Adam Leinss’ Tech Tips

There are 10 types of people in this world: those who understand binary and those who don’t.

August 24th, 2008

Quick and Dirty ImageX

Update 8/26/08: Forgot about the WinPE 2.0 uberbug with diskpart.  See this article here.  To fix this, place the following in uberbug.reg and then add that to the menu

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VDS\ALIGNMENT]
“LessThan4GB”=dword:00000000
“Between4_8GB”=dword:00000000
“Between8_32GB”=dword:00000000
“GreaterThan32GB”=dword:00000000

Here’s a quick and dirty overview of how to replace Norton Ghost with ImageX. ImageX captures information about the file system, but nothing of disk structures (master boot record, sectors, etc). Therefore, in using ImageX, we need to include writing out the boot sector with bootsect.exe. Since ImageX is command line driven, the first order of business is finding a GUI wrapper. I found such a wrapper called GImageX. GImageX interacts directly with wimgapi.dll, therefore, some support files from Microsoft WAIK will be needed. Specifically, that includes: imagex.exe, intlcfg.exe, wimgapi.dll, wimfltr.inf, and wimfiltr.sys.

I threw all of the files, including the WIMs I captured, on a network share with these support files (don’t forget bootsect.exe!). I then wrote a simple batch file:

@echo off
:TOP
regedit /s uberbug.reg
cls
echo Microsoft ImageX Menu by Adam Leinss
echo ————————————–
echo.
echo 1. Prep Disk (WARNING: THIS DESTROYS ALL DATA ON DISK!)
echo 2. Prep Boot Sector for Windows XP OS
echo 3. Prep Boot Sector for Windows Vista OS
echo 4. Run GImageX
echo.
echo 5. Exit
echo.
Set /P sel=Make your choice:
echo.
For %%a In (1, 2, 3, 4, 5) Do if “%sel%”==”%%a” Goto SELECT_%%a
echo Invalid selection. Valid values are 1 thru 5. Press Enter To continue
pause>NUL
Goto TOP
:SELECT_1
diskpart -s diskprep.s
Goto TOP
:SELECT_2
bootsect /nt52 sys
Goto TOP
:SELECT_3
bootsect /nt60 sys
Goto TOP
:SELECT_4
gimagex.exe
Goto TOP
:SELECT_5
Goto :EOF

The diskprep script I use:

select disk 0
clean
create partition primary
format quick
active
assign letter=C

This gets the disk nice and clean for us to use. This is never an issue with Ghost, as it writes out the file system sector-by-sector.

After cleaning the disk, you can pick either #2 or #3 to prep the boot sector depending on what OS you are going to deploy.

Finally, we run GImageX, click the Apply tab and pick the Source/Destination. Now you have an imaged PC, just like with Ghost!

I used the WinPE 2.0 install media from SCCM 2007 to boot the PC and connect to the network share, but you can use any favor of WinPE you want (BartPE, WAIK PE, etc).  I found decent WinPE 2.0 (Vista based) setup instructions here.

- Soli Deo Gloria

August 16th, 2008

Windows 7 Blog

Microsoft has just created a blog on the development of Windows 7, the successor to Windows Vista. There really isn’t anything exciting there now, but it might be worth checking out over time.

As you may have noticed, the postings on my blog have slowed down. June was the blog’s 3 year anniversary and I didn’t even post anything! I’ve been busy working on pushing out programs with SCCM 2007 and playing World of Warcraft. I think posting on SCCM 2007 may be a bit boring, as only high level companies are going to be running it and therefore will be out of reach of the common tech. We also upgraded to NOD32 from Symantec Antivirus, so I don’t really have any more spyware stories to whip up at this time.

-Soli Deo Gloria

May 30th, 2008

Sysinternals Live Site

All of Systinternals tools are available live @ http://live.sysinternals.com/

- Soli Deo Gloria

May 5th, 2008

Winrar 3.62 for Free

Found this on SlickDeals.net.  Appears you can snag Winrar 3.62 for free as it was given out to subscribers of a German PC magazine.

The rarreg.key file is given in the thread to register the software.

