Software Deployment Question
TightVNC Server - deploy silently, non persistent VDI and launch tvnserver.exe silently!
I've got a challenge on a client site to provide a VNC client so some dashboard desktops can be remotely configured. The desktops need to login seamlessly, no interaction from the user, and then install and launch the TightVNC Server in Application Mode (i.e. launch tvnserver.exe ).
The TightVNC Server component needs to install silently (which I can do using their .MSI switches and some powershell/.bat) - the issue I have is I need to run 2x additional commands after the installation completes:
1. ...tvnserver.exe -install -silent (register the service with the OS)
2. ...tvnserver.exe - this starts the app in 'Application Mode'
I have a problem with 2. - the app prompts to add Windows Firewall Inbound rules to the Domain profile - if I click OK, great, it works, but I need these rules to be added silently without user interaction. If I add -silent switch, it adds the rules to WF (with an .msi error prompt because the -silent switch isn't valid with .exe) but the rules are not enabled (they're effectively dud) - because UAC blocks them. I've tried using UEM to elevate the privileges for C:\prog files\tightvnc\tvnserver.exe and then using the -silent trick , no dice! The rules are added but they're disabled/dud because UAC still prevents it. Basically the only method that works is to launch tvnserver.exe as the logged in user, then click 'Allow access' to add the rules into the firewall .
Does any one have any other ideas around this? I had considered adding the WF rules in using GPO, but the machine does not have TightVNC installed at the point GPO is processed, so I'm not sure having the rules pre-existing will work. I cannot add TightVNC to our desktop image, this must all work in a non-persistent environment and dynamically created.
Any alternative products/ideas would be greatly appreciated!