DaRT & VNC Remote during OSD without Integration

During our Windows migration, we did a lot of upgrades remotely, we wanted the ability to “watch” the progress, besides just watching the server reports.  I decided to look into using Dart Remote for this.  There were some great blogs out there, and I’ll reference them here. Much of what I have done has been borrowed form Alex Verboon – http://www.verboon.info/2013/04/integrating-dart-8-0-sp1-remote-connection-into-the-sccm-2012-osd-process/ 

After finding DaRT was limited to PE, I decided to also use VNC for the later steps in the TS, pulling much of the information from this Post:  Jeremy .. http://syswow.blogspot.com/2012/05/remote-control-during-sccm-osd-without.html

Highly recommend you look at those posts for additional information, as they describe some of the things in more detail.  Several of my steps are borrowed nearly directly from them… just updated slightly.

The way I’m proposing you do it, everything is contained in the package, no changes to the Boot Media or OS, and all the files get deleted automatically at the end of the TS Process.

Left Side = DaRT Remote Monitoring OSD Process (PE) – Right Side = Machine during OSD (VM)image

Left Side = VNC Remote Monitoring OSD Process (Windows) – Right Side = Machine during OSD (VM)



  • Install Windows ADK – Using Windows 10 (July release – 10.0.26624)
  • Install MDOP DaRT (Example is 2015, DaRT 10, but have done with with DaRT 8.1 in past)
  • Windows 10 Media – I’m using July Release – Have available to mount for creating Dart file.
  • VNC – Assumes you have vncviewer.exe in c:\Program Files\VNC\vncviewer.exe
    • Download the ZIP file with required file here (ultravnc 1210 ALL bin zip
  1. Once ADK & DaRT are installed, You will need to grab the Toolsx86.cab & Toolsx64.cab files located in: C:\Program Files\Microsoft DaRT\v10  – In this example, I’ll be building the x64 version, as we only use x64 boot media, but it should be easy to replicate this process for the x86 version.
  2. On your Source Server, create this Directory Structure: ..\DaRT10OSD\DaRTRemote\Windows\System32
  3. Extract the following files from the CAB File (note that I’m using the x64 version) and copy them to the System32 folder.
    1. FirewallExceptionChange.dll
    2. LockingHooks.dll
    3. mfc100u.dll
    4. MSDartCmn.dll
    5. msvcp100.dll
    6. msvcr100.dll
    7. RdpCore.dll
    8. rdpencom.dll
    9. RemoteRecovery.exe
    10. WaitForConnection.exe
  4. Extract the files from the VNC Download Uvnc_1210_bin.zip\win7\X64
    1. vncviewer.exe will need to be placed on here: c:\Program Files\VNC\vncviewer.exe on your IT machines that you wish to monitor from
    2. winvnc.exe copied to the ..\DaRT10OSD folder
    3. create StartVNC.cmd file that
      1. netsh advfirewall set currentprofile state off
      2. cmd.exe /c start winvnc.exe
    4. launch winvnc.exe on a test computer, it should prompt to set the settings for the server, set your password, I used OSD@dm1n for VNC Password & OSDV13w for ViewOnly – which will be referenced later on in another script.
      1. image
      2. copy the created UltraVNC.ini file you just created (same location as the winvnc.exe file) to the ..\DaRT10OSD folder
      3. image
        It show now look like that
  5. Download the StartRemoteRecovery.zip created by Alexey Semibratov, but modified by me HERE – Original File by Alexey HERE
    1. StartRemoteRecovery.wsf
    2. ZTIUtility.vbs
      1. StartRemoteRecovery.wsf has a lot of additional lines I’ve added to set the Link Name, and create a Link for VNC as well.
      2. Line 160 = VNC password you created earlier
      3. Line 147 = Path of your DartRemoteViewer, might need to be changed based on the version of DaRT you’re using.
  6. On some networks, not all ports are open, so we will set it to use static port 3388.  This information is stored in a file called DartConfig.dat, which is only generated using the DaRT Recovery Image wizard (PreReq) – So lets walk through that…
    1. Launch the MS DaRT Recovery Image Wizard – If you see this error, it’s because of your Powershell group policy, to get around this, open elevated command prompt and do this: 
      Reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\Powershell /v ExecutionPolicy /f
      More info HERE – Now try again
    2. Choose 64-bit Dart Image – I’ve mounted the Windows 10 ISO to the E: drive
    3. You can leave the tools to default
    4. Check the box “Allow…” and let it default to 3388
    5. Advanced Options leave Default
    6. Make sure you check the box for Create WIM, optional Create ISO – If you wanted this for other reasons, and make sure you check Edit image
    7. Now wait for a few minutes while it is generated
    8. Click “Open in Windows Explorer”
    9. Copy DartConfig.dat from Windows\System32 to your folder structure: ..\DaRT10OSD\DaRTRemote\Windows\System32
    10. You should now have all the files you need in your system32 folder:
  7. Now you need to create the DartRemote.cmd file that will launch DaRT remote in PE
  8. @echo off

    for /F “skip=2 tokens=2 delims=,” %%A in (‘wmic systemenclosure get serialnumber /FORMAT:csv’) do (set “serial=%%A”)
    set serial=%serial:~-15%