- Soli Deo Gloria

May 1st, 2008

Locking Down Specific Profiles with Local Group Policy

I recently had to lock down a profile on a user account running on a Terminal Services server. You think by 2008 Microsoft would have released a tool that would do this with ease. I tried SteadyState, but it would bomb out during the installation. Microsoft actually does have an article that describes how to do this here. Make sure you take some Excedrin before reading it.

There are two branches of Group Policy: computer and user. The computer settings are embedded in
registry.pol at %SystemRoot%\System32\GroupPolicy\Machine\registry.pol. The user settings are embedded in registry.pol at %SystemRoot%\System32\GroupPolicy\User\registry.pol. The computer settings are initalized when the OS boots, so you can not do any “switch-a-roo” with them, however, this will work with the user branch.

Not satifised with Microsoft’s solution, I did some Googling and found this article on Juice. The article is gear toward doing this across multiple computers over a network. The bottom line is that we can make the account we want to lock an administrator, login in and use gpedit.msc to lock things down in the user branch. When done, take the account out of the administrator’s group, go to %SystemRoot%\System32\GroupPolicy and grant the local Administrator’s group Deny rights to the whole folder. That way, anyone logging in will get the policy, except Adminstrators, because they don’t have rights to read the folder and thus the policies.

- Soli Deo Gloria

March 21st, 2008

Windows XP OEM Activation

Ran into an interesting problem when imaging a Dell D510 and placing that image onto a Dell D630. It appears the Dell OEM version of Windows XP doesn’t like hard drive cloning. When you would attempt to run msoobe /a, the space where installation ID was supposed to be was completely blank. Attempts to change the OOBETimer value among other things was unsuccessful.

The solution? Run sysprep. Somehow, sysprep has the magic to fix activation woes. After sysprep ran (we did the reseal option), we logged in and the installation ID was now being generated.

Did I ever mention what a pain in the neck Windows activation is? Oh yeah, only about a million times!

- Soli Deo Gloria

March 15th, 2008

Windows Server 2008 beats Windows Vista Performance

Someone dude from Microsoft took Windows Server 2008 and turned it into a viable desktop operating system. Performance gains over Vista vary in the 11%-%17 range according to to exo-blog.  This guy claims up 20% in his tests.

- Soli Deo Gloria

March 2nd, 2008

Fun With HP Printers

A few days ago I was seeing some weird messages on our HP Jetdirect printer. Doing a little Google searching I found out that it is possible to send messages to HP printer so they show on the LCD display! I found this utility you can install on Windows. Just install it, enter the IP address of the printer and put your message in. The message will be erased if the printer is power cycled.

If you do this at the work place: use caution. Your IT department may not like you very much if they catch you sending messages to their printers. :)

- Soli Deo Gloria

January 12th, 2008

When Local Administrator Isn’t Enough

Here’s an interesting problem called in by another tech to me. It seems that the tech was unable to delete some registry keys relating to UPS Worldship. He was logged in as a local administrator. Attempts to delete the keys came back as “Access Denied”. Upon trying to view the owner of said keys it was listed as “unknown”, nor could we take ownership of the keys. The only thing left was to try to run regedit under the local system account.

Microsoft defines the LocalSystem account as the following:

The LocalSystem account is a predefined local account used by the service control manager. This account is not recognized by the security subsystem, so you cannot specify its name in a call to the LookupAccountName function. It has extensive privileges on the local computer, and acts as the computer on the network. Its token includes the NT AUTHORITY\SYSTEM and BUILTIN\Administrators SIDs; these accounts have access to most system objects. The name of the account in all locales is .\LocalSystem. The name, LocalSystem or ComputerName\LocalSystem can also be used. This account does not have a password. If you specify the LocalSystem account in a call to the CreateService function, any password information you provide is ignored.

Getting regedit to run under local system can be done a number of ways, however, the easier way I found is to use psexec: “psexec -i -s regedit.exe”. Upon doing this, we were able to delete the registry keys.

You can verify that regedit is running under “NT AUTHORITY\SYSTEM” by running Process Explorer as administrator, drilling into PSEXESVC and clicking the Security tab.

- Soli Deo Gloria

January 10th, 2008