C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Windows Vista
Overview
I.Unattended Install
II.Custom Vista Image
III.Deploying with
BDD Workbench
Creating Unattended
Application Installations
On this page:
Building a PE Boot Disk
Preparing for Image Capture
Capturing an Image File
Manually Deploying an Image
Related Links
Insecure.org
Scanners, sniffers, and many more useful tools for the security minded.
PoPTop
PoPTop, a PPTP server for Linux.
Comprehensive personal security
Zone Alarm Internet Security Suite.
Information Week
News, events and security articles.
WaveSec
WaveSec is a part of the FreeS/WAN project looking at how it FreeS/WAN applies to Wireless LANs. They provide tools, documentations and sample configurations.

Deploying Vista

Print view

II.Deploying Vista Via an Image File

The second scenario will involve the creation of a master image file, deployment point to host the image file and any additional applications to be added during installation, and the creation of an automated PE boot disk to contact the share and load the operating system image file.

This example would be of use for larger deployments, requiring additional applications, with high bandwidth network connections.

Foundation

Download and install VM Ware Workstation on a machine with at least 2 GB of RAM and 80 GB of available disk space, running Windows XP or 2000.

Build an initial virtual workstation (VM1) using either Windows XP, Vista, or Windows 2003 Server. VM1 will need 512 MB of RAM, 30 GB of disk space, with CD-ROM and floppy devices attached. Install VM Ware Tools.

Download and Install the Windows Advanced Installation Kit on VM1.


Building a Custom PE Boot Disk

  1. From VM1, open a command-line window and run Copype.cmd to create a local Windows PE build directory:
    Cd Program Files\Windows AIK\Tools\PETools\
  2. Copype.cmd arch destination where arch can be x86, amd64,or ia64 and destination is a path to a local directory, for example, type:
    Copype.cmd x86 C:\WinPE_x86
  3. Copy additional tools such as ImageX into your Windows PE build directory. For example, type:
    Copy “C:\Program files\Windows AIK\Tools\x86\imagex.exe” C:\WinPE_x86\iso\subfolder
  4. Where subfolder is any folder structure required to support your tools.
  5. Using Notepad or any text editor, create the following configuration file, and then save it with the name wimscript.ini:
    [ExclusionList]
    ntfs.log
    hiberfil.sys
    pagefile.sys
    "System Volume Information"
    RECYCLER
    Windows\CSC
    [CompressionExclusionList]
    *.mp3
    *.zip
    *.cab
    \WINDOWS\inf\*.pnf

    Note: This configuration file instructs ImageX to exclude certain files during the capture operation you will do in the next step.

  6. ImageX automatically detects wimscript.ini if it is located in the same location.
  7. Save the configuration file to the same location as Imagex as specified in the previous step. For example:
    C:\WinPE_x86\iso\subfolder
  8. To save the captured image to a network share, the VM Ware network drivers must be included in the PE iso image.
  9. Start by mounting the WIM image file:
    imagex /mountrw c:\winpe_x86\winpe.wim 1 c:\winpe_x86\mount
  10. Add the drivers to the image file, assuming the drivers are in the "C:\Program Files\VMware\VMware Tools\Drivers\vmxnet” location:
    peimg /inf="C:\Program Files\VMware\VMware Tools\Drivers\vmxnet\vmxnet.inf" c:\winpe_x86\mount\windows
    peimg /inf="C:\Program Files\VMware\VMware Tools\Drivers\vmxnet\vmware-nic.inf" c:\winpe_x86\mount\windows
  11. Copy the inf files to the \inf folder under the \windows directory
    copy "C:\Program Files\VMware\VMware Tools\Drivers\vmxnet\vmxnet.inf" c:\winpe_x86\mount\windows\inf
    copy "C:\Program Files\VMware\VMware Tools\Drivers\vmxnet\vmware-nic.inf" c:\winpe_x86\mount\windows\inf
  12. Finalize the changes in the PE image file:
    peimg /prep /f c:\winpe_x86\mount\Windows
  13. Commit the changes and dismount the image file:
    imagex /unmount /commit c:\winpe_x86\mount
  14. Create an image file (.iso) by using the Oscdimg tool. To do this, type:
    Oscdimg c:\winpe_x86\ISO c:\winpe_x86\winpe_x86.iso -n –bc:\winpe_x86\etfsboot.com
  15. Burn the image (Winpe.iso) onto the blank CD-ROM, or copy it to the host workstation and mount it with an ISO emulation tool. You now have a Windows PE CD with ImageX.

Note: This link is to an example batch file. It will perform the steps listed above.


Preparing the Workstation for Image Capture

  1. Build a workstation, either manually, or using an unattend.xml answer file.
  2. Install additional applications, e.g. Office and VM Ware tools.
  3. Prepare the workstation by removing all machine specific settings:
    c:\windows\system32\sysprep\sysprep.exe /oobe /generalize /shutdown

Capture the Image File and transfer it to the Network

  1. Boot from the PE boot disk
  2. At the PE prompt, type:
    d:\tools\imagex.exe /compress fast /capture c: c:\custom.wim "my Vista Install" /verify
  3. Copy the image to a network location. If the environment is VM Ware, the drivers will have been included on the PE Boot disk by the earlier stages. Connect to a network share and copy the image file from the C: drive to the share point.

Manual Deployment of a Custom Vista Image File from A Network Share

Once an image file has been captured and stored on a network share point, applying the image to a new workstation is very similar to the capture process. The workstation is booted from the Windows PE CD, created in the previous section, and ImageX is used to apply the image file to the local hard drive.

Two additional points to note are; if a partition does not exist on the new workstation, one must be created (and of the same size as defined in the answer file Autoinstall.xml), and secondly, copying the image file locally before applying it will greatly enhance performance and reduce network traffic.

  1. On the destination computer, boot from the PE disk and launch a command-prompt window.
    Note If this machine has been used for testing already, the hard drive contains an active partition. Override the boot order to boot from the CD/DVD-ROM drive.
  2. Format the hard drive to reflect the required disk configuration requirements by using DiskPart. Even if the machine has a viable partition, it is still necessary to format the drive. From a command prompt, type:
    diskpart
    select disk 0
    clean
    create partition primary size=20000
    select partition 1
    active
    format
    exit
    Note You can script this information by saving this information to a text file and storing it in the same location as your image. To run the script from a Windows PE command prompt, type diskpart /s scriptname.txt
  3. Copy the image from the network share to your local hard drive. For example, from the command prompt, type:
  4. Apply the image to the hard drive using ImageX located on your Windows PE media. For example, from the command-prompt window, type:
    d:\custom\imagex.exe /apply c:\custom.wim 1 c:
  5. Boot the machine and verify the successful application of the image.

Too much?

Need help?

Call C3SC at +1 866 799 2969 - Now!
▲Top of page
Did you know?
Many wireless access points, public and private, are open.
In a study of 2600 around Indianapolis, researchers from the University of Cambridge found 46% running with no encryption, and many were still using default settings.
The easiest way to get someone's password - ask.
Make sure you have adequately trained you employees to expect and recognize "social engineering" attacks.
Spam problems?
Microsoft filters out over three billion spam messages a day.
Email is a hackers gateway to your network.
Make sure you have adequately trained your employees in good email hygiene to reduce virus attacks.
Folder views.
If you want all your files and folders to be listed the same way in Explorer, display the format you want in the right pane, e.g. details view, sorted by file type. Then Tools>Folder Options and the Views tab. Hit the Apply to All Folders button and the next time you traverse to a folder it will be in your "standard " display format.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com