Over the years I have managed a few applications that are time sensitive in recording when certain things were logged. This has caused issues when some computers update time and some get behind. Users have trouble understanding why they did something at one time but it was recorded as another. I did find a few commands that can help remedy this problem.
To check Windows Time Service configuration.
w32tm /query /configuration
To configure a standalone server or domain controller for an external time source.
After a lot of googling this morning I was able to find out how to determine the version of the Windows ISO file. This was important to me because I needed to know if the ISO I had included SP1 or not. This should work for Vista and up, basically any windows that has WIM files within.
First you will need to mount the ISO file to a computer so you can browse it. Then open up a command prompt as administrator and run the following command.
A couple of months back I was installed some communication software that made a VPN connection to the main server. It used OpenVPN to establish the connection and worked fine as long as your were an administrator on the PC. As I researched it further it installed a service and required that service to run on demand when the user launch the program. Since your standard limited user does not have privileges to start and stop services the application would fail to connect to the server.
So now the question becomes, how do you add permissions to a service?
Microsoft has an answer with a little known command line application called subinacl. This application allows you to view and edit security information for files, registry keys, and services. This can be handy if you are writing a script to change permissions on registry keys or files but the real power lies within the ability to edit the security information on services.
The syntax for subinacl: SUBINACL /SERVICE \\MachineName\ServiceName /GRANT=[DomainName\]UserName[=Access]
The Access parameter is broken down like this:
F : Full Control
R : Generic Read
W : Generic Write
X : Generic eXecute
L : Read controL
Q : Query Service Configuration
S : Query Service Status
E : Enumerate Dependent Services
C : Service Change Configuration
T : Start Service
O : Stop Service
P : Pause/Continue Service
I : Interrogate Service
U : Service User-Defined Control Commands
For my example I just needed to allow the Domain Users group access to run the OpenVPN service.
You may need to execute this from the folder where subinacl.exe is located. Also if it is running the command on a local system you can just type the name of the service and not the UNC path to the service.
There are millions of workstations out in the world and I’m sure you have deployed your fair share of them. I recently received 25 brand new Dell Optiplex 760s to replace our GX270s that are getting close to the six year mark. I thought I would take this chance to document the process and share it.
For the imaging process to work well you need PCs that have the same hardware, this makes it very simple to make an image for one PC and use it over and over again and get the same result every time. You can build an image on one model of PC then load it on a different one but it will most likely be missing drivers, but then if you load drivers and make a new image it will now support both types of computers. This won’t always work but it has with similar hardware like Dell Optiplex 740 / 745 / 755 / 760. I typically just have one type of image for each type of computer that I have, which just makes things simple.
Before getting to far into this you will need to download and install an FTP server. You can put this on just about any workstation but keep in mind you will have to store disk images and it will be busy doing transfers when you are imaging PCs so you may want to make it a box that doesn’t do much. For an FTP server I would have to suggest Filezilla FTP Server, it runs on Windows fast, free and open source. For imaging software you will need to download the latest version of G4L or Ghost for Linux, you will need to burn the ISO image to a CD and use this a boot CD to backup or restore an image. Don’t let the Linux scare you, it has an easy to use menu that can allow anyone to image PCs.
Load PC to User Ready
Now that you have your batch of PCs, go ahead and load one up. Be sure to install software suites like Microsoft Office and any other utilities that may be necessary for you environment. You can join it to a domain however keep in mind it isn’t a good idea to join it to a domain then join it to a different domain depending on the settings you have, they may conflict.
