C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Windows Vista
Overview
I.Unattended Install
II.Custom Vista Image
III.Deploying with
BDD Workbench
Creating Unattended
Application Installations
On this page:
Setting up Deployment Workbench
Creating a build configuration
Building a Lite Touch boot disk
Building a workstation with Lite Touch
Related Links
Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.
Information Week
News, events and security articles.
Security Focus
A great selection of tools and utilities.
Wireless LAN resources for Linux
Zone Alarm Internet Security Suite.
Newbie?
Whether brand new or looking for expansion, LinuxFromScratch is a great resource.

Deploying Vista

Print view

III.Deploying Vista Via BDD 2007 Deployment Workbench

Business Desktop Deployment (BDD) 2007 is a suite of applications and processes, created by Microsoft, for deploying Vista and other Microsoft applications. BDD 2007 encompasses all the necessary stages of the deployment process from a business perspective, including team guides and comprehensive project plans. It is not the intention of this guide to examine in depth all the aspects of BDD 2007, but to give an overview (a how-to) of the practical application of the BDD 2007 tools and utilities.

The previous section covered the creation of an image file containing all necessary configurations and applications. If the environment is uniform this process works well. If, however, a higher degree of flexibility is required for the final workstation configurations BDD 2007 provides the Deployment Workbench.

The Deployment Workbench is a MMC snap-in to manage source files, distribution shares, and application installation parameters. At a high level, the stages are; add the operating system source files; add application source files; add additional out-of-the-box drivers; create a build configuration; create a distribution/deployment point. The Deployment Workbench will also create custom PE based boot disks, and organize workstation configurations on a group or individual basis.

This scenario will cover the creation of an initial deployment infrastructure, within a virtual environment (VM Ware). It will also include the addition of MS Office 2007 and VM Ware Tools applications. The infrastructure will be used to deploy a workstation with Vista, Office 2007, and VM Ware tools. The workstation will be joined to a domain "Vista".

Foundation

If, after you have tested these processes for yourself, you would either like to know more, or help and advice with a project, look at our Deployment page for more information. Alternatively, call C3SC at +1 866 799 2969.

Download and install VM Ware Workstation on a machine with at least 2 GB of RAM and 80 GB of available disk space, running Windows XP or 2000.

Build an initial virtual workstation (VM1) using Windows XP (SP2), Vista, or Windows 2003 Server (SP1). VM1 will need 512 MB of RAM, 30 GB of disk space, with CD-ROM and floppy devices attached. Install VM Ware Tools.

Create a second virtual hard disk (20GB) and attach it to VM1. This will be e:\ and will store everything related to the Deployment Workbench process.

Download and install the Windows Advanced Installation Kit on VM1.

Download and install the BDD 2007 Deployment Workbench on VM1 with the default values.

Setting Up Deployment Workbench

  1. Navigate to the programs menu Deployment Workbench and start the application
  2. On the left of the screen, select Information Center > Components.
  3. Ensure MSXML 6.0 and Windows Automated Installation Kit appears under the Installed section. If they are not listed there, click on the needed component from the list and click on the Download button, next to the Details field.
  4. Create a deployment point:
    1. On the left screen, click Deploy, and right click Deployment Point and select New. This action will start the Deployment Wizard. There are several options but for the sake of this description use Lab or single-server deployment.
    2. Name the deployment point LabDeployment, and leave the Allow users to select additional applications on upgrade box checked.
    3. Un-check the Ask if an image should be captured box.
    4. Leave the Ask user to set the local Administrator password box un-checked.
    5. Leave the Ask user for a product key unchecked.
    6. Specify the server name as VM1.
    7. Type the share name: Distribution$
    8. Set the path for the share as E:\Distribution
    9. Select Do not save data and settings. The migration of user data and application settings will be covered in a later section.
    10. Click Create.
  5. Add application: Office 2007
    1. On the left screen, under Distribution Share, right click Applications and select New. This action will start the New Application Wizard.
    2. Leave Application with source file checked.
    3. Enter as many details as possible for the application. Using MS Office 2007 as the example;
      Publisher: Microsoft
      Application Name: Office
      Version: 2007
      Language: US English
      Platform:; x86 platform only
    4. Insert the source media. Alternatively, if there is a network share, with a customized installation template, list that as the source. (To learn more about creating custom installations of MS Office for your environment go to Customizing Office 2007 Installations).
    5. Leave the directory name as Microsoft Office 2007.
    6. Enter the installation command line:
      setup.exe /adminfile MyOffice07.msp

      (where MyOffice07.msp is the customized installation template)

    7. Click OK to save the configuration.
  6. Add application: VM Ware Tools
    1. Mount the Windows.iso file as a CD ROM for VM1.
    2. Go to CD ROM and expand the source files to a temporary directory:
    Setup /a

      and follow the prompts.

      Note: it is possible that not all the files needed are extracted to the necessary directories. There should be (along with the MSI file) two sub-directories; Program Files and System32. Copy these directories from the original installation CD (Windows.iso), and over write the directories extracted by the setup program.

