(iBoyd)

Injecting Intel Matrix Mass Storage Drivers into a Windows XP WIM

In Classroom and Lab Computing, we use sysprep in our Windows XP imaging process so that we can support the various computer models that comprise the 4000+ computers participating in CLM, both at University Park as well as several other campuses at Penn State. Using the tools and techniques that we have developed, we are able to apply our single OS image to a machine in about 5 minutes using a USB drive. After that, the USB drive can be removed and the machine will continue to build completely unattended. Not only is the process really cool, it saves a lot of time. However, sysprep for Windows XP isn’t perfect, and with newer hardware we have run into a few caveats.

The Problem

While updating our XP image last year, we ran into a snag where the new model (a Dell Optiplex 755) refused to build when SATA operation was set to AHCI in the BIOS. This was due to a missing Intel Matrix Storage driver. Normally, drivers can easily be added to a sysprep image by injecting them into a folder within the image and then adding them to OEMPnPDriversPath in Sysprep.inf. However, these drivers are not applied until midway through the mini-setup process that runs the first time Windows boots. Without having the correct Mass Storage Driver for booting the first time, Windows will blue screen (with stop error 0×0000007B) before it can even enter mini-setup. Now that many of Dell’s newer systems come with eSata ports, it is recommended that AHCI is used for SATA operation. There is a way to insert Mass Storage Drivers when sealing a sysprep image. However, we already sealed our image for this year and wanted to avoid another reseal. Fortunately, there is a way to manually inject the drivers into the image. It’s a bit tedious, but it does work.

Manually Injecting the Intel Matrix Storage Drivers into an Windows XP image

1. Download the Intel Matrix Storage driver (be sure it’s the latest version) from the Intel website or from the system manufacturer website. If using the Intel website, you will probably need to extract the drivers from the executable. This can be done by calling <filename>.exe -a -0 <folder path>. Folder path is the folder where the drivers will be extracted to.
   • Make sure that you have the following files: iaahci.cat, iaahci.inf, iastor.cat, iastor.inf, and iastor.sys.
2. Open iaahci.inf with a text editor. First, look in the [version] section for the ClassGUID. Copy and paste this somewhere. Next, look for the [INTEL_HDC] section. You will see syntax similar to this:

   %PCI\VEN_8086&DEV_2681&CC_0106.DeviceDesc% = iaStor_Inst, PCI\VEN_8086&DEV_2681&CC_0106

   The portion of the line that is in red is the HardwareID. Copy and paste the HardwareID portion of each entry in [INTEL_HDC] to a separate line in an empty text file. They will be important later on.
   Note: The [INTEL_HDC.ntamd64] section below, which is below this section, can be skipped. They are the same.

3. Open iastor.inf and note the ClassGUID.  Look for the [INTEL_HDC] again. The formatting should be the same. Once again, copy and paste each of the HardwareIds to a separate line in an empty text file.
4. Mount your Windows XP image using imageX (imagex.exe /mountrw <path-to-wim-file> <image index #> <mount-folder-path>) . If using Ghost, you will probably have to apply the image to a separate hard drive. Last time I checked, Ghost couldn’t edit disk images that were in NTFS format. By the way, now may be a good time to look at switching from Ghost to ImageX for capturing and applying your image.
5. Copy the driver files to the following folders:
   • Copy iaahci.inf and iastor.inf to <mount-folder-path>\Windows\inf
   • Copy iaStor.sys to <mount-folder-path>\Windows\system32\drivers
   • Copy iaahci.cat and iastor.cat to <mount-folder-path>\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}


The HKLM\systemxp\ControlSet001\Control\CriticalDeviceDatabase key

6. Next, the SYSTEM registry hive from the image must be loaded. Open the Registry Editor (Start->Run->regedit.exe). Click on HKEY_LOCAL_MACHINE and then go to File->Load Hive… browse to <mount-folder-path>\Windows\system32\config and select the file named SYSTEM. When prompted to give the hive a name, type systemxp. The systemxp registry hive should not appear below HKEY_LOCAL_MACHINE.
   Note: At this point, you should take a moment to browse to <mount-folder-path>\Windows\system32\config and make a backup of your SYSTEM file in case the registry changes break something.
7. Now that the driver files are in the right spot, a registry key must be created for each of HardwareIDs that we retrieved from iaahci.inf and iastor.inf.  The easiest way to do this is to create a .reg file that will add all of the entries to the hive. Create a blank text file and name it IntelMSD.reg. From a text editor, open IntelMSD.reg and set the first line to this:

