News Contact Company



September 20, 2011
September 2011 Newsletter

Having trouble reading this email? View it in your browser.

TrueSec

News and Geek Stuff

September 2011

 

Wow! The response Microsoft got for their announcement of Windows 8 at the Build conference has flooded the press, blogs and all other media the last week. And indeed, it looks like some great stuff coming our way, for all parties; IT-Pro’s, Developers and consumers. Johan & Mike both touch base on Windows 8 in their contributions below.

Security; are you the go to person in your organization when it comes to IT security? If not, does that person get our newsletter? Or is he/she missing out on the great and important info Marcus Murray and his team are sharing? Do they know about the great trainings we offer? Let me challenge you: Have your Security Officer (?) register for Marcus class “Understand how hackers attack the Windows platform”. Send me an email that your colleague (or you) has registered and I will knock off $ 250 on the class fee.
Marcus ran this class in Amsterdam the other week and below is some responses on the question What did you like about the TrueSec training?”

“Less slides in 3 days than some trainings go through in 1 hour, lots of time to work with the techniques taught in the course”

“The extensive knowledge from trainer”

“The instructor’s knowledge and the fact that it was not "lean back and watch" but a "just do it" course”

A product developed by another of our security team members, Johan Blom Microsoft MVP Forefront, is the Lite Management Solution (LMS) for Forefront Endpoint Protection a product for those that don’t have/want or can’t afford SCCM. Read his blog post below.

And last but not least: The popular “Deployment Geek Week”, a wild deployment week with Johan Arwidmark and Mikael Nystrom taking you on a journey thru all aspects of a successful Windows deployment is back in December. The two previous sessions this year got sold out fast, so secure your seat. Check out the early bird offer.


Happy reading and stay safe.

Kent Agerlund:

Asset intelligence 3rd party software utility

Johan Arwidmark:

Windows 8 Preview - How To - Creating a WinPE boot image with .NET Framework and PowerShell

Johan Blom:

Lite Management Solution (LMS) for Forefront Endpoint Protection

 

 

Mikael Nystrom:
Running Windows 8 Preview using Boot From VHD

Asset Intelligence 3rd party software utility

Configuration Manager 2007 and 2012 allows you to import license information from a CSV file. The data are shown in the License 15A – General License Reconciliation Report. The problem for many is that it’s often a bit too difficult to create the CSV file in the correct format. Highly inspired by the CM2007 AILW utility we decided to create our own tool and make it work for both Configuration Manager 2007 and the upcoming 2012 version.

You can download the utility here.

Configuring the utility

Once you have downloaded our utility you have to:

1.     Copy CT-AILW.exe to C:\Program Files\Coretech\AILW\ CT-AILW.exe (you need to create the folder manually).

2.     Copy e1db6caa-40cb-49f0-a744-21ca930b419f\e1db6caa-40cb-49f0-a744-21ca930b419f.xml to <D>:\Program Files\Microsoft Configuration Manager\Admin\e1db6caa-40cb-49f0-a744-21ca930b419f\e1db6caa-40cb-49f0-a744-21ca930b419f.xml to <D>:\Program Files\Microsoft Configuration Manager\ Admin Console\XmlStorage\Extensions\Actions\ e1db6caa-40cb-49f0-a744-21ca930b419f\e1db6caa-40cb-49f0-a744-21ca930b419f.xml (notice, you need to create the Actions folder manually).

3.     Restart the Configuration Manager Console.

How it works

Using the tool is pretty easy; all you need to know is the name, vendor and version of the application. That information can be found in the Resource Explorer.

1.     Restart the Configuration Manager Administrator console and navigate to the Asset and Compliance workspace.

2.     Click Edit 3rd Party Licenses on the Ribbon.

3.     Type the name of the Configuration Manager site server and click Connect to Database.

4.     Make sure you are on the Edit tab. Scroll down to the end and enter a new product:

5.     Select the Commit tab and click Commit to SCCM.

6.     Run the report License 15A – General License Reconciliation Report

Credits goes to Claus Codam, who has been the main developer on this project.
/Kent

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Windows 8 Preview - Howto - Creating a WinPE boot image with .NET Framework and PowerShell

Here is a step-by-step guide to create a x64 bootimage with support for Scripting, WMI, HTA, ADO, .NET Framework 4.0, PowerShell and the DISM cmdlets for PowerShell.

Create the boot image

In this sample you will create a x64 boot image.

1.  Download the Assessment and Deployment Kit (ADK) from MSDN subscribers download.

2.  Install ADK by running adksetup.exe, and make sure that Windows Preinstallation Environment is selected (selected by default)

3.  Create the C:\WinPE_x64 folder

4.  Copy the winpe.wim file from C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64 to C:\WinPE_x64

5.  Create the C:\Mount folder

6.  Start the Deployment Tools and Imaging Environment, and mount the boot image using the following command:

Imagex /mountrw C:\WinPE_x64\winpe.wim 1 C:\Mount

7.  Add the various optional components to the boot image by running the following commands:

cd /d "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs"

dism /image:C:\Mount /add-package /packagepath:"WinPE-Scripting.cab"

dism /image:C:\Mount /add-package /packagepath:"en-us\WinPE-Scripting_en-us.cab"


dism /image:C:\Mount /add-package /packagepath:"WinPE-WMI.cab"

dism /image:C:\Mount /add-package /packagepath:"en-us\WinPE-WMI_en-us.cab"


dism /image:C:\Mount /add-package /packagepath:"WinPE-MDAC.cab"

dism /image:C:\Mount /add-package /packagepath:"en-us\WinPE-MDAC_en-us.cab"


dism /image:C:\Mount /add-package /packagepath:"WinPE-HTA.cab"

dism /image:C:\Mount /add-package /packagepath:"en-us\WinPE-HTA_en-us.cab"


dism /image:C:\Mount /add-package /packagepath:"WinPE-NetFx4.cab"

dism /image:C:\Mount /add-package /packagepath:"en-us\WinPE-NetFx4_en-us.cab"


dism /image:C:\Mount /add-package /packagepath:"WinPE-PowerShell3.cab"

dism /image:C:\Mount /add-package /packagepath:"en-us\WinPE-PowerShell3_en-us.cab"


dism /image:C:\Mount /add-package /packagepath:"WinPE-DismCmdlets.cab"

dism /image:C:\Mount /add-package /packagepath:"en-us\WinPE-DismCmdlets_en-us.cab"

8.  Commit the changes to the boot image by running the following command:

Imagex /unmount /commit C:\Mount

9.  Done, you now have 280 MB or so boot image, that you can add to your WDS (PXE) server.

Optional step - create a bootable ISO image.

If you don't have a PXE server or just want to mount an ISO for test, here you find the additional steps to create a bootable ISO.

1.  Create the C:\WinPE_x64\ISO folder

2.  Copy the contents of the C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media folder to C:\WinPE_x64\ISO

3.  Create the C:\WinPE_x64\ISO\Sources folder

4.  copy (or move) the winpe.wim file in C:\WinPE_x64 to C:\WinPE_x64\ISO\Sources

5.  Rename the winpe.wim file in C:\WinPE_x64\ISO\Sources to boot.wim

6.  Copy the etfsboot.com file from C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment and Imaging Tools\amd64\Oscdimg to C:\WinPE_x64

7.  Create the bootable ISO by running the following command:

oscdimg -b"c:\WinPE_X64\etfsboot.com" -n C:\WinPE_X64\ISO C:\WinPE_X64\WinPE_X64.iso

8.  Done, you now have a 330 MB or so ISO.

The PowerShell command window in WinPE - Listing some hardware info using WMI.

/ Johan

By Johan Arwidmark
Microsoft MVP – Setup and Deployment
Twitter: @jarwidmark

 

Lite Management Solution (LMS) for Forefront Endpoint Protection

Great news for all who want to run FEP (Forefront Endpoint Protection but don't have/want/can afford SCCM!

From my time in the field working with Microsoft Forefront products I have often heard complaints from smaller companies that there is no way for them to manage FEP. SCCM is an enterprise product and is too much overhead and too complex for smaller companies. So the idea of a lite management version started to form in my head, "lite" in terms of requirements. SCCM, SQL server etc. not lite in features.

For some time we at TrueSec have developed a product that would fit small to medium size companies. In Sweden (where I live)  95% of the companies are small to medium size so I figured the market would be a good .

There were a few main scenarios where we wanted LMS to be the right product.

  • Small to medium size companies
  • Hosted services
  • Hard to reach computers (traveling sales staff, DMZ servers satellite offices etc)
  • Multiple non-trusted domains (think Universities etc)

Small to medium size companies:
Maybe this is the most obvious one, since we don't rely on SCCM and full SQL, LMS will be an option for smaller companies.

Hosted services
We don't require a domain membership (we use certificates for verification) to manage computers. Therefor you can create logical groups for your different customers in their different domains.

Hard to reach computers
If you have antivirus you probably want it on all your computers and therefor want to manage all your computers from one console no matter where they are, right? The LMS agent connects using https only and does not rely on domain membership; therefore you can monitor traveling users, DMZ servers and satellite offices with low bandwidth.

Multiple non-trusted domains
This one was not really in our head when first setting the design of LMS. However we got emails from several large universities that was interested in our product. Of course it's not only for universities, it will fit ant multiple non-trusted domain company.

When we  launched the website ( www.truesec.se/LMS ) the response was overwhelming. I sat for days just answering emails from interested customers. In response to that we have just launched an LMS Early Adopters Program and several companies have already signed up. :-)

If you are interested in joining the program or have other questions regarding LMS, send me an email: lms [at] TrueSec.se

We are aiming at a first launch in November 2011.

Hope to hear from you soon!

/Johan


Running Windows 8 Preview using Boot from VHD

 

Yes, it works. It is possible to run Windows 8 Preview Version as a boot-from-vhd on your Windows 7 (2008 R2) machine. You do need a version of Windows 7 that supports Boot from VHD (Enterprise/Ultimate) for this to work.

I have played with this in both VM’s and in physical machines and so far no issues at all. To be honest it was bit scary the first time the new version was starting up because it did not show me the OS list, it just started Windows 8 Preview Version. But that is an easy fix, just reboot the Windows 8 Preview Version machine and press F8 and that will give a menu to choose OS from.

The reason for me to do boot from VHD is that a wanted to test Windows 8 Preview Version on my hardware, with drivers and all that stuff. If you just want to see Windows 8 Preview Version you can run it virtualized instead.

So, here are the step-by-step instructions:

First Step – Create the VHD

First we need to create a VHD file from the ISO image you have downloaded and there are more than one way of doing this. Here is the easy method

Download and install WAIK for Windows 7 (We just need Imagex.exe from that so if you have that you can just copy that file from the existing WAIK install)

Download WIM2VHD and store in a folder on your PC (C:\TOOLS\WIM2VHD as an example)

Mount the ISO image using some nice utility (Virtual Clone Drive from www.slysoft.com is my choice)

Open up an elevated command prompt (If you have installed WAIK, there is a special command prompt for the WAIK toolkit which will update the path to ImageX)

Execute the following: (In this case G: is the drive letter on the virtual CD/DVD)

cscript WIM2VHD.wsf /wim:"g:\sources\install.wim" /VHD:"c:\TOOLS\WIM2VHD\win8.vhd" /size:20000

Done! No you have a VHD file with Windows 8 Preview OS. A tip here is to take a copy of the file, that way you can easily “start” over by booting into Windows 7 and replace the file from the copy.

Second Step – Mount the VHD

In the same command prompt start DISKPART.EXE

Execute the following:

List Vol (it will show you all the volumes you have in your machine, take a note if this)
Select vdisk file="c:\WIM2VHD\win8.vhd"
Attach vdisk
List Vol (Compare the list with the note you took, you should have a new volume, that is your Windows 8 Preview OS. Take a note of the drive letter for the new volume)

Exit from DISKPART.EXE

Third Step – Make the volume bootable and reboot

Still in the same command prompt, execute the following:

BCDBOOT E:\Windows (If E: was the new drive letter that is)
 

Execute:

Shutdown –r –t 0

And wait until Windows 8 Preview boots up

Fourth Step – Configure Windows 8

Follow the Wizard to finish the installation
 

Just skip the Product key stuff, not needed now.
 

License stuff, Please read the first lines :)
 

Give it a name:
 

Select express (modify settings later)
 

Create a local account:
 

Hey, you are logged on:
 

Press ctrl-alt-del and select restart.
 

Press F8 while rebooting to get into the menu
 

Select what OS you would like to be default:
 

 

/mike

 

 

 

 

 

 

 

 

Where to find us......

Understand how hackers attack the Windows Platform with Marcus Murray

New York City

November 14-16

Mastering PKI & Certificate Services 2008 R2 with Hasain Alshakarti

London

October 31

 

 

Mastering ConfigMgr2012 Beta2
with Kent Agerlund

Minneapolis
Atlanta
October 24-27
December 12-15
Deploying Windows 7 using MDT and SCCM with Johan Arwidmark Minneapolis
Boston (Online Live)
October 10-12
November 8-10

 

Full schedule at http://www.truesec.com

 

 

 

 

 

 

 

 

This message was intended for '%%emailaddress%%'
Unsubscribe | To contact us please email info@truesec.com

TrueSec Inc.
8201 164th Ave NE, Redmond, WA 98052


 




TrueSec Inc    |     +1(425) 285-4477     |     info[at]truesec.com    |     Infrastructure    |     Security    |     Pentesting    |     TrueSec Inc. Website Privacy Statement