Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Operating Systems

System Partition

ENGL Imaging Toolkit™ 6
Windows 7 system partitioning and BitLocker
Jamie Glendinning
Jamie_Glendinning@engl.co.uk
Agenda
Introduction
Configuring a system partition
Additional partitions
BitLocker
2
Copyright © Expert Networking Group Limited
Introduction
3
Copyright © Expert Networking Group Limited
Introduction
Level
Intermediate
Duration
30
minutes
Assumptions
An
4
understanding of the ENGL build process
Copyright © Expert Networking Group Limited
Configuring a system partition
5
Copyright © Expert Networking Group Limited
System Partition
When Windows 7 is installed direct from media the
install process sets up a 100MB system partition.
The system partition contains the hardware related files
that tell a computer where to look to start Windows.
A boot partition is a partition that contains the Windows
operating system files, which are located in the
Windows file folder.
Usually, these are the same partition, especially if you
have only one operating system installed on your
computer.
6
Copyright © Expert Networking Group Limited
System Partition
You can use system partitions to:
Manage
and load other partitions. If there are multiple
operating systems, for example, Windows 7 and Windows
Vista®, the computer displays a list of operating systems. The
user can then select which operating system to use.
Use
security tools, such as Windows® BitLocker Drive
Encryption.
Use
recovery tools, such as Windows Recovery Environment
(Windows RE).
7
Copyright © Expert Networking Group Limited
System Partition
Basic system partition requirements are:
•Must
have at least 100 megabytes (MB) of hard drive space.
•Must
have enough free space to create shadow copies of the
partition.
•If
the partition is less than 500 MB, it must have at least 50 MB of free
space.
•If
the partition is 500 MB or larger, it must have at least 320 MB of free
space.
•If
the partition is larger than 1 gigabyte (GB), the partition should have at
least 1 GB free.
8
•Must
be configured as the active partition.
•Must
not be an encrypted partition.
•Must
be formatted as NTFS for BIOS based systems.
Copyright © Expert Networking Group Limited
System Partition
Additional requirements for Advanced Format
Generation One (4KBpersector) drives:
The
minimum size of the system partition on an Advanced
Format Generation One drive is 260 MB.
9
Copyright © Expert Networking Group Limited
System Partition
A Windows 7 base image that is created by the ENGL
Deployment wizard does not have this system partition
configured as a separate partition. The files are
included in the OS partition.
It is possible to configure the base image creation files
so that a system partition is created.
10
Copyright © Expert Networking Group Limited
System Partition
Requirements
Text
Build
11
editor
Console
Windows
7 Project
Unattend
folder created by Deployment Wizard
Copyright © Expert Networking Group Limited
System Partition
Assumptions
Machine
400MB
12
will have system partition and c:\ drive only
system partition
Copyright © Expert Networking Group Limited
System Partition
Update unattend files
Review existing autounattend.xml file.
This can be found in
<projectfolder>\unattend\ autounattend\
Note: The following example is a truncated version of
the autounattend.xml file
13
Copyright © Expert Networking Group Limited
System Partition
Update unattend files
<?xml version="1.0" encoding="utf-8"?>
<!-- techbite-bitlocker, Jamie Glendinning
-->
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral"
versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="modify">
<CreatePartitions>
<CreatePartition wcm:action="modify">
<Extend>false</Extend>
<Order>1</Order>
<Type>Primary</Type>
<Size>20000</Size>
</CreatePartition>
</CreatePartitions>
<WillWipeDisk>true</WillWipeDisk>
<DiskID>0</DiskID>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Extend>false</Extend>
<Format>NTFS</Format>
<Letter>C</Letter>
<Order>1</Order>
<PartitionID>1</PartitionID>
<Label>WINDOWS</Label>
</ModifyPartition>
</ModifyPartitions>
</Disk>
<WillShowUI>OnError</WillShowUI>
</DiskConfiguration>
</component>