   Windows Registry Editor Version 5.00

   Next, we need to create an entry for each of the HardwareIDs that we are adding. Here is what the syntax for each entry will look like:

   [HKEY_LOCAL_MACHINE\systemxp\ControlSet001\Control\CriticalDeviceDatabase\pci#ven_8086&dev_2929&cc_0106]
   "Service"="iaStor"
   "ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"

   The parts in bold are what will be changed for each entry. On the first line, the red text is where the HardwareID for each entry will go. The second line is the same in each entry. The third line is where the GUID associated with that entry will go. The two ClassGUIDs that were retrieved in steps 2 and 3 will be used here. Make sure that the GUID you put is the one that was in the same .inf file as the HardwareID.

   Note: I realize that this part was a bit tricky. You can compare your .reg file with mine here to make sure your syntax is correct. Keep in mind that yours may have more entries, especially if it’s a newer version of the driver. Also, be sure that you have made a backup of your SYSTEM file in case the registry becomes corrupt.

8. In the registry editor, go to File->Import… and browse to the IntelMSD.reg. This will load all of the registry entries into the systemxp hive. To be sure, you can browse to HKEY_LOCAL_MACHINE\systemxp\ControlSet001\Control\CriticalDeviceDatabase and check for the entries yourself.
9. In addition to the entries created in CriticalDeviceDatabase, an entry for the iaStor service must be created. This registry file should apply the entries that are needed to HKEY_LOCAL_MACHINE\systemxp\ControlSet001\Services. To import it, go to File->Import… and browse to iaStor.reg.
10. In regedit, click the systemxp registry hive and then go to File->Unload Hive… This will unload the XP Image SYSTEM hive so that the image can be unmounted.
11. Unmount the image (or if using Ghost, recapture it). Test it on machines that have AHCI enabled (and use the Intel Matrix Storage Driver).

Other Mass Storage Drivers

Although I haven’t tested this, I am pretty sure that this process will work with other Mass Storage Drivers. The key to getting them to work is being able to read and understand what the inf file is doing. The Intel Matrix driver only required registry edits, and so it was fairly easy to do. For more information on inf file syntax, look at this MSDN page.

Windows 7 RC: First Observations

Only a few days after the Release Candidate of Microsoft Windows 7 was released, I took the plunge and installed it on my primary laptop. Previously, I was running Windows Vista Ultimate x64 and I was really disappointed in how sluggish the system felt, especially when entering or leaving hibernation. With little to lose except for a bit of time, I completely removed Vista and installed a fresh copy of Windows 7RC.Se

Setup and Configuration

If you’ve ever installed Windows Vista, the setup process for Windows 7 will be very familiar. While there are some minor aesthetic changes, the process appears to be mostly the same. However, one difference that you may have noticed is the spare 100-200MB partition in front of the system partion that setup creates automatically during a clean install. This partition is created so that Bitlocker can easily be activated later if the end user chooses to do so. As I will describe later, this makes enabling and configuring Bitlocker drive encryption very easy for the end user.

Once setup completed, I checked Device Manager to see what devices were missing drivers. For the most part, the Vista drivers for these devices worked fine. The Lenovow website did not have a working driver for the fingerprint reader, but I managed to find a beta version through the hardware manufacturer website. Overall, the install process was relatively painless.

Interface Changes

Clearly, Microsoft focused on the interface in this version of Windows. The first difference that most users are likely to notice is that the task bar has received a major overhaul. Open application windows are all grouped under a single icon in the task bar, and the title of each window is no longer displayed. Surprisingly, this isn’t a bad thing thanks to the new behavior of task bar icons. For example, hover over an application icon, and thumbnails of all open windows for that specific application are displayed above the task bar. If you then hover over one of those thumbnails, all other windows become transparent so that you can see the application window, courtesy of the new ‘Aero Peek’ feature. Right click on the icon and you are presented with additional application-specific options or items. For example, right clicking the Internet Explorer icon shows frequently visited sites, while right clicking the Remote Desktop Connection icon will show recent and pinned remote desktop connections.

Hovering over the very right side of the task bar sets open windows to transparent so the desktop is visible. Clicking the right side of the button minimizes open windows, just like the 'Show Desktop' icon in previous versions of Windows.

The ‘Show Desktop’ icon that was in the quick launch menu  in previous versions of Windows is now a permanent, yet inconspicuous, part of the task bar. Clicking on the thin blank button on the right side of the task bar will minimize all open windows so that the desktop is visible. However, if you only need to see the desktop and would rather not minimize all open windows, you can hover over this area instead of clicking it so that windows are temporarily transparent.

I’m sure there will be users that will cringe at the idea of learning to use a new task bar with different behavior, especially since the former has been in use since Windows 95. However, after a few hours of using it, I’d imagine most users will be comfortable with the new features and concepts that this task bar introduces.In my opinion, it is significantly improved. In the long run, I think most users will be happy with this change and will have a hard time looking back.

Bitlocker is a Bit Better

Hard drive encryption has become a hot topic recently, especially in the realm of laptops and mobile devices. The implications of data loss or theft are far reaching and, depending on the industry, can result in a company receiving large fines, fiscal losses,  negative public image. To defend against this, organizations have started to mandate hard disk encryption in order to prevent data from stolen or lost devices from being recovered by malicious third parties.

Turning the Bitlocker feature on and off in Windows 7 is very easy.

This time around, Microsoft did things right and pre-configured the hard disk partitions during setup to support Bitlocker encryption. Turning on Bitlocker is very easy in Windows 7 (assuming your computer has a Trusted Platform Module). Simply go to ‘Bitlocker Drive Encryption’ in the control panel and click ‘Turn on Bitlocker’. The wizard will go through the process of saving a recovery key and then proceed to reboot the system and configure the Trusted Platform Module. After booting, existing files on the hard drive are encrypted in the background. The machine is still usable during this process. The disk encryption process finished in about 2 hours on my laptop. Since encrypting the drive, I have noticed little performance impact. Even my battery life seems to have remained fairly consistent.

Intuitive Device Management

Not only was pairing my Windows Mobile phone easy, the Windows Mobile Device Center was automatically installed afterward.

Microsoft seems to have tried to streamline the administration and configuration of peripherals for the in Windows 7. A new area in the control panel, called Devices and Printers, allows users to quickly view and add device connections to their system. Previously with Windows Vista, I had inconsistent results establishing a Bluetooth connection with my Windows Mobile phone. Sometimes it would work great, but most of the time it took several tries to actually get the laptop and phone to pair and begin a sync. With Windows 7 RC, my experience was quite intuitive. From “Devices and Printers” in the control panel. I clicked ‘Add a device’ and selected my mobile phone, which Windows had automatically found.  A pre-generated code was displayed to pair my phone. After entering the code on my phone, the pairing was complete and the phone appeared in the devices list. If that wasn’t easy enough,  Windows 7 proceeded to detect that the phone was a Windows Mobile device and automatically began installed the Windows Mobile Device Center. Impressive.

There’s More

I’m continuing to find other new features and changes in Windows 7 that I really like. Some of these changes are more subtle than others, but the majority of them seem to share a common goal of making the interface more intuitive, responsive, and efficient to the end user. Even the minor changes to components, such as the Resource Monitor and the wireless connection task tray feel like great improvements when compared with previous versions of Windows. And to compliment all of this, Microsoft seems to have made no compromises in the areas of security, reliability, and performance. Microsoft really seems to be taking the shortcomings (both real and perceived) of Vista seriously. As for me, I am going to continue using the release candidate and look forward to the official release of Windows 7 at the end of this year.

Faux Security

A few weeks ago I was reminded that it still isn’t common knowledge that antivirus software will not protect your computer from all threats. A conversation with a family member that works for a small business revealed  that their “IT Guy” thinks Windows Updates aren’t necessary, yet he continues to install antivirus software on workstations religiously. Unfortunately, that could not be further from the truth. Keeping your Windows machine properly patched is, in my opinion, more important than having antivirus software. Attackers are known for using worms that attack the vulnerabilities of a Windows machine from the outside without user interaction.  The conficker worm is just the latest example of how improperly patched Windows machines can be compromised remotely and completely outside of the protection of antivirus.

Think that your firewall or router is protecting you from attacks like this? Think again. Once one compromised machine is on the network, all bets are off. Infected machines can be used by attackers to completely circumvent the firewall and infect any other vulnerable machines on the network. Mobile devices that roam from network to network can make matters worse by being the carriers of these infections, much like influenza is spread by humans. Worms like Conficker waste no time gathering personal data, logging keystrokes, and propagating to other systems. In Conficker’s case, the infection spread incredibly fast. In January, the infection count jumped from 2.4 million to 9 million Windows machines in just four days.

Clearly, there are a significant number of users with a false sense of security. It is estimated that 30 percent of the Windows machines connected to the internet are unpatched. I’m guessing that a lot of the same users that aren’t updating Windows believe their system is secure because they have installed antivirus software. This is just one of the many myths that many computer users believe today.

Please spread the word to your friends, family, coworkers, and acquaintances that Windows Updates ARE EXTREMELY important to the health of their PC and that Windows Updates, firewalls, and antivirus applications by themselves are not an all-inclusive solution to computer security.  Instead, all of these security tools should be used in order to effectively protect a computer.

SCCM: Content downloaded to the client does not match the content specified in the content source

There are some software packages that introduce a lot of interesting complexities that SCCM  2007 gets confused by. One of the applications that I was trying to test and deploy was giving me a particularly interesting problem: all of the clients downloaded the package, but when they checked the content, it did not match the source.

The error, which had an ID of 10057, was found by going to System Status -> Advertisement Status -> <advertisement name> -> Show Messages on the actions pane:

The program for advertisement “SIT00001 has failed because download of the content “SIT00029″ – “Per-system unattended” has failed. The download failed because the content downloaded to the client does not match the content specified in the content source.

Possible causes: The content on the distribution point has been manually modified, or a local administrator on the computer has modified the content in the computer’s hash. Solution: Refresh the content on the distribution point and retry the download.

The solution seemed obvious: update the distribution points. But multiple tries, including recreating the package and advertisement completely, did not fix the problem. Finally, I stumbled upon a forum post that helped me narrow the problem down to one of two scenarios:

Binary Differential Replication – If this is enabled in the package configuration, some packages seem to fail. I’m assuming that they can’t handle this kind of replication and several of the files become corrupt, creating a hash mismatch. This can be turned off by opening up the package properties, going to the Data Source tab, and unchecking Enable binary differential replication. This wasn’t my problem because I hadn’t enabled binary differential replication.

Hidden Files – Apparently, if the package source contains hidden files, SCCM may not calculate the correct hash for the package and clients could encounter an error. I found a quick way to check this using the command line:

1. Open up a command window in the root director that contains your package source files.
2. Type Dir /S /A:H and hit enter. Depending on the package, you may be presented with several directories with multiple hidden files.
3. Trying to remove the hidden attribute on all the files with the GUI would be tedious, so just use this command instead: attrib -H /S
4. Update the distribution points.

The package finally verified properly and the advertisement completed.

Troubleshooting SCCM and BITS Downloads

If you’re planning on using System Center Configuration Manager 2007 for its ability to distribute software over the internet and throttle large file transfers to avoid saturating the network, you may end up spending a lot of time scratching your head when packages start downloading to a client and then suddenly stop.

Such was the scenario I experienced while testing BITS with one of the applications we plan to deploy to clients. The client machine would begin the transfer and start the download… and then stop. Even worse, the issue never resolved itself, even when the machine was left running overnight. Since the issue was less-than-obvious (hint: It was not SCCM that was misconfigured) I decided to list a few tips in the BITS troubleshooting process that may be of use to others.

