Michael Niehaus' Windows and Office deployment ramblings
In MDT 2012 Beta 2, a new feature has been added: the ability to integrate the Microsoft Diagnostics and Recovery Toolset (DaRT) 7 into the Lite Touch boot images generated by MDT. The end result is a new option when booted into Windows PE:
And when you choose the “Run DaRT Tools” option, you can see all the tools that DaRT offers:
While you will typically see DaRT positioned as more of a “recovery” tool, you can probably see the “diagnostics” benefits too, using the provided tools to inspect the current computer.
One of the new features in DaRT 7 is especially useful: remote control. Using this you can access a remote computer even while it is in Windows PE. There is a client-side agent for this that is automatically executed as soon as the MDT “Welcome” wizard completes. (We don’t start it before then because you might be using static IP addressing that would be configured through the “Welcome” wizard. If you aren’t planning to use static IP, you can skip the “Welcome” wizard by setting “SkipBDDWelcome=YES” in CustomSettings.ini.) You’ll see this minimized on the bottom left of the screen:
If you restored that to a full window, you would see that it is listening for connections:
From a computer with DaRT installed, you can run the “DaRT Remote Connection Viewer” to make the connection, just type in the ticket number, IP address, and port. (If you’ve enabled the MDT 2012 monitoring feature, to be discussed more in a future blog posting, this process is automated – the connection details are automatically provided.) The connection performance is good, just like you are using a typical RDP connection. (Really, that’s exactly what you are doing – this uses the same underlying protocol as a typical remote desktop connection.)
So how do you enable the DaRT integration? The MDT documentation explains this, although there is an error in step #1, which I’ve rewritten below:
Enable DaRT support Copy the Tools.cab file from the DaRT installation to the appropriate tools folder (either Tool\x86 or Tools\x64) in a deployment share. Click Start, and then point to All Programs. Point to Microsoft Deployment Toolkit, and then click Deployment Workbench. In the Deployment Workbench console tree, go to Deployment Workbench/Deployment Shares In the details pane, click deployment_share (where deployment_share is the name of the deployment share for which you want to enable DaRT support). In the Actions pane, click Properties. The deployment_share Properties dialog box appears (where deployment_share is the name of the deployment share for which you want to enable DaRT support). In the deployment_share Properties dialog box, on the Windows PE tab, select platform (where deployment_share is the name of the deployment share for which you want to enable DaRT support and platform is the processor architecture platform for which you want to enable DaRT support), select the Microsoft Diagnostics and Recovery Toolkit (DaRT) check box, and then click OK. Update the deployment share. As a part of updating the deployment share, the DaRT files are integrated with the Lite Touch Windows PE .wim files, which automatically include Windows RE. When the .wim files are installed on the target computer, DaRT support will automatically be included. Note For more information about updating a deployment share see Update a Deployment Share in the Deployment Workbench Close all open windows and dialog boxes.
So how do you know which folder to copy the “Tools.cab” into? Well, when you install DaRT on an x86 OS, you get an x86 Tools.cab, so that goes into the Tools\x86 folder. Conversely, when you install DaRT on an x64 OS, you get an x64 Tools.cab, so that goes into the Tools\x64 folder. (Yes, that’s less than ideal as it means you need an x86 and an x64 install of DaRT to get both platform files. We’re working on that. In the meantime, you can cheat: you can do an administrative install of the opposite platform using “msiexec.exe /a MSDart70msi”. That will end up creating the folder structure, but not any of the shortcuts, for the opposite platform install.)
Once you’ve copied the files into the right place, you can then see a new Windows PE component in the deployment share properties:
Check the DaRT checkbox (for each platform), apply the changes, update the deployment share, and you’re done.
A few common questions:
DaRT is a component of the Microsoft Desktop Optimization Pack (MDOP). To get DaRT, you need to get MDOP. To get MDOP, you need to have Software Assurance on your client computers (or be using Windows Intune). If you have any questions, contact your local Microsoft account team. (Don’t know who they are? Drop me an e-mail and I’ll find out.)
The DaRT remote control agent writes a file to the X:\Windows\system32 folder with the details needed to make a remote control connection (ticket, IP address, port). This file is found by the MDT “Gather” script (you can see the values in the BDD.LOG). When monitoring is enabled, those details are passed along to the monitoring server and stored, making it easy to initiate remote control with a simple button push:
This initiates the DaRT Remote Connection Viewer with command line parameters with the required details (ticket, IP address, port).
