Monday, May 28, 2012

Remote Control During SCCM OSD (Without Modifying the Boot.wim)

I recently had a discussion with my good friend and SCCM guru, Michael Orr, about remote controlling WinPE during the SCCM OSD process. He added Tight VNC to his boot.wim so that he could remote in and see what is happening if problems started popping up during OSD.

I recently took on a project to do a remote DoD wipe of computer harddrives, and decided to try and tackle it with SCCM OSD and Microsoft's sdelete (more on that later). Since the computers are going to be in multiple sites, all of which are remote to me, I decided that remote control could be very beneficial. Instead of trying to modify the boot.wim, I decided to add it on the fly with a package. Here's what I did.

First, we'll need the latest UltraVNC binaries (I'm using, which can be accessed here: Make sure that you grab the Binaries, and not the MSI or other installers. The binary zip file should include three files:
  • winvnc.exe
  • vncviewer.exe
  • SCHook.dll
If you're not familiar with UltraVNC, the vncviewer.exe is what we'll use later to initiate the remote control session, so you can just set it aside for now.

Go ahead and run winvnc.exe, which will open the configuration window for the UltraVNC server. Make sure that Display Query Window is unchecked and that you have set a password.
Hit OK, and you should now have a winvnc.ini file with these settings in it. 

Now open the ini file and find the line for path, and change it to path=x:\windows.

Save your new ini file and then create a new package within SCCM that contains it, winvnc.exe and schook.dll. I called my package UltraVNC (WinPE). There isn't a need to create any programs because we're going to grab the files from a task sequence (and don't forget to push it out to your distribution points).

Now we're ready to tweak our OSD task sequence to allow VNC remote control.

Edit the task sequence, and right after the step where you Restart into Windows PE, we're going to add some commands. I put mine in a group called UltraVNC, but to each your own.

All of these entries are going to be Run Command Line entries (Add -> General -> Run Command Line).

First, we're going to disable the Windows firewall by using the Command Line: 
wpeutil DisableFirewall

Next we're going to copy the UltraVNC files into WinPE. To do this, our Command Line will be:
xcopy.exe ".\*.*" "%WinDir%" /E /C /Q /H /R /Y /I
Check the box by Package, and select the package where you put the UltraVNC binaries.
This will take all of the files from that package and copy them into the X:\Windows\System32 directory.

Now we'll kick off the UltraVNC server by using the following command:
cmd.exe /c start %windir%\winvnc.exe
Its important that we use the cmd.exe /c start, because if we just called winvnc.exe directly, the task sequence would halt while it waited for winvnc.exe to close.

Now your UltraVNC server is running, so you can launch your vncviewer.exe and put in the IP address of your remote client!

As a final note, remote control won't really do you much good if you don't know the IP address where you want to connect. Typically with OSD, when a computer reboots into WinPE it retains the same IP address that it had previously, so a simple nslookup can typically give you that if you don't already know it. Another good suggestion is to do what my buddy Mike does and to use BGInfo within WinPE to stamp the IP address on the screen. That will allow remote users who call in to easily provide you an IP address.


  1. Hi Jeremy. I'm trying this as I type this message. I'm really hoping it works out for me, because I didn't want to edit my boot image.

    I appreciate the write up!

  2. Genius... just genius!!! Thank you!!!

  3. Thanks Jeremy.

    This was a great help. so was your article on using sdelete to wipe drives.


  4. Thanks for this great write up! I've been using it for awhile, in lieu of getting vpro setup in our environment. Just wanted to add, for the IP lookup, I have each machine connect to a network share log folder and drop a file with its machinename and IP in it. I have that log folder broken into a few sections, and my various sequences are set up to drop their log files in there. Gives me a centralized place to find all that info. Especially since someone decided that it would be good idea for task sequences to delete their logs after they run...this lets me preserve them.

    Anyhow....this has been working great for the first half of my OSD task sequences, but after the machine reboots, the vnc session is lost (obviously). I tried adding duplicate steps in later in the sequence, after reboot. Using netsh to turn off the firewall this time, and c:\temp\ultravnc, since x: is no longer in use at that point. But I haven't gotten it to work. If i use F8 to open a prompt during this point in the sequence, I can manually enter the commands my sequence is doing, and VNC does work. Any ideas why that might be?

    1. Hi Greg, Sorry to disturb you but i wanted if you had good luck in continuing this step.