Deploy Vista install.wim on any drive you like (as long as it’s D:\)

Source: xkcd.com

While designing and testing a deployment process for Windows Vista using System Center Configuration Manager 2007 I ran into a seemingly obscure problem: Vista refused to use drive letter C as the OS Volume and instead chose D as the system drive letter. The result is that the root of the system drive was D:\ instead of C:\, which is something that legacy applications are not fond of.

This would seem like an easy problem to resolve. Surely, it is caused by the way the disk is partitioned or perhaps the drive letter that SCCM applies the image to is incorrect. Perhaps it’s a registry setting in the image file that needs to be modified offline. I experimented with all of these things, with no luck. Finally, I came across a technet blog entry that I had missed with previous Google search queries:

Several people have tried to use the install.wim from the Windows Vista installation media in an Install an existing image package task sequence.  They are surprised to discover that, upon completion, the operating system is on the D: drive instead of the C: drive. The short explanation for why this happens is that the operating system volume for the images in install.wim is D:.  In other words, when the image was captured, the reference machine had the operating system on volume D:.  Why this is the case for the install.wim that ships on the Windows Vista installation media is beyond the scope of this blog.

So essentially, you can’t use the install.wim image from Vista in SCCM if you want to use C for the system drive letter. That would have been nice to know….

Areca Backup

Some time ago, I devised a scheme for backing up my critical data that was both simplistic and inefficient. Every other morning at 4:00am I would create an image of my hard drive using DriveImageXML and then copy it to my NAS using the Windows Task Scheduler. This worked great for a while. However, as my hard drive contents grew it began to take too long to do these backups. Moving into an apartment that required me to use a wireless network was the final nail in the coffin and I finally discontinued this practice.

Since then, I have tried several different free backup solutions. None of them worked quite how I liked, for various reasons. Additionally, many of the ones that promised “set it and forget it” features rarely worked as advertised. In fact, after a month of using AceBackup I discovered my automated backups weren’t working for some reason. When a backup application has failed once, it’s hard to trust it again with such a critical task. I’ve heard a lot of great things about Jungle Disk but was reluctant to start paying monthly fees for a backup service that I ought to be able to handle myself.

Then, I stumbled upon the open source utility Areca Backup while looking for an acceptable backup solution for my work machine. Had I noticed at first that it was written in Java, I probably wouldn’t have tried it. However, I went ahead and installed it and I must say that this is the best backup utility that I have come across, at least for my needs.

Getting e-mails after backups is also a nice feature. Custom e-mail notifications can be set up for each backup. I setup mine to tell me in the subject of the e-mail if the backup was successful (1) or not (0). That way, I can filter successful backups that I don’t need to see to a reports folder while still getting the message when a backup fails.

The user interface of Areca Backup is surprisingly intuitive. I was able to create a compressed, encrypted, network-based backup with little trouble at all. There are several storage modes and backup types and backups are very fast. The coolest part about this software is the logical view screen. It allows the user to peek into their backups at files and restore any version of a file that they please. To recover, simply right click and select Recover… and then point to the folder where you want the recovered file(s) placed. Another incredibly useful feature is the ability to search within your archives for files.

The only part of this backup utility that seems half-baked to me is the scheduled backups feature. Areca does not run as a service (which can be good and bad) so it is up to the user to create a Windows Scheduled Task to automate archiving. Fortunately, the Areca has a feature that will automatically create the batch file with backup commands so that the user is only required to point their scheduled task to execute a file instead of manually entering the command line parameters. I can live with that.

Overall, this seems like a great open source project and I am impressed with how the software has worked so far. My plan is to start using this at home for backups both to my NAS and an offsite FTP/SSH server. Check it out.

Super Talent Pico Drive

For deploying Windows XP to computers in our lab environment, we use 2GB 200x USB drives manufactured by Apacer. The reason for using these drives is simple: They are much faster and more reliable than DVD media. For Vista, we need to upgrade to 8GB drives (4GB would probably work for now, but having some padding is nice). The 8GB version of thet Apacer drive is very expensive (some retailers have it listed at over $100). Since we will eventually need to buy a lot of 8GB drives, I decided to look for some chreaper alternatives that have similar performance. I came across the Super Talent Pico Drive, which has fairly good performance reviews when compared to the Apacer drive. At $26, it’s a bargain. I decided to order one for testing.