Prepping a Windows Based Image for G4L
Once you have your PC happy with all the settings and software installed, start the clean up process. Go remove all Temporary Internet Files and History by going to Start > Control Panel > Internet Options, on the General Tab under Browsing history, click on the Delete… button, then Delete all.. at the bottom of the dialog box and confirm Yes. This will remove any browsing that you may have done while setting up the computer and loading drivers. Next, go to My Computer, right click on Local Disk (C:) go to Properties. Now on the General Tab, click on Disk Cleanup. Check all the items except Compress Old Files. Next go to the More Options tab and locate the System Restore Section and click on Clean Up and confirm the dialog box. This will remove any System Restore points that you don’t need and should free up some disk space. Press OK at the bottom and it should Clean Up the disk. Next do a defragmentation of the drive. You certainly don’t wanna be passing out new PCs with slow fragmented drives. You can just use the standard windows utility for that, since there shouldn’t be that much to fix. After that completes, you need to wipe the free space, the best tool that I have found for this is called Disk Redactor. Don’t let the cheezy website fool you, this is a good free tool that makes the free space empty. This is key because you don’t wanna backup an entire disk full of free space that has junk in it. It will make your disk image much larger than it needs to be. This part takes a while (depending on the size of your drive) so go find a nice cold beverage so you can be refreshed when it finishes. Once this finishes, Uninstall it, I can recall several times I have made images and accidentally left it installed. Trust me you don’t want your users calling you about it. Now it is Sysprep time, although sysprep is very powerful and can automate the windows setup, that is not the route we are going today. Simple always seems to be key for me. To install sysprep extract the sysprep version to C:\sysprep inside of there run sysprep.exe. I will warn you about SIDs and then give you some options. Click use mini-setup and click Reseal. Once the utility completes it will shutdown the PC.
Backing up an Image Using G4L
Power on the PC and insert the G4L CD and boot to it, either though a change in the bios or most Dell computers you can press F12 and get a boot menu. Once it has booted to CD you should receive a screen asking for which kernel just select the one that is highlighted by default. It should load two files then go in to awesome Linux boot script mode in which it detects the hardware just wait for this to finish. You should next receive some information about this project and the people behind it, just next on though it. A little more detection for network stuff and finally you should be presented with the G4L command line. Simply type G4L this will ask a few more things. Now, select Yes and accept the license agreement. Next, select RAW, this supports all file systems. Select Network Use because we want to copy the image to the FTP server. Lastly, fill out this screen based on your Network, you will need to specify the IP of the server for Config FTP as well as the username and password, Config useridpass, and a filename Config filename, change the compression to your preference I use Gzip but any one of these will do equally well. When naming the image you may want to consider putting parts of the computer model, OS, Service pack, or Hard Drive size, this will help in the future when you have 20 images and want to make sure you get the right one on the right workstation. When you have all your options in there select Backup and it will confirm your options with you one last time and then show you a progress bar. This part can take sometime to finish but once the image is uploaded you can start imaging it to other workstations. I have attached some screenshots of the G4L program so you can get a feel for where these items I talk about are located in the menu structure.
Restore an Image using G4L
To image a workstation boot to the G4L CD and go though the menus except select the Restore menu option instead of backup and it will transfer the image to the new workstation.
There always comes a time when you are replacing the old with the new, but the real question is what to do with the old. Usually computers get resold, given away or recycled, however all of these things could lead to a compromise in information security. The easiest way to prevent this from happening is to wipe the hard drive with a DoD Compliant wipe. The easiest way to get this done is to use a great free program called Darik’s Boot and Nuke. This program allows you to boot a computer and nuke the hard drive from being recovered using computer forensics. However rather than just burning this one program on a CD I would suggest downloading the Ultimate Boot CD. This CD contains tons of great utilities for troubleshooting and working on PCs and should be a part of any administrators toolkit.
Well to get started wiping your old PCs hard drive, you will need to burn the Ultimate Boot CD to a CD and boot to it by either changing the boot order in the bios or getting to a boot menu where you can select which device to boot.
The first screen you should see once you have successfully booted to the CD will ask you to press enter to boot to the UBCD.
Next you need to select “Hard Drive Tools” then “Wiping Tools” and finally “Darik’s Boot and Nuke V1.0.7”. Once there it will take a minute to load, if it doesn’t it may not support your hardware / hard drive. However I haven’t run across a computer that it wouldn’t wipe.
Once it loads up hit the (M) key to select method and change it to your preference, I typically use the “DoD 5220.22-M” method because this is what the military uses, and if it is good enough for them it is good enough for me.
Once selected, be sure to press the space bar and select the drive or drives you wish to wipe and then press F10 which will let wiping commence.
Now go grab some dinner with a friend or a frosty adult beverage at the local tavern because it will be a while before it is complete (depending on the size of your drive).
Here are some screen shots that should help you step though the different screen just in case you get lost.