How do I use Microsoft Intune to configure VNC Connect?

Follow

If you have an Enterprise subscription you can deploy, configure and license VNC Connect using Microsoft Intune. Microsoft Intune can be used as an alternative to Group Policy for Azure AD joined devices.

Download the VNC Connect ADMX templates

ADMX templates for VNC Viewer and VNC Server are available at the bottom of their respective download pages on the RealVNC website. Once downloaded, extract the ADMX and ADML files from the zip archive, making a note of the location.

Import custom ADMX and ADML administrative templates into Endpoint Manager

This is a Microsoft public preview feature. Read more here: https://docs.microsoft.com/en-us/mem/intune/configuration/administrative-templates-import-custom

Upload the ADMX and ADML files for use by the configuration profile

  1. Download the ADMX templates for the VNC Connect application that you want to configure with Intune
  2. Sign in to the Microsoft Endpoint Manager

  3. Navigate to Devices > Configuration profiles > Import ADMX > Import

    admx.PNG

  4. Upload your files:

    • ADMX file: Select the ADMX file you want to upload.
    • ADML file for the default language: Select the ADML file you want to upload. Remember, you can add only one language file for each ADMX file you upload.
    • Specify the language of the ADML file: Shows the ADML language of the file you uploaded.
  5. Click Next

  6. In Review + Create, review your changes then click Create to import the files

  7. When the import completes, your ADMX templates are shown in the list

    admx2.png

Create a configuration profile to configure and license VNC Server and VNC Viewer

  1. Sign in to the Microsoft Endpoint Manager

  2. Navigate to Devices > Configuration profiles > Create profile

  3. Enter the following properties:

    • Platform: Select Windows 10 and later.

    • Profile: Select Templates > Imported Administrative templates (Preview):

      Screenshot that shows how to select imported administrative templates to create a device configuration profile using the imported ADMX settings in Microsoft Intune and Endpoint Manager admin center.

  4. Click Create

  5. In Basics, enter the following properties then click Next

    • Name: Enter a descriptive name for the profile. Name your profiles so you can easily identify them later. For example, a good profile name is ADMX: VNC Server for Windows.
    • Description: Enter a description for the profile. This setting is optional, but recommended.
  6. In Configuration settings, select and configure the settings you want in your policy. When finished, click Next
  7. In Scope tags (optional), assign a tag to filter the profile to specific IT groups. For more information about scope tags, see Use role-based access control (RBAC) and scope tags for distributed IT.

    Click Next

  8. In Assignments, select the user or groups that will receive your profile. For more information on assigning profiles, see Assign user and device profiles in Intune.

    If the profile is assigned to user groups, then configured ADMX settings apply to any device that the user enrolls, and signs in to. If the profile is assigned to device groups, then configured ADMX settings apply to any user that signs into that device. This assignment happens if the ADMX setting is a computer configuration (HKEY_LOCAL_MACHINE), or a user configuration (HKEY_CURRENT_USER). VNC Server uses device configuration, while VNC Viewer uses user configuration. Click Next.

  9. In Review + create, review your settings. When you click Create, your changes are saved and the profile is assigned and started to be deployed to the targeted devices.

ADMX Ingestion and OMA-URIs

To configure VNC Connect using Microsoft Intune you can ingest the VNC Connect ADMX templates into Intune and apply settings by using a Device Configuration Profile.

Create a new device configuration profile

  1. Log in to Microsoft Endpoint Manager
  2. Click Devices on left menu, then Configuration profiles
  3. Click Create profile
  4. Select Platform - Windows 10 and laterTemplates, Custom, then click Create
  5. Enter a name (e.g. VNC Connect ADMX Templates), click Next
  6. Configuration setting: Leave blank and click Next (we'll edit this later)
  7. Configure Assignments: Configure which group(s) to apply the policy to e.g. All devices, click Next
  8. Applicability Rules: Configure any rules to use when determining whether to apply the policy to a device or leave blank, click Next
  9. On the Review + create screen, click Create

Ingest the ADMX templates for use by the configuration profile

  1. Download the ADMX templates for the VNC Connect application that you want to configure with Intune
  2. Log in to Microsoft Endpoint Manager
  3. Click Devices on left menu, then Configuration profiles, then click the profile that you want to edit e.g. VNC Connect ADMX Templates, created above
  4. Click Properties
  5. Click Edit next to Configuration settings
  6. Click Add, then populate the fields as shown below depending on the ADMX template you are importing

    • VNC Server Licensing
      • Name: The name of the row, e.g. VNC Server Licensing ADMX
      • Description: An optional extended description
      • OMA-URI:
        ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/VNCServer/Policy/VNCServerLicensing
      • Data Type: String
      • Value: The contents of the realvnc_licensing ADMX file
        Open the realvnc_licensing ADMX template in Notepad and copy and paste the contents

