C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Windows Vista
Overview
I.Unattended Install
II.Custom Vista Image
III.Deploying with
BDD Workbench
Creating Unattended
Application Installations
On this page:
Unattended Install (simple)
Creating an answer file
Adding components to the answer file
Adding additional drivers
Validating an answer file
Building a workstation
Related Links
Using Active Directory to Lock Down Your Network
Microsoft Active Directory provides the means to manage the identities and relationships that make up your network environment. Find webcasts, virtual labs, and other resources that show how you can use Active Directory to help establish secure administrative policies and practices.
Benefits of Linux
If you are undecided on what OS to use, see some of the added value of Linux.
Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.
linux-wlan project
The goal of the linux-wlan project is to develop a complete, standards based, wireless LAN system using the GNU/Linux operating system.
PoPTop
PoPTop, a PPTP server for Linux.

Deploying Vista

Print view

This page is dedicated to showing you, step by step, how to build a deployment infrastructure using Microsoft’s latest tools and methodologies.

Before deploying any new operating system it must be tested. Ideally a lab should be constructed, representative of the IT environment. However, a very practical alternative are virtual environments. Either Microsoft’s Virtual PC or VM Ware work well, and both have snapshot and rollback functions.

These instructions will use VM Ware Workstation 5.5 (although the free product VM Ware Server will also work). However, the process will be the same for individual machines. Where appropriate, there are links to the specific tools or utilities used. Licensing issues are not covered here and are the responsibility of the implementation team.

Note: testing with VM Ware Workstation 5.5 using ISO images in place of physical drives caused unpredictable results. Either burn the necessary ISO files to CD or use an ISO mount tool that is external to VM Ware. You will also need to include the network drivers in the next stages to simulate interaction with an external network.

There will be three basic processes for new builds. Upgrades of existing machines will be dealt with in later sections. It is recommended that these sections be covered first to develop an understanding of the tools and terminology

I. Unattended Installation with a Custom Answer File and Original Media

The first scenario will be an unattended installation, using the original media and an answer file. It is useful for new machines needing a standard configuration. It requires the least network traffic, and can be used in remote locations with poor connectivity. As part of the process the machine will be joined to an Active Directory domain (vista), using a domain ID "joiner" with the necessary permissions, and so some network connectivity will be necessary. If this is not a requirement, the process can be performed in isolation. A new local user (LocUser) will be created and granted administrator privileges. In addition, a domain user (DomUser) will be added to the local administrators group and the workstation will have autologon configured to use the local administrator account.

Foundation

Download and install VM Ware Workstation on a machine with at least 2 GB of RAM and 80 GB of available disk space, running Windows XP or 2000.

Build an initial virtual workstation (VM1) using either Windows XP, Vista, or Windows 2003 Server. VM1 will need 512 MB of RAM, 30 GB of disk space, with CD-ROM and floppy devices attached. Install VM Ware Tools.

Download and Install the Windows Advanced Installation Kit on VM1.


Create a custom answer file

  1. Insert the Windows Vista product DVD into the local DVD-ROM drive on VM1.
  2. Navigate to the \Sources directory on your DVD-ROM drive. Copy Install.wim from the product DVD to a location on VM1, for example, C:\Vista_Installation.
  3. Open Windows System Image Manager (WSIM) by clicking Start > All Programs > Microsoft Windows AIK, and then clicking Image Manager.
  4. On the File menu, click Select Windows Image.
  5. Navigate to the location where you saved install.wim, and then click Open.
    Note: if this is the first time you have opened the Windows image file you will be prompted to create a catalog file. Hit Yes. The process may take a couple of minutes, but it’s a onetime event.
  6. In Select an Image, select the appropriate version of Windows Vista, and then click OK. (On some media there will only be one option).
  7. On the File menu, click New Answer File.

    Note: This link is to an example answer file. It will perform the steps listed in the scenario description.


Add components to the answer file

In WSIM, on the Windows Image pane, expand the Component node to display available settings.

Add the components in the following table to your answer file by right-clicking the component and then selecting the appropriate configuration pass.

Note: You can expand the component list until you see the lowest setting listed above, and then add that setting to your answer file. This shortcut adds the setting and all parent settings to your answer file in one step.

In the Answer File pane, select and configure each setting as specified.

Pass=WindowsPE
Microsoft-Windows-Setup
\DiskConfiguration\Disk\CreatePartitions\CreatePartition Order=1
Size=20000
Type=Primary
\DiskConfiguration\Disk\ModifyPartitions\ModifyPartition Active=true
Extend=false
Format=NTFS
Label=OS_Partition
Letter=C
Order=1
PartitionID=1
\DiskConfiguration\Disk DiskID=0
\DiskConfiguration\Disk WillWipeDisk=true
\DiskConfiguration\ WillShowUI=OnError
\ImageInstall\OSImage\InstallTo DiskID=0
PartitionID=1
\ImageInstall\OSImage WillShowUI=OnError
\UserData\ProductKey WillShowUI=OnError
\UserData AcceptEula=true
\DynamicUpdate Enable=true
Microsoft-Windows-International-Core-WinPE
\SetupUILanguage UILanguage=en-US
\ UILanguage=en-US
InputLocale=en-US
UserLocale=en-US
SystemLocale=en-US
Microsoft-Windows-PnpCustomizationsWinPE
\DriverPaths\PathAndCredentials Path=A:\Drivers\vmxnet
\DriverPaths\PathAndCredentials Path=A:\Drivers\Video

