Auto install, both local and domain admin in New MS Login?

Should you have problems with the MS logon plugin, here's the place to look for help or report issues.

Auto install, both local and domain admin in New MS Login?

Postby MichaelLashinsky » 2010-10-25 20:51

Hi Everyone,

New forum user here. Please excuse me if this has been asked before, but I cannot find it. (And my eyes are crossing from looking!)

I am a network admin and I have been using VNC across my network for years, from version 3.x to RealVNC, and now I am planning on upgrading to UltraVNC. Right now, using RealVNC, I have a regedit file that I click on before installing RealVNC and all the settings, passwords, and prefs are installed automatically. I am trying to get it that simple with Ultra. It may not be possible, but I can try...

I want to use the New MS Login because I see definite advantages for me if it all works, and it looks like it should. I have about 230 client PCs, (currently WinXP,) spread over 8 locations, and about 20 servers to make this work on. There are about 20 machines that have different passwords because over the years it became advantageous to have specific users log into them to do their jobs. Ultra should be perfect. I already know I will have to configure the 20 oddballs and the servers manually, but I don't want to have to do every one manually. I want to automate the other 210. (Ideally, my co-workers could install it without knowing exactly what to do. Run the batch file and say goodnight.)

I want the default installation to include a domain admin group, "Domain Admins". Simple enough. I set up the group in AD, configured the groups, and I can import the settings from one machine to another easily enough via a reg file. Worked perfect on test PCs.

:o I ALSO need the local admin account to be in there by default so I do not have to manually configure it on 250 machines. If I include "UserPC#1\administrator" in the reg file, it is an unknown user on the next PC.

:idea: Has anyone else tried to do this? Anyone figured a way around it? Some way to make the local admin account a valid login account without doing it manually on each workstation? Is there a way to say "$thiscomputer$\administrator" so it can be copied to other PCs via a reg file or other method??

Thanks in advance for any help and suggestions I get.
MichaelLashinsky
 
Posts: 2
Joined: 2010-10-25 19:28

Re: Auto install, both local and domain admin in New MS Logi

Postby Zouleous » 2010-11-16 16:57

What I'm currently doing is deploying an ini file when I do the install on the client. The Ini file tells it how to configure the admin properties of the server. If I remember right the easiest way to do this is to install vnc on a machine and setup the groups you want.

If you have a single domain I'd recommend only using MSlogon and not the "new MSlogon" (you can see the checkboxes for those in admin properties of the server). Click "configure MSlogon groups". Type "Administrators" on the first line and check the box for local. That should give you the local admin as well as domain admins since domain admins are administrators of any machines joined to the domain.

Once your configuration is done find the ultravnc.ini file in your installation directory and deploy that to the other computers when you install VNC. Personally what I do is run a cmd script that does the following where Z is mapped to my deployment server:

Mkdir "C:\program Files\Ultravnc"
REM Copy ini File from MDT to machine
copy "z:\Applications\UltraVNC x86 1.0.8.2\ultravnc.ini" "C:\program files\Ultravnc"
REM Run installer
call "z:\Applications\UltraVNC x86 1.0.8.2\UltraVNC_1.0.8.2_x86_Setup.exe" /loadinf="z:\Applications\UltraVNC x86 1.0.8.2\ultravncInstall.inf" /silent

Ultravncinstall.inf has my installation settings defined. Today I'm working on deploying the mirror driver during OS deployment rather than installing it during VNC install. The reason for this is because VNC stops and asks me to accept the driver install on Windows 7 machines. I'd rather avoid that. Something you may want to do also.
Zouleous
8
8
 
Posts: 8
Joined: 2009-08-23 14:00

Re: Auto install, both local and domain admin in New MS Logi

Postby MichaelLashinsky » 2010-11-16 17:07

Zouleous,

Wow, thanks! That is a different approach than I was using. I will take a look at that.

The new MSLogin allows for as many groups as i want, but now that I am thinking about it, it may not be necessary to have more than 2. I just need to set it up correctly. I have a few levels of people that will need access. I need to think it through.

If I check the box for local, does than mean only the local admin, or both domain and local admin?

time to set up the test systems again...
Last edited by MichaelLashinsky on 2010-11-16 17:10, edited 1 time in total.
MichaelLashinsky
 
Posts: 2
Joined: 2010-10-25 19:28

Re: Auto install, both local and domain admin in New MS Logi

Postby Zouleous » 2010-11-16 22:47

If I check the box for local, does than mean only the local admin, or both domain and local admin?


Well the "domain admins" group should be a member of the local administrators group. You should be able to see this if you go on one of your domain machines and look at the local administrators group in the computer management snap-in. That's the default anyways.

The local checkbox just refers to the group being local (in this case administrators). If you instead picked domain then you would be locking it down to whoever is a member of the active directory domain group "administrators". Local administrators would then lose the right. You could probably check both boxes, but there would be no reason to do so because "Domain Admins" are already a member of local "administrators" by default.

With that in mind if you only want domain admins to have vnc rights (not all local administrators) then just type in "Domain Admins" and check the domain box.

Really you probably never need more than two groups on the list technically. One could be for local administrators and you could also create a domain group called "VNC users" and just put anyone else you want to have access to all machines in that group.
Zouleous
8
8
 
Posts: 8
Joined: 2009-08-23 14:00


Return to MS logon plugin

Who is online

Users browsing this forum: No registered users and 4 guests