TightVNC, ok to install on master workstation image?


I am creating a master workstation image, with all our standard workstation software.  The idea is to make copies of of the images (sysprep them) and then join each one to the domain, etc.  My question is about installing TightVNC on the master image or not.  When it is installed, the master image will of course have a temporary windows name and IP address and when a copy is made, the windows name/IP will gets changed to its production/final values.  

So with all those changes and sysprep (SID, etc) being used; should TightVNC be installed on the master image or should it be installed clean on each workstation after it is joined to the domain?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
Doesn't matter.

For the sake of maintenance of images it does matter.. only use thin images.. install the applications separately this way if an application gets updated all you have to do is update the source file and not every image that might have that application baked into it
johnhiro007Author Commented:
I guess my concern is deeper than if it can work, but does anyone know of VNC having any kind of special unique ID keys created when it is installed, some kind of unique identifier?  Just like with Windows and the need to reset the SID with Sysprep, does VNC have a similar need security wise?

Or is it known that VNC security/identification is very simple; just a matter of changing the workstations host name and IP, and therefore having it installed into the base image certainly does not matter?

johnhiro007Author Commented:
I guess I'm also looking for anyone knowing of any 'best practices' or official documentation from VNC on the subject either way...

JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

johnhiro007Author Commented:

Could I get more details in addition to "Doesn't matter"?  Any official documentation or real world use of installing TightVNC on the base image?

Davis McCarnOwnerCommented:
I tend to use UltraVNC; but, almost all of the server options are simply for it to run as a service, what ports to listen on, and whether or not to use a master password or domain credentials.  If you have multiples running on a lan, you can use the ip of the host or the computer name if it is being resolved by your dns server.
I don't think any of the registry entries reference the machine so it ought to work fine in your image.
AFAICT, TinyVNC and UltraVNC do NOT have any unique IDs of any kind.

My experience comes from my days at HP when I was in the Thin Client groups.
We had VNC clients in our images and I don't remember that we had to do anything special when deploying the images onto the clients, neither for Linux neither for Windows based thin clients.

I also have been the main inventor of an OS Streaming product and when we were using VNC clients in our shared images, there were absolutely no customization to do for it to work.

So, unless things have changed since then, I would say that you are safe to use a VNC client in a gold/Master image.
johnhiro007Author Commented:

Hi 'vivigatt', to clarify; the TightVNC install on the workstations is the 'server' and not 'client'/'viewer'.  It is used so we can remotely control each workstation.  When you say 'client' do you mean that you can remotely control that workstation (or can that workstation only control other VNC servers/hosts?).

Davis McCarnOwnerCommented:
Before I posted my earlier comment, I inspected a VNC server that I have running here and it only had the options that I listed.  I found nothing that identified the PC by name; only the login and password as I chose not to use Windows authentication.

A thought; though, you might want to delete the client during the setup or install it without the client so folks on the PC's won't be able to connect to other PC's easily.
I can confirm tightvnc doesn't care if it's imaged or not. You can safely install it on the image and it wont cause an issue when it realises its on a 'new' machine.

I've done it and it really doesn't care. Settings are stored in registry, including the password hash, so you can config it in the master image and it will retain settings when rolled out.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.