While designing and testing a deployment process for Windows Vista using System Center Configuration Manager 2007 I ran into a seemingly obscure problem: Vista refused to use drive letter C as the OS Volume and instead chose D as the system drive letter. The result is that the root of the system drive was D:\ instead of C:\, which is something that legacy applications are not fond of.
This would seem like an easy problem to resolve. Surely, it is caused by the way the disk is partitioned or perhaps the drive letter that SCCM applies the image to is incorrect. Perhaps it’s a registry setting in the image file that needs to be modified offline. I experimented with all of these things, with no luck. Finally, I came across a technet blog entry that I had missed with previous Google search queries:
Several people have tried to use the install.wim from the Windows Vista installation media in an Install an existing image package task sequence. They are surprised to discover that, upon completion, the operating system is on the D: drive instead of the C: drive. The short explanation for why this happens is that the operating system volume for the images in install.wim is D:. In other words, when the image was captured, the reference machine had the operating system on volume D:. Why this is the case for the install.wim that ships on the Windows Vista installation media is beyond the scope of this blog.
So essentially, you can’t use the install.wim image from Vista in SCCM if you want to use C for the system drive letter. That would have been nice to know….
Some time ago, I devised a scheme for backing up my critical data that was both simplistic and inefficient. Every other morning at 4:00am I would create an image of my hard drive using DriveImageXML and then copy it to my NAS using the Windows Task Scheduler. This worked great for a while. However, as my hard drive contents grew it began to take too long to do these backups. Moving into an apartment that required me to use a wireless network was the final nail in the coffin and I finally discontinued this practice.
Since then, I have tried several different free backup solutions. None of them worked quite how I liked, for various reasons. Additionally, many of the ones that promised “set it and forget it” features rarely worked as advertised. In fact, after a month of using AceBackup I discovered my automated backups weren’t working for some reason. When a backup application has failed once, it’s hard to trust it again with such a critical task. I’ve heard a lot of great things about Jungle Disk but was reluctant to start paying monthly fees for a backup service that I ought to be able to handle myself.
Then, I stumbled upon the open source utility Areca Backup while looking for an acceptable backup solution for my work machine. Had I noticed at first that it was written in Java, I probably wouldn’t have tried it. However, I went ahead and installed it and I must say that this is the best backup utility that I have come across, at least for my needs.
Getting e-mails after backups is also a nice feature. Custom e-mail notifications can be set up for each backup. I setup mine to tell me in the subject of the e-mail if the backup was successful (1) or not (0). That way, I can filter successful backups that I don’t need to see to a reports folder while still getting the message when a backup fails.
The user interface of Areca Backup is surprisingly intuitive. I was able to create a compressed, encrypted, network-based backup with little trouble at all. There are several storage modes and backup types and backups are very fast. The coolest part about this software is the logical view screen. It allows the user to peek into their backups at files and restore any version of a file that they please. To recover, simply right click and select Recover… and then point to the folder where you want the recovered file(s) placed. Another incredibly useful feature is the ability to search within your archives for files.
The only part of this backup utility that seems half-baked to me is the scheduled backups feature. Areca does not run as a service (which can be good and bad) so it is up to the user to create a Windows Scheduled Task to automate archiving. Fortunately, the Areca has a feature that will automatically create the batch file with backup commands so that the user is only required to point their scheduled task to execute a file instead of manually entering the command line parameters. I can live with that.
Overall, this seems like a great open source project and I am impressed with how the software has worked so far. My plan is to start using this at home for backups both to my NAS and an offsite FTP/SSH server. Check it out.
For deploying Windows XP to computers in our lab environment, we use 2GB 200x USB drives manufactured by Apacer. The reason for using these drives is simple: They are much faster and more reliable than DVD media. For Vista, we need to upgrade to 8GB drives (4GB would probably work for now, but having some padding is nice). The 8GB version of thet Apacer drive is very expensive (some retailers have it listed at over $100). Since we will eventually need to buy a lot of 8GB drives, I decided to look for some chreaper alternatives that have similar performance. I came across the Super Talent Pico Drive, which has fairly good performance reviews when compared to the Apacer drive. At $26, it’s a bargain. I decided to order one for testing.
I was shocked at how small this drive was. I would be reluctant to put most USB drives on my keyring because they are too bulky but this drive is really perfect accessory to your keys. The USB connector folds out of the casing. The one thing I dislike about the connector is that it allows you to put the key in to a USB slot backwards, so you have to pay attention when plugging it in.
In terms of performance, it is plenty fast for what we need. It is definitely faster than DVD media and may even have faster reads than the Apacer models we have used. If I have time someday I will do a side-by-side comparison. Writes to drive, while not blazing, are definitely fast enough for our needs since we only need to read data from the drive during our build process.
The verdict is still out for the sturdiness of this device. The USB connector is constructed of plastic that seems to scratch easily. I’m not sure if this will cause problems down the road. When the connector is folded into its case it seems to be fairly safe from unintentional damage.
