Saturday, February 20, 2016

Remote connect to Windows PE with VNC

A few years ago, I came across this neat trick while trying to upgrade my WD Sentinel DX4000 from Windows Storage Server 2008 R2 Essentials to Windows Server 2012 R2 Standard. The challenge in this was that the DX4000 is a headless system. To interact with the DX4000, someone came up with the good idea of injecting a TightVNC server into the Windows PE boot media of the installation. You could then interact with the installation from a remote computer. In this guide, we are going to show you how you do that.

To see the original article about installing Windows Server 2012 onto a WD Sentinel DX4000, click here.

Download and install TightVNC


The first step is to download TightVNC from http://www.tightvnc.com and install it onto a reference computer. We're using the 64-bit version of TightVNC 2.7.10 for this guide. Perform a Complete install of TightVNC accepting any defaults. When prompted to set a password for our TightVNC server, we have chosen not to use a password for the purpose of this guide.


After installing TightVNC, the next step is to configure your TightVNC server with all the settings you want and then open up the registry to HKLM\SOFTWARE\TightVNC\Server.

Export that key to a file called TightVNCServerSettings.reg and save the file to the installation directory of TightVNC, C:\Program Files\TightVNC. Your .reg file should look similar to the following.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server]
"ExtraPorts"=""
"QueryTimeout"=dword:0000001e
"QueryAcceptOnTimeout"=dword:00000000
"LocalInputPriorityTimeout"=dword:00000003
"LocalInputPriority"=dword:00000000
"BlockRemoteInput"=dword:00000000
"BlockLocalInput"=dword:00000000
"IpAccessControl"=""
"RfbPort"=dword:0000170c
"Hotpot"=dword:000016a8
"DisconnectAction"=dword:00000000
"AcceptRfbConnections"=dword:00000001
"UseVncAuthentication"=dword:00000000
"UseControlAuthentication"=dword:00000000
"RepeatControlAuthentication"=dword:00000000
"LoopbackOnly"=dword:00000000
"AcceptHttpConnections"=dword:00000001
"LogLevel"=dword:00000000
"EnableFileTransfers"=dword:00000001
"RemoveWallpaper"=dword:00000001
"UseMirrorDriver"=dword:00000001
"EnableUrlParams"=dword:00000001
"AlwaysShared"=dword:00000000
"NeverShared"=dword:00000000
"DisconnectClients"=dword:00000001
"PollingInterval"=dword:000003e8
"AllowLoopback"=dword:00000000
"VideoRecognitionInterval"=dword:00000bb8
"GrabTransparentWindows"=dword:00000001
"SaveLogToAllUsersPath"=dword:00000000
"RunControlInterface"=dword:00000001
"VideoClasses"=""

Download and install the Windows Assessment and Deployment Kit (ADK)


Windows PE is a part of the Windows Assessment and Deployment Kit (ADK). For this exercise, we're using Windows ADK for Windows 10. You can download Windows ADK for Windows 10 from here.

Run adksetup.exe. When you get to the part where you select the features you want to install, select Deployment Tools and Windows Preinstallation Environment (Windows PE). We only need these components for this exercise.


Create the Windows PE image and inject TightVNC


Run the Deployment and Imaging Tools Environment command prompt as an administrator. The shortcut should be in your Start menu after you install ADK.


Using the following article as a guide to create and mount a Windows PE image. We're using the 64-bit for our example.

Step 1. Create your Windows PE image with the working directory C:\WinPE_amd64.
copype amd64 C:\WinPE_amd64

Step 2. Mount your Windows PE image so that it can be edited.
Dism /Mount-Image /ImageFile:C:\WinPE_amd64\media\sources\boot.wim /Index:1 /MountDir:C:\WinPE_amd64\mount

Step 3. Copy the installation directory of TightVNC, C:\Program Files\TightVNC with the .reg file we created earlier in it to C:\WinPE_amd64\mount\Program Files\.


Step 4. Configure TightVNC to start up automatically in your Windows PE image by editing C:\WinPE_amd64\mount\Windows\System32\startnet.cmd in notepad. Add the following lines to startnet.cmd. This is a quick and dirty method.
%WINDIR%\System32\wpeutil.exe InitializeNetwork
%WINDIR%\System32\wpeutil.exe DisableFirewall
%WINDIR%\regedit.exe -s "%SYSTEMDRIVE%\Program Files\TightVNC\TightVNCServerSettings.reg"
"%SYSTEMDRIVE%\Program Files\TightVNC\tvnserver.exe" -install -silent
"%SYSTEMDRIVE%\Program Files\TightVNC\tvnserver.exe" -start -silent

Step 5. Unmount and save your Windows PE image.
Dism /Unmount-Image /MountDir:C:\WinPE_amd64\mount /Commit

Step 6. Once your Windows PE image is saved and unmounted, create your Windows PE media using the command MakeWinPEMedia. Below is an example for a USB drive on D:\.
MakeWinPEMedia /ufd C:\WinPE_amd64 D:

Boot Windows PE and remote in


Test your TightVNC enabled Windows PE boot media by booting a computer with your Windows PE boot media. On another computer on the same network, connect to your Windows PE machine with TightVNC viewer. You'll need the IP address of the Windows PE computer. How you work this out, we'll leave up to you.

No comments:

Post a Comment