    1. Repeat steps a) through h) with appropriate settings for VM Ware Tools.
    2. To install VM Ware Tools in an unattended mode, use the temporary directory as the source media. When the files have been copied to the deployment share point the temporary directory can be deleted.
    3. Enter a directory name for VM Ware Tools.
    4. Use the command line:
    msiexec.exe /i "vmware tools.msi" /qn ADDLOCAL=ALL REBOOT="ReallySuppress" /log %tmp%vmtools.log
    1. Click OK to save the configuration.
  7. Add the Vista operating system files.
    1. On the left screen, under Distribution Share, right click on Operating Systems and select New. This action will start the New OS Wizard.
    2. Select Full set of source files.
    3. Insert the Vista CD and type the source directory d:\
    4. Leave the default destination directory name.
    5. Click Copy.
  8. At this point additional operating system packages would be added, such as hotfixes, service packs and language pack. However, just the base operating systems will be installed in this example.
  9. Add addition out-of-the-box drivers.
    1. On the left screen, under Distribution Share, right click on Out-of-Box Drivers and select New. This action will start the New Driver Wizard.
    2. Navigate to "C:\Program Files\VMware\VMware Tools\Drivers\vmxnet" and select vmware-nic.inf. Repeat for vmxnet.inf and ..\video\vmx_svga.inf

Adding a Workstation Build Configuration

  1. In Deployment Workbench, in the left screen, right click on Builds and select New.
  2. Enter the following settings:
Build ID: Vista-Office-1
Build name: Vista and Office 2007 base build.
Build comments: Install Vista OS, VM Ware Tools, and Office 2007 on a new machine.
  1. Select the operating system to use. The list should contain the operating system loaded in step 7) of the previous section.
  2. For testing purposes select Do not specify a product key at this time.
  3. Add Full Name, Organization, and Home Page settings appropriate to the environment.
  4. Specify the Administrator password: P@55w0rd.
  5. Hit Create.

Creating a Lite Touch PE Boot Disk

  1. On the left screen, click Deploy, and Deployment Point.
  2. The deployment point created during stage 4) of the previous section will be listed on the center screen.
  3. Right click on the deployment point and select Properties.
  4. Click on the Windows PE tab.
  5. Check the box Generate a Lite Touch bootable RAM ISO image, and clear the other three check boxes in the Images to Generate section of the screen.
  6. Ensure all the check boxes are checked for the Driver Injection section and click OK.
  7. Right click on the deployment point again and select Update. Deployment Workbench will build the ISO file.

Building a workstation with the Lite Touch bootable ISO

  1. Transfer the ISO image file, E:\Distribution\Boot\LiteTouchPE_x86.iso, to the host operating system. (e.g. drag the file from the virtual machine and drop it on the host machine desktop).
  2. Create a new virtual workstation within VM Ware, named VM2, with 512MB of RAM and 20GB of disk space.
  3. If an ISO mount utility is available to emulate a CD ROM drive, mount the ISO file as a drive letter. Configure the new virtual machine, VM2, to use the new host operating system "physical" CD ROM drive. Alternatively, configure the new virtual machine, VM2, to use the ISO file directly. (The first method is preferable. Using the ISO file directly with VM Ware and Vista has, occasionally, caused unpredictable results).
  4. Boot the new virtual workstation, VM2.
  5. The Windows Deployment wizard will start.
  6. Select the keyboard layout, e.g. United States.
  7. Change the computer name to VM2.
  8. Select Join a Domain and fill in the credentials fields (e.g. vista, joiner, l3TME1N, vista).
  9. Select Do not restore user data and settings.
  10. Select the operating system image created in section 8) of Setting Up Deployment Workbench.
  11. Enter credentials for connecting to network shares (e.g. administrator, P@55w0rd, vista).
  12. Use the default No product key is required.
  13. Select Location and Keyboard from the lists (e.g. US English).
  14. Select a time zone (e.g. Eastern Standard Time).
  15. Check the check boxes of available applications for Microsoft Office 2007 and VM Ware VM Tools 5.5.
  16. Choose a local (VM2) administrator password (e.g. P@55w0rd).
  17. Click Begin.
  18. When the build is complete, restart the computer and validate the applications and settings.
▲Top of page
Did you know?
An average of $1,300 is spent per employee in companies of $10m revenue or less.
This is 10 times greater than companies with revenue of $100m - $1bn. Unable to realize the economies of scale, smaller companies spend disproportionately higher amounts on security - learn how to leverage lessons learnt by larger companies.
Many security initiatives fail to have longevity.
Because they are not presented to senior management as a business need they lack the authority to be prioritized.
Live CD
If you want to test a new/different version of Linux, there are many "live CD" distributions that allow you to boot into the operating system without needing to install it on the hard drive.
Many wireless access points, public and private, are open.
In a study of 2600 around Indianapolis, researchers from the University of Cambridge found 46% running with no encryption, and many were still using default settings.
Wireless networks are more vulnerable to hackers - so they need additional protection.
Encryption technologies such as Wi-Fi Protected Access can help. Although there are weaknesses with WEP, some legacy systems do not support more modern protocols like WPA, and so WEP is still better than nothing and will deter most casual eavesdropping.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com