    XCOPY DaRTRemote X:\ /y /s
    CSCRIPT X:\Windows\System32\StartRemoteRecovery.wsf /ShortCutShare:<\\servername\share> /UserID:<username> /UserDomain:<domain> /UserPassword:<password>

  9. Now that you created this file, your root folder should look like:

If you downloaded the ZIP file I Created, you will have everything you need already complete, except the files you’d need to copy over from the x64 DaRT cab (License issue) – Includes the winvnc.exe and ini files, along with scripts, just update the scripts for your environment.

Create your Package:

No Program needed

Lets add it to the TS
I’ve added it right before the HTA we use launches when someone manually starts image on a New PC, or during in place upgrade (refresh) right after it reboots to PE

Then run the VNC once Windows is up and running in your TS, after drivers applied, etc.

You will need to ad that step every time after you reboot the machine. (after applying updates, etc… if you want the vnc server to launch again)

Once you have this in your TS and you run your Image, it will populate the share you created:


Then as long as you have the Dart Tools installed, and the VNCviewer.exe in c:\Program Files\VNC, the links will work. (The shortcuts are auto populated with the passwords required)

Special Thanks to the two guys who blogged about these originally, Alex Verboon & Jeremy

There is a lot to this post, so if I forgot something, leave a comment so I can get it updated.

15 thoughts on “DaRT & VNC Remote during OSD without Integration”

  1. Thanks for sharing this great blog post!

    What is the reason for wanting to have both DART and VNC?

    Shouldn’t VNC be enough?

    • You’re completely correct. When I first started, I was using DaRT, so I developed everything for DaRT, then later they wanted Access after PE was done, so I added VNC to cover that. I just had to add a line into the script to create the VNC Shortcut, and left everything else the same. I posted this in case someone only wanted DaRT or VNC, they could use what they wanted, modify and disregard the rest.

  2. Thanks!

    What would I need to remove in the .wsf script if I only wanted to use VNC and create VNC shortcut?
    I not that familiar with the vbscripting , but I see sections refering to inv32.xml and RemoteRecovery.exe.

    It would be awesome if you could help =)

    • It would be somewhat of an undertaking, as it uses variables created in the inv32 which gets created when you run the RemoteRecovery.exe Without it doing that, you’d have to find another way to get the information. Since Dart was creating that information, I just used it from there. If I ever get time to re-write this to only use VNC, I’ll let you know. You might be able to do something like Alex does in this post: http://www.verboon.info/2009/12/remote-management-of-amtvpro-machine-with-winpe-and-vnc/ – where you have a script create the IP Address, echo it, and you could save that file off to the network, then manually connect using VNC Viewer to that IP Address.

  3. Hi, excellent guide! Thanks. I have a security related question. For the user, that you configure in the DartRemote.cmd, what rights must it have? Just a domain user or with some sort of access and modify rights?

    • Yeah, it’s going to need modify, I don’t know the exact rights, as I don’t have this setup in my LAB, and haven’t used this in a couple years. Basically, you’d want a user account that has No right to anything else, just that one share so it can create the files. Feel free to play around and reply with your findings.

      • Hi Gary, it’s ok. Didn’t have to ask that silly question. Just a user with write access to the share was enough. Everything is working now. I use the DartRemoteViewer more often while the VNCViewer is giving me problems on port 5900 internally but that’s a problem with our network team 🙂
        As for your blog, I love it, I read, I test and I apply your methods for our Windows 10 migration. Really helpful to the community! Must be said

  4. Thanks Gary for this wonderful blog post.

    The way I understand it, both the shortcuts (DART and VNC) are created from the DartRemote.cmd (which calls the StartRemoteRecovery.wsf) and this cmd runs in winpe right?

    But what’s the guarantee that the full OS IP (which the vnc shortcut uses) be the same as the one the StartRemoteRecovery.wsf had used while create the vnc shortcut on the share from WinPE?


    • no guarantee. It’s really up to your DHCP. Typically DHCP leases based on MAC Address, and gives the lease for awhile. You should keep the same IP from WinPE to Full OS and several reboots, if not, talk with your networking group.

  5. Thank you very much.

    By the way, about my earlier IP address/dhcp query, it looks like the lease is long enough for the same IP to persist through the course of the build.

  6. Hi Gary,

    while DaRT works as expected, I can notice that uVNC does not work consistently in the full-OS build. It looks like some of the times the VNC service starts however then it crashes and hence the remote connection breaks and won’t fix itself until the subsequent reboot.

    Our’s is 1803 build – just wondered if there are any bugs/compatibility issues with uVNC?



Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.