s) that correspond with each VNC application. For example, to configure VNC parameters relating to connectivity for VNC Server in Service Mode, edit the vncserver file.
The full table - with clickable 'more' links - is available here: https://www.realvnc.com/products/vnc/deployment/policy/#mac.
Step 8: Remotely configuring and locking down Mac OS X Computers (2/2)
Open each policy template file you wish to edit in a text editor. To lock down a VNC parameter, locate it in the text file and uncomment it. Note that any VNC parameters you leave commented out will be configurable by users.
You can lock down a VNC parameter in the following ways:
•To set a boolean VNC parameter to False, change its value to 0.
•To set a boolean VNC parameter to True, change its value to 1. •To configure a non-boolean VNC parameter, enter an allowed value. Select a VNC parameter from this page to see its allowed values: https://www.realvnc.com/products/vnc/documentation/5.2/parameters/.
In the screenshot above, users will *not* be able to configure the circled AutoSelectLossy, ColorLevel and Emulate3 VNC parameters (they will still be able to configure the other VNC parameters, as they remain commented out).
Additionally, you can remotely license VNC Server by opening the licensekey file and entering your license key in the following format: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.
Once your policy template files are edited, provision the /etc/vnc/policy.d directory of target computers. It is also recommended you update users' permissions to stop them accessing this directory. Otherwise, they may be able to bypass your restrictions by editing the policy template files locally.
Published: Sep 18, 2015 · Last Updated: Sep 22, 2015
3 Comments
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |