I copied the default files from another TightVNC installation, copied them to a Windows 7 computer, and ran the STRCM to install/view/uninstall TightVNC to a Windows 2008 server. The only thing I had to do was to disable the firewall on 2008, but you should just be able to set up an exception. Here is my tightvnc.rcm file:

[General]
SoftwareType=VNC
Enabled=1
MenuName=TightVNC
AutoExecute=0


[View]
ViewerCommand=c:\tightvnc\vncviewer.exe %computer%
SetOptionsBeforeViewing=1
StartServiceBeforeViewing=1
StopServiceAfterViewing=1
AutoInstallBeforeViewing=1
UnInstallAfterViewing=0
AutoTerminateAfterViewing=0


[Install]
EULA=c:\tightvnc\license.txt
RegistryKeyLocation=Software\TightVNC\Server
SourceDirectory=C:\tightvnc
DestinationDirectory=\\%computer%\admin$\TightVNC\
FileList=tvnserver.exe;screenhooks.dll


InstallService=1
ServiceNames=TightVNC
ServiceAutoStart=0
ServiceDisplayName=TightVNC
ServiceExeName=tvnserver.exe


[VNC Options]
InstallServiceHelper=0


[VNC Settings]
PollForeground=1
PollFullScreen=0
PollUnderCursor=0
OnlyPollConsole=1
OnlyPollOnEvent=0
SocketConnect=1
PortNumber=5900
AutoPortSelect=1
InputsEnabled=1
LocalInputsDisabled=0
RemoveWallpaper=0
DisableTrayIcon=1
IdleTimeout=0
QuerySetting=2
QueryTimeout=9

I also ran the strcm against a Windows XP computer, and it worked there too.

We use a group policy at the root of the domain to apply a port exception that allows inbound connections on port 5900. The port exception policy looks like this: 5900:TCP:*:enabled:VNC Port. The syntax is <port number>:<protocol>:<scope>:<name>. Putting a asterisk for the scope is a wild card that allows connections from anywhere. This could be made more restrictive by only allowing connections from a help desk vlan, but here we move around a lot, so that's not pratical.