    • VNC Server Configuration
      • Name: The name of the row, e.g. VNC Server Config ADMX
      • Description: An optional extended description
      • OMA-URI:
        ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/VNCServer/Policy/VNCServerConfig
      • Data Type: String
      • Value: The contents of the realvnc_vncserver ADMX file
        Open the realvnc_vncserver ADMX template in Notepad and copy and paste the contents
    • VNC Viewer Configuration
      • Name: The name of the row, e.g. VNC Viewer Config ADMX
      • Description: An optional extended description
      • OMA-URI:
        ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/VNCViewer/Policy/VNCViewerConfig
      • Data Type: String
      • Value: The contents of the realvnc_vncviewer ADMX file
        Open the realvnc_vncviewer ADMX template in Notepad and copy and paste the contents
  7. Click Save, then Review+Save to check the OMA-URI you just created. Click Save

License VNC Server

  1. Log in to Microsoft Endpoint Manager
  2. Click Devices on left menu, then Configuration profiles, then click the profile you want to edit or create a new one
  3. Click Properties
  4. Click Edit next to Configuration settings
  5. Click Add, then populate the fields as below:
    • Name: LicenseKey
    • Description: An optional extended description
    • OMA-URI:
      ./Device/Vendor/MSFT/Policy/Config/VNCServer~Policy~Licensing/RealVNC_vncserver_Machine_vncserverlicense
    • Data Type: String
    • Value:
      <enabled/>
      <data id="Value" Value="LICENSEKEY"/>
  6. Click Save, then Review+Save to check the OMA-URI you just created. Click Save

Configure VNC Server

Before you can configure a policy setting, please ensure you have ingested the ADMX template via OMA-URI, above.

  1. Log in to Microsoft Endpoint Manager
  2. Click Devices on left menu, then Configuration profiles, then click the profile you want to edit or create a new one
  3. Click Properties
  4. Click Edit next to Configuration settings
  5. Click Add, then populate the fields as below:
    • Name: The name of the setting, e.g. Permissions
    • Description: An optional extended description
    • OMA-URI:
      ./Device/Vendor/MSFT/Policy/Config/VNCServer~Policy~VNC_Server~vncserver_Machine/RealVNC_vncserver_Machine_Permissions
      • The template format is:
        ./Device/Vendor/MSFT/Policy/Config/VNCServer~Policy~{CategoryPathFromADMX}/{SettingFromADMX}
      • Both {CategoryPathFromADMX} and {SettingFromADMX} are determined from analysing the ADMX template file. The table below shows the values to use for VNC Server.

        CategoryPathFromADMX
        SettingFromADMX
        VNC_Server~vncserver_Machine
        RealVNC_vncserver_Machine_{parametername}

        Replace {parametername} with the VNC Server parameter name

        Note: if a particular parameter is not accepted, please refer to the ADMX file for the correct policy name
    • Data Type: String
    • Value: This depends on the type of parameter you are setting. Please refer to the below table.

      Setting Type
      Value
      True/False <enabled/>
      Text <enabled/>
      <data id="Value" value="{parametervalue}"/>

      Replace {parametervalue} with the text string

      Note: ensure quotes are normal quotes and not smart quotes if copy and pasting!
  6. Click Save, then Review+Save to check the OMA-URI you just created. Click Save

Configure VNC Viewer

Before you can configure a policy setting, please ensure you have ingested the ADMX template via OMA-URI, above.

  1. Log in to Microsoft Endpoint Manager
  2. Click Devices on left menu, then Configuration profiles, then click the profile you want to edit or create a new one
  3. Click Properties
  4. Click Edit next to Configuration settings
  5. Click Add, then populate the fields as below:
    • Name: The name of the setting, e.g. SessionRecordAllSessions
    • Description: An optional extended description
    • OMA-URI:
      ./User/Vendor/MSFT/Policy/Config/VNCViewer~Policy~vncviewer_User/RealVNC_vncviewer_User_SessionRecordAllSessions
      • The template format is:
        ./User/Vendor/MSFT/Policy/Config/VNCViewer~Policy~{CategoryPathFromADMX}/{SettingFromADMX}
      • Both {CategoryPathFromADMX} and {SettingFromADMX} are determined from analysing the ADMX template file. The table below shows the values to use for VNC Viewer.

        CategoryPathFromADMX
        SettingFromADMX
        vncviewer_User
        RealVNC_vncviewer_User_{parametername}

        Replace {parametername} with the VNC Viewer parameter name

        Note: if a particular parameter is not accepted, please refer to the ADMX file for the correct policy name
    • Data Type: String
    • Value: This depends on the type of parameter you are setting. Please refer to the below table.

      Setting Type
      Value
      True/False <enabled/>
      Text <enabled/>
      <data id="Value" value="{parametervalue}"/>

      Replace {parametervalue} with the text string

      Note: ensure quotes are normal quotes and not smart quotes if copy and pasting!
  6. Click Save, then Review+Save to check the OMA-URI you just created. Click Save
Was this article helpful?
0 out of 0 found this helpful

Comments

4 comments

Please sign in to leave a comment.