Well, sort of. If you copy the Tools.cab files into the C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\<platform> folder, you will then see the “Microsoft Diagnostics and Recover Tools (DaRT)” option in the MDT wizard for creating a new boot image in ConfigMgr:
So that adds the pieces into the boot image, but you would still need to run them as part of a ConfigMgr task sequence with a command line like “cmd.exe /c start /min x:\windows\system32\RemoteRecovery.exe -nomessage”.
For people that want to know more about the ConfigMgr integration. I blogged about it. scug.be/.../use-dart-remoteviewer-to-monitor-your-osd-deployments.aspx
I cannot see the "Run Dart Tools" and "Run the Windows Recovery Wizard" on the Startup Wizard. I have addes both x86 and x64 MSDaRT Tools.cab files into their correct directory and still no sign of them.
Make sure that you have followed all the steps: Add the tools.cab, enable the component in the deployment share's Windows PE properties, update the deployment share to generate new boot images, and then create new CDs or update WDS (depending on how you are initiating a bare metal deployment).
This is really nice. Back in the old days I had two boot images in WDS. One for lite touch and another for DART (or whatever it was called back then). Then when SCCM came out and took control of the WDS server that killed being able to boot multiple disks from WDS.
This is super nice!
Is there anyway to access the DaRT remote information WITHOUT turning on logging for MDT 2012? Our MDT server is currently firewalled off so the monitoring will not work without a systems engineer opening the firewall port. I looked through the BDD dynamic log file that is written to the server when the TS is running, but I couldn't find a mention for the ticket or port number for remote control.
Once you've enabled DaRT, the Lite Touch script will automatically set some task sequence variables (DartTicket, DartIP, DartPort) with the details needed to make a remote viewing connection.
With monitoring enabled, these details are automatically provided to the server. If you aren't using monitoring, you would need a different mechanism for providing these to the server. That's certainly doable, ranging from the simple (SLShareDynamicLogging) to fancier (e.g. writing a script to create a batch file that includes the necessary command line, including the ticket, IP, and port).
Michael, thanks for sharing this and all of the other great information on your site that we have been benefiting from over the years.
I have a question about this feature... Both at our site, and in your screenshot above, I see that some of the DaRT features are disabled when launched from LiteTouch boot media (SFC, Hotfix uninstall, Computer Management, Locksmith). I am assuming this is because the DaRT tools do not know where to look for the Windows operating system. On a "regular" DaRT WinPE install, you are first prompted to identify the Windows OS partition before DaRT launches.
Do you have any guidance on enabling these additional features for DaRT on the LiteTouch media?
The DaRT items that aren't enabled when you choose the "Run DaRT Tools" option on the MDT "welcome" wizard would be enabled if you chose the "Run Windows Recovery Wizard" option. That would show you the "select an OS" wizard that you are familiar with; once you've made that choice, you can then choose "DaRT" from the WinRE menu and the options will be enabled.
We didn't want to force you through that route, because the "Windows Recovery Wizard" option is only available if we can find a boot.wim that matches the WAIK version. And you might not have an OS on the machine, but you still want to use some of the tools.
Is it possible to turn off the Locksmith tool or password protect the use of DaRT?
MDT includes a default DartConfig.dat file that enables all components. You could use the DaRT wizard to generate a new one of these that disables some components, then overwrite the DartConfig.dat file in the MDT installation directory with your modified version.
If the Windows 7 system enables syskey and EFS, can the user still able to read those EFS-encrypted files without having to reimport the EFS certificate, after his/her password resetted by LockSmitch?
I have successfully integrated the DaRT feauture in my MDT 2012 Menu. Thank you by the way for all the wonderful information you put out there. I have also implemented a driver selection screen following one of your posts.
My question here is I do not have the "Run the Windows recovery Wizard" option in my menu and I am wondering if you can expnad on that or point me to another post you may have done. Looking at another post i found it looks like it may be due to my WAIK version. I am at Win PE 3.0 and we deploy Win 7 Ent SP1, so is this a matter of my WinPe is 7600 and my wim is 7601?
Thank you in adavance,
This is a great article, thank you. I've got just about everything working except for Defender. It pops an error that states "The tool failed to run. Try choosing another tool." Any ideas?
curious if this is how it works or not i have setup the DaRT 8.0 Integration and i can remotely connect to a deployment my problem seems to be as the machine reboots and then starts to install applications i cannot remote to connect. is this because it is now booting to the OS instead of the WinPE is there anyway to get it to remote connect in the same way to monitor??
DaRT only works in Windows PE, so as soon as you boot into the full OS you would need to use a remote desktop connection (as Administrator to the console) to watch what was going on.