I was shocked at how small this drive was. I would be reluctant to put most USB drives on my keyring because they are too bulky but this drive is really perfect accessory to your keys. The USB connector folds out of the casing. The one thing I dislike about the connector is that it allows you to put the key in to a USB slot backwards, so you have to pay attention when plugging it in.

In terms of performance, it is plenty fast for what we need. It is definitely faster than DVD media and may even have faster reads than the Apacer models we have used. If I have time someday I will do a side-by-side comparison. Writes to drive, while not blazing, are definitely fast enough for our needs since we only need to read data from the drive during our build process.

The verdict is still out for the sturdiness of this device. The USB connector is constructed of plastic that seems to scratch easily. I’m not sure if this will cause problems down the road. When the connector is folded into its case it seems to be fairly safe from unintentional damage.

Overall, I am really impressed with this USB drive. Having a USB drive with both gobs of space and great performance is spectacular, especially at this price. Super Talent has several other models that we may look at in the future.

How do I know if I am registered to vote?

It may sound like a silly question, but I found myself wondering this evening if I was actually registered to vote. I couldn’t remember any confirmation for my registration and I had no idea how to find out. It turns out that if you live in Pennsylvania you can verify that you are in fact eligible to vote for this election using the Voter Registration Status web page. You can also find your polling location. Fortunately, I will be headed to the polls next week.

SCCM 2007

At work I have been assigned the task of creating an automated Windows Vista deployment using Microsoft System Center Configuration Manger 2007. With Windows XP, we manually created an automated deployment using BartPE and batch files. After the operating system was installed and the machine was joined to the domain, group policy would handle software deployment via MSI files.

Why are we looking to use SCCM when there is an additional per-machine cost? Well, we see several advantages that we need in order to be able to continue to expand out Computer Management project:

• No MSIs required – SCCM will hopefully allow us to deploy software without needing an expensive packaging application such as WISE. Not to mention, there are a lot of applications that work very poorly when packaged with MSIs, such as Office 2007 and Adobe Creative Suite). Furthermore, there are some MSI packages that conflict with others and can inevitably make a machine build fail.
• Better software deployment management – Hopefully, SCCM will allow us to be more granular when it comes to choosing which computers get what software.
• Machine Inventory/Queries – Currently, we use applications developed in-house to perform WMI queries against machines for Inventory purposes. Inventory is stored in a SQL database and queries can be performed using a web page. Quite frankly, this is code we would rather not maintain in the future. The SCCM Configmgr interface should allow us to inventory machines while also to grant access to are partners to that they can query their machines. In other words, we no longer have to reinvent the wheel. Inventory should also be more reliable.
• Offsite deployment – Currently, any machines in CLM must be connected to the Penn State network in order to be managed and receive software. This makes managing offsite devices, such as laptops, impossible. SCCM has functionality that could allow us to manage and deploy software to offsite systems through HTTPS.
• Streamlined Operating System Deployments – Thanks to the Operating System Deployment (OSD) portion of SCCM, we will hopefully be able to rapidly create, configure, and deploy Windows to machines using a variety of distribution mechanisms including PXE, USB Drives, and DVD Media. We hope to incorporate all of the features of our current imaging process into this. SCCM OSD also uses ImageX to create images similar in the way that Symantec Ghost does. This should eliminate our dependency on Ghost licensing.

We’re still investigating SCCM and there are several experiments under way. One thing that I have found is SCCM does not support OS deployments via a restore partition on the physical disk. This is a requirement for us because we have a lab environmment where an entire lab of 50+ machines may need rebuilt over. Pushing out the OS over the network could eat up a lot more bandwidth than is necessary. We will have to find a way to work around this, which probably means throwing out the native SCCM boot shell (TSBootShell.exe) and writing a simple one that meets our needs.