Skip to content

Windows Server: GPO logon batch script for ultravnc install/update

March 8, 2013

This script will install ultravnc when called as a GPO logon script. It is fairly robust (x86 and x64, handles updates, you can exclude hosts; with auto-removal upon detecting the ‘norun’ file) and the code is pretty well commented inline. You’ll need to set the paths to the ultravnc program directory in the script as well as the path to filever.exe (you want the one from the WinXP version of the support tools, as it is the most portable). The easiest way to get the winvnc program dir is to install the full server and configure it then copy the whole thing with the config to your deployments share (you need x86 and x64 versions but config files can be the same for both).

If the script discovers that the version on the file server is newer it will update to it. I’m using it in production with ultravnc’s AD plugin (which also requires the acl text file configured; you can see it being imported in the script) and it works very well.

When there are updates to ultravnc sometimes there are full copies of the binaries with dependencies and sometimes the only bins zip you can get is a changed file set. In either case watch out for your config files and other customized files, as blanks of them are sometimes included in the update files. If the default ones overwrite, funny things happen such as the normally silent install popping up a config window for the user.

::  UltraVNC installer. Called by GPO logon script  ::

::@echo off

:: Will we exitEarly before (re)installing? (possibly already installed?); exitEarly is initialized true, but may be changed during tests below
set exitEarly=true

:: Assume the architecture is x64 unless tests below show it is x86
set arch=x64

:: See if this is an x86 platform; if either test suggests it is x86, set arch appropriately
reg query HKLM\SOFTWARE\Wow6432Node || set arch=x86
if not exist "C:\Program Files (x86)" set arch=x86

:: Tests to see if the service executable exists in Program Files\UltraVNC and also whether the registry entries for the service are present
:: If either are missing, change the value of the exit variable to keep from exiting/trigger (re)install
if not exist "C:\Program Files\UltraVNC\winvnc.exe" set exitEarly=false
reg query HKLM\SYSTEM\CurrentControlSet\services\uvnc_service || set exitEarly=false

:: Find version of winvnc.exe on the deployments share and put the value in the 'serverVer' variable
for /f "tokens=5 delims= " %%x in ('\\server\deployments\suptools\filever.exe \\server\deployments\uvnc\%arch%\winvnc.exe') do @set serverVer=%%x

:: If exitEarly is still true here, then the service executable must exist; get its version and put the value in the 'localVer' variable
if "%exitEarly%" == "true" (for /f "tokens=5 delims= " %%y in ('\\server\deployments\suptools\filever.exe "C:\Program Files\UltraVNC\winvnc.exe"') do @set localVer=%%y)

:: If the version available on the server and the local version are not the same, an update is available (or something bad has happened); trigger (re)install
if not "%serverver%" == "%localver%" set exitEarly=false

:: If this file exists we exit no matter what and uninstall any existing installation
:: This single file (its contents irrelevant) can be added to sensitive hosts to prevent UltraVNC installation (granted, this GPO is not usually linked to such OUs)
if exist "C:\Program Files\UltraVNC\norun" (
	set exitEarly=true
	if exist "C:\Program Files\UltraVNC\winvnc.exe" (
		"C:\Program Files\UltraVNC\winvnc.exe" -uninstall
		ping -n 1 -w 2000 >nul :: delay
		rd /s /q "C:\Program Files\UltraVNC"
		ping -n 1 -w 2000 >nul :: delay
		md "C:\Program Files\UltraVNC"
		echo norun > "C:\Program Files\UltraVNC\norun"

if "%exitEarly%" == "true" goto :eof

:: Install (or reinstall)
:: -----------------------------
:: ...Start with uninstall in case the service is running, so we'll be able to remove the existing directory in Program Files
"C:\Program Files\UltraVNC\winvnc.exe" -uninstall
cd \
cd "%ProgramFiles%"
rd /s /q UltraVNC

md UltraVNC
cd UltraVNC
xcopy /e \\server\deployments\uvnc\%arch%\*.* .

:: Add parent key in registry (not proven to be strictly required)

:: Import ACL for Active Directory integration
MSLogonACL.exe /i /o acl.txt

:: Redo uninstall for safe measure, and then install; this part does not affect copied files, only adds/removes (and starts/stops) the Windows service
winvnc -uninstall
winvnc -install

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: