C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Windows Vista
Overview
I.Unattended Install
II.Custom Vista Image
III.Deploying with
BDD Workbench
Creating Unattended
Application Installations
On this page:
Setting up Deployment Workbench
Creating a build configuration
Building a Lite Touch boot disk
Building a workstation with Lite Touch
Related Links
Using Active Directory to Lock Down Your Network
Microsoft Active Directory provides the means to manage the identities and relationships that make up your network environment. Find webcasts, virtual labs, and other resources that show how you can use Active Directory to help establish secure administrative policies and practices.
NIST
NIST, Computer Security Resource Center.
WaveSec
WaveSec is a part of the FreeS/WAN project looking at how it FreeS/WAN applies to Wireless LANs. They provide tools, documentations and sample configurations.
Who better than the NSA for advice?
A little known resource, the NSA offers may guides on a range of topics.
Insecure.org
Scanners, sniffers, and many more useful tools for the security minded.

Deploying Vista

Print view

III.Deploying Vista Via BDD 2007 Deployment Workbench

Business Desktop Deployment (BDD) 2007 is a suite of applications and processes, created by Microsoft, for deploying Vista and other Microsoft applications. BDD 2007 encompasses all the necessary stages of the deployment process from a business perspective, including team guides and comprehensive project plans. It is not the intention of this guide to examine in depth all the aspects of BDD 2007, but to give an overview (a how-to) of the practical application of the BDD 2007 tools and utilities.

The previous section covered the creation of an image file containing all necessary configurations and applications. If the environment is uniform this process works well. If, however, a higher degree of flexibility is required for the final workstation configurations BDD 2007 provides the Deployment Workbench.

The Deployment Workbench is a MMC snap-in to manage source files, distribution shares, and application installation parameters. At a high level, the stages are; add the operating system source files; add application source files; add additional out-of-the-box drivers; create a build configuration; create a distribution/deployment point. The Deployment Workbench will also create custom PE based boot disks, and organize workstation configurations on a group or individual basis.

This scenario will cover the creation of an initial deployment infrastructure, within a virtual environment (VM Ware). It will also include the addition of MS Office 2007 and VM Ware Tools applications. The infrastructure will be used to deploy a workstation with Vista, Office 2007, and VM Ware tools. The workstation will be joined to a domain "Vista".

Foundation

If, after you have tested these processes for yourself, you would either like to know more, or help and advice with a project, look at our Deployment page for more information. Alternatively, call C3SC at +1 866 799 2969.

Download and install VM Ware Workstation on a machine with at least 2 GB of RAM and 80 GB of available disk space, running Windows XP or 2000.

Build an initial virtual workstation (VM1) using Windows XP (SP2), Vista, or Windows 2003 Server (SP1). VM1 will need 512 MB of RAM, 30 GB of disk space, with CD-ROM and floppy devices attached. Install VM Ware Tools.

Create a second virtual hard disk (20GB) and attach it to VM1. This will be e:\ and will store everything related to the Deployment Workbench process.

Download and install the Windows Advanced Installation Kit on VM1.

Download and install the BDD 2007 Deployment Workbench on VM1 with the default values.

Setting Up Deployment Workbench

  1. Navigate to the programs menu Deployment Workbench and start the application
  2. On the left of the screen, select Information Center > Components.
  3. Ensure MSXML 6.0 and Windows Automated Installation Kit appears under the Installed section. If they are not listed there, click on the needed component from the list and click on the Download button, next to the Details field.
  4. Create a deployment point:
    1. On the left screen, click Deploy, and right click Deployment Point and select New. This action will start the Deployment Wizard. There are several options but for the sake of this description use Lab or single-server deployment.
    2. Name the deployment point LabDeployment, and leave the Allow users to select additional applications on upgrade box checked.
    3. Un-check the Ask if an image should be captured box.
    4. Leave the Ask user to set the local Administrator password box un-checked.
    5. Leave the Ask user for a product key unchecked.
    6. Specify the server name as VM1.
    7. Type the share name: Distribution$
    8. Set the path for the share as E:\Distribution
    9. Select Do not save data and settings. The migration of user data and application settings will be covered in a later section.
    10. Click Create.
  5. Add application: Office 2007
    1. On the left screen, under Distribution Share, right click Applications and select New. This action will start the New Application Wizard.
    2. Leave Application with source file checked.
    3. Enter as many details as possible for the application. Using MS Office 2007 as the example;
      Publisher: Microsoft
      Application Name: Office
      Version: 2007
      Language: US English
      Platform:; x86 platform only
    4. Insert the source media. Alternatively, if there is a network share, with a customized installation template, list that as the source. (To learn more about creating custom installations of MS Office for your environment go to Customizing Office 2007 Installations).
    5. Leave the directory name as Microsoft Office 2007.
    6. Enter the installation command line:
      setup.exe /adminfile MyOffice07.msp

      (where MyOffice07.msp is the customized installation template)

    7. Click OK to save the configuration.
  6. Add application: VM Ware Tools
    1. Mount the Windows.iso file as a CD ROM for VM1.
    2. Go to CD ROM and expand the source files to a temporary directory:
    Setup /a

      and follow the prompts.

      Note: it is possible that not all the files needed are extracted to the necessary directories. There should be (along with the MSI file) two sub-directories; Program Files and System32. Copy these directories from the original installation CD (Windows.iso), and over write the directories extracted by the setup program.

    1. Repeat steps a) through h) with appropriate settings for VM Ware Tools.
    2. To install VM Ware Tools in an unattended mode, use the temporary directory as the source media. When the files have been copied to the deployment share point the temporary directory can be deleted.
    3. Enter a directory name for VM Ware Tools.
    4. Use the command line:
    msiexec.exe /i "vmware tools.msi" /qn ADDLOCAL=ALL REBOOT="ReallySuppress" /log %tmp%vmtools.log
    1. Click OK to save the configuration.
  7. Add the Vista operating system files.
    1. On the left screen, under Distribution Share, right click on Operating Systems and select New. This action will start the New OS Wizard.
    2. Select Full set of source files.
    3. Insert the Vista CD and type the source directory d:\
    4. Leave the default destination directory name.
    5. Click Copy.
  8. At this point additional operating system packages would be added, such as hotfixes, service packs and language pack. However, just the base operating systems will be installed in this example.
  9. Add addition out-of-the-box drivers.
    1. On the left screen, under Distribution Share, right click on Out-of-Box Drivers and select New. This action will start the New Driver Wizard.
    2. Navigate to "C:\Program Files\VMware\VMware Tools\Drivers\vmxnet" and select vmware-nic.inf. Repeat for vmxnet.inf and ..\video\vmx_svga.inf

Adding a Workstation Build Configuration

  1. In Deployment Workbench, in the left screen, right click on Builds and select New.
  2. Enter the following settings:
Build ID: Vista-Office-1
Build name: Vista and Office 2007 base build.
Build comments: Install Vista OS, VM Ware Tools, and Office 2007 on a new machine.
  1. Select the operating system to use. The list should contain the operating system loaded in step 7) of the previous section.
  2. For testing purposes select Do not specify a product key at this time.
  3. Add Full Name, Organization, and Home Page settings appropriate to the environment.
  4. Specify the Administrator password: P@55w0rd.
  5. Hit Create.

Creating a Lite Touch PE Boot Disk

  1. On the left screen, click Deploy, and Deployment Point.
  2. The deployment point created during stage 4) of the previous section will be listed on the center screen.
  3. Right click on the deployment point and select Properties.
  4. Click on the Windows PE tab.
  5. Check the box Generate a Lite Touch bootable RAM ISO image, and clear the other three check boxes in the Images to Generate section of the screen.
  6. Ensure all the check boxes are checked for the Driver Injection section and click OK.
  7. Right click on the deployment point again and select Update. Deployment Workbench will build the ISO file.

Building a workstation with the Lite Touch bootable ISO

  1. Transfer the ISO image file, E:\Distribution\Boot\LiteTouchPE_x86.iso, to the host operating system. (e.g. drag the file from the virtual machine and drop it on the host machine desktop).
  2. Create a new virtual workstation within VM Ware, named VM2, with 512MB of RAM and 20GB of disk space.
  3. If an ISO mount utility is available to emulate a CD ROM drive, mount the ISO file as a drive letter. Configure the new virtual machine, VM2, to use the new host operating system "physical" CD ROM drive. Alternatively, configure the new virtual machine, VM2, to use the ISO file directly. (The first method is preferable. Using the ISO file directly with VM Ware and Vista has, occasionally, caused unpredictable results).
  4. Boot the new virtual workstation, VM2.
  5. The Windows Deployment wizard will start.
  6. Select the keyboard layout, e.g. United States.
  7. Change the computer name to VM2.
  8. Select Join a Domain and fill in the credentials fields (e.g. vista, joiner, l3TME1N, vista).
  9. Select Do not restore user data and settings.
  10. Select the operating system image created in section 8) of Setting Up Deployment Workbench.
  11. Enter credentials for connecting to network shares (e.g. administrator, P@55w0rd, vista).
  12. Use the default No product key is required.
  13. Select Location and Keyboard from the lists (e.g. US English).
  14. Select a time zone (e.g. Eastern Standard Time).
  15. Check the check boxes of available applications for Microsoft Office 2007 and VM Ware VM Tools 5.5.
  16. Choose a local (VM2) administrator password (e.g. P@55w0rd).
  17. Click Begin.
  18. When the build is complete, restart the computer and validate the applications and settings.
▲Top of page
Did you know?
Folder views.
If you want all your files and folders to be listed the same way in Explorer, display the format you want in the right pane, e.g. details view, sorted by file type. Then Tools>Folder Options and the Views tab. Hit the Apply to All Folders button and the next time you traverse to a folder it will be in your "standard " display format.
Wireless networks are more vulnerable to hackers - so they need additional protection.
Encryption technologies such as Wi-Fi Protected Access can help. Although there are weaknesses with WEP, some legacy systems do not support more modern protocols like WPA, and so WEP is still better than nothing and will deter most casual eavesdropping.
Frozen Explorer session?
If your explorer session has stopped responding, hit CTRL+SHFT+ESC to bring up taskmanager. On the processes tab, look for explorer.exe in the Image Name column and hit the End Process button. Your windows session will now seem to disappear. It can be restarted in taskmanager by going to File>New Task (Run) and typing explorer.exe.
Many wireless access points, public and private, are open.
In a study of 2600 around Indianapolis, researchers from the University of Cambridge found 46% running with no encryption, and many were still using default settings.
The easiest way to get someone's password - ask.
Make sure you have adequately trained you employees to expect and recognize "social engineering" attacks.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com