Pass=specialize
Microsoft-Windows-Shell-Setup
\ ComputerName=*
TimeZone=Eastern Standard Time
\AutoLogon Enabled=true
LogonCount=5
Username=administrator
\AutoLogon\Password Value=P@55w0rd
\Display ColorDepth=32
HorizontalResolution=1280
VerticalResolution=1024
Microsoft-Windows-UnattendedJoin
\Identification\Credentials Domain=vista
Password=l3TME1N
Username=joiner
\Identification JoinDomain=vista

Pass=oobeSystem
Microsoft-Windows-Shell-Setup
\UserAccounts\LocalAccounts\LocalAccount DisplayName=LocUser
Name=LocUser
Group=administrators
\UserAccounts\LocalAccounts\LocalAccount\Password Value=userpwd *if this is not set the user will be prompted to set one during 1st logon
\ TimeZone=Eastern Standard Time
\UserAccounts\AdministratorPassword Value=P@55w0rd
\UserAccounts\DomainAccounts\DomainAccountList\DomainAccount Name=DomUser
Group=Administrators
\AutoLogon Enabled=true
LogonCount=5
Username=administrator
\AutoLogon\Password Value=P@55w0rd
\Display ColorDepth=32
HorizontalResolution=1280
VerticalResolution=1024
\OOBE NetworkLocation=Work
ProtectYourPC=1
Microsoft-Windows-International-Core
\ InputLocale=en-US
SystemLocale=en-US
UILanguage=en-US
UserLocale=en-US

Add additional drivers (e.g. VM Ware)

Note: additional drivers are installed from a UNC path. So if the NIC is not supported the necessary drivers must be copied to the floppy (or USB key).

a. Network Drivers

  1. Copy the driver to the A: drive, under a subdirectory, e.g. a:\drivers. If you have installed VM Ware Tools on VM1, the necessary drivers are at C:\Program Files\VMware\VMware Tools\Drivers.
  2. In Windows SIM select menu option Insert > Driver Path > Pass 1 windowsPE..
  3. Navigate to the driver directory on the A: drive, and hit Enter
  4. In the Answer File pane of Windows SIM and new branch will be displayed Microsoft-Windows-PnpCustomizationsWinPE > DriverPaths > PathAndCredentials.
  5. There will be a sub-branch for Credentials, containing parameters for Domain, Password, Username.
  6. As the driver will be on a local drive (the A: drive) these parameters are not necessary. To avoid error messages during Answer File Validation, click on the Credentials branch and hit Delete.

b. Other drivers

  1. Create a network share point and copy the drivers to a suitably named directory.
  2. In Windows SIM select menu option Insert > Driver Path > Pass 1 windowsPE..
  3. Navigate to the driver directory on the UNC share, and hit Enter. (Using a mapped drive will not work).
  4. In the Answer File pane of Windows SIM and new branch will be displayed Microsoft-Windows-PnpCustomizationsWinPE > DriverPaths > PathAndCredentials.
  5. There will be a sub-branch for Credentials, containing parameters for Domain, Password, Username.
  6. Enter a set of credentials that the system can use to connect to the drive.

Validate the answer file

  1. In Windows SIM, click Tools, and then click Validate Answer File. The values in the answer file are compared with the available settings in the Windows image.
  2. Messages appear to indicate a successful validation. Error messages appear in the same location if the validation was not successful.
  3. To fix errors, double-click the error in the Messages pane, change the setting, and then revalidate.
  4. On the File menu, click Save Answer File. Save the answer file as Autounattend.xml.
  5. Copy Autounattend.xml to the root of removable media such as a Universal Flash Device or floppy disk.

Creating base workstation configuration

  1. Create a new virtual machine with 512MB, 20GB, and CD-ROM and Floppy devices.
  2. Turn on the new computer and insert the removable media containing the answer file (Autounattend.xml) and the Windows Vista product DVD.
  3. Restart the computer. Windows Vista Setup (Setup.exe) starts automatically and searches all removable media for an answer file named Autounattend.xml.

    Note: For the installation process to reboot and continue unattended, the boot sequence in the computer BIOS must be CD-ROM, Hard drive, Removable media (floppy). Otherwise the process will hang while attempting to read the OS from a floppy.

  4. After Setup is complete, ensure that all customizations in the answer file were applied as specified.

We know what we're doing. Call C3SC at +1 866 799 2969 - now.
▲Top of page
Did you know?
The easiest way to get someone's password - ask.
Make sure you have adequately trained you employees to expect and recognize "social engineering" attacks.
Folder views.
If you want all your files and folders to be listed the same way in Explorer, display the format you want in the right pane, e.g. details view, sorted by file type. Then Tools>Folder Options and the Views tab. Hit the Apply to All Folders button and the next time you traverse to a folder it will be in your "standard " display format.
Only and estimated 25% of companies report computer intrusions to law enforcement.
They site bad publicity and loss of credibility as major concerns.
Spam problems?
Microsoft filters out over three billion spam messages a day.
Wireless networks are more vulnerable to hackers - so they need additional protection.
Encryption technologies such as Wi-Fi Protected Access can help. Although there are weaknesses with WEP, some legacy systems do not support more modern protocols like WPA, and so WEP is still better than nothing and will deter most casual eavesdropping.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com