Overall, I am really impressed with this USB drive. Having a USB drive with both gobs of space and great performance is spectacular, especially at this price. Super Talent has several other models that we may look at in the future.
It may sound like a silly question, but I found myself wondering this evening if I was actually registered to vote. I couldn’t remember any confirmation for my registration and I had no idea how to find out. It turns out that if you live in Pennsylvania you can verify that you are in fact eligible to vote for this election using the Voter Registration Status web page. You can also find your polling location. Fortunately, I will be headed to the polls next week.
At work I have been assigned the task of creating an automated Windows Vista deployment using Microsoft System Center Configuration Manger 2007. With Windows XP, we manually created an automated deployment using BartPE and batch files. After the operating system was installed and the machine was joined to the domain, group policy would handle software deployment via MSI files.
Why are we looking to use SCCM when there is an additional per-machine cost? Well, we see several advantages that we need in order to be able to continue to expand out Computer Management project:
No MSIs required – SCCM will hopefully allow us to deploy software without needing an expensive packaging application such as WISE. Not to mention, there are a lot of applications that work very poorly when packaged with MSIs, such as Office 2007 and Adobe Creative Suite). Furthermore, there are some MSI packages that conflict with others and can inevitably make a machine build fail.
Better software deployment management – Hopefully, SCCM will allow us to be more granular when it comes to choosing which computers get what software.
Machine Inventory/Queries – Currently, we use applications developed in-house to perform WMI queries against machines for Inventory purposes. Inventory is stored in a SQL database and queries can be performed using a web page. Quite frankly, this is code we would rather not maintain in the future. The SCCM Configmgr interface should allow us to inventory machines while also to grant access to are partners to that they can query their machines. In other words, we no longer have to reinvent the wheel. Inventory should also be more reliable.
Offsite deployment – Currently, any machines in CLM must be connected to the Penn State network in order to be managed and receive software. This makes managing offsite devices, such as laptops, impossible. SCCM has functionality that could allow us to manage and deploy software to offsite systems through HTTPS.
Streamlined Operating System Deployments – Thanks to the Operating System Deployment (OSD) portion of SCCM, we will hopefully be able to rapidly create, configure, and deploy Windows to machines using a variety of distribution mechanisms including PXE, USB Drives, and DVD Media. We hope to incorporate all of the features of our current imaging process into this. SCCM OSD also uses ImageX to create images similar in the way that Symantec Ghost does. This should eliminate our dependency on Ghost licensing.
We’re still investigating SCCM and there are several experiments under way. One thing that I have found is SCCM does not support OS deployments via a restore partition on the physical disk. This is a requirement for us because we have a lab environmment where an entire lab of 50+ machines may need rebuilt over. Pushing out the OS over the network could eat up a lot more bandwidth than is necessary. We will have to find a way to work around this, which probably means throwing out the native SCCM boot shell (TSBootShell.exe) and writing a simple one that meets our needs.
An increasing trend lately seems to be the creation of malware targeted not only at Operating System vulnerabilities but also vulnerabilities that target popular applications such as Adobe Acrobat, Mozilla Firefox, VideoLan Media Player. In many ways, these vulnerabilities can be more appealing to an attacker.
One possible reason: most modern Operating Systems, hotfixes and patches are typically installed automatically. This means that a majority of systems can be patched in a short period of time, greatly reducing the lifespan and impact of a vulnerability. On the other hand, many applications have no automatic update mechanism. Users often forget to update software until there are significantly improved features in a newer version. This can help increase the useful lifespan and impact of a vulnerability, giving attackers more incentive to take advantage of them.
Although it has become clear that maintaining a secure system now means that all software on the system should be kept up to date, finding a solution to do this quickly and accurately has been reason enough to forget about the problem. However, there is software that may help save time performing application maintenance. Secunia’s Personal Software Inspector (PSI) automatically scans a system regularly for any and all applications that have known vulnerabilities. Additionally, PSI will help resolve software vulnerabilities by providing links and instructions for updating vulnerable software.
Secunia PSI is available at https://psi.secunia.com/ . As of this posting, it is still in the Release Candidate stage. However, I have not had any issues running it on both Windows XP and Vista.
One of the most interesting things I discovered with Secunia PSI is that when I updated the Java Runtime in the past, the older versions were not uninstalled automatically. While this may be for compatibility purposes, I had several versions of Java installed on my computer that were vulnerable. Be sure to uninstall older versions of the Java Runtime if you don’t need them.
The expressed opinions, informational content and links displayed on this website do not necessarily reflect a position or policy of The Pennsylvania State University or its affiliates.
Comments (0) 
![[del.icio.us]](http://iboyd.net/wp-content/plugins/bookmarkify/delicious.png)
![[Digg]](http://iboyd.net/wp-content/plugins/bookmarkify/digg.png)
![[Facebook]](http://iboyd.net/wp-content/plugins/bookmarkify/facebook.png)
![[StumbleUpon]](http://iboyd.net/wp-content/plugins/bookmarkify/stumbleupon.png)
![[Twitter]](http://iboyd.net/wp-content/plugins/bookmarkify/twitter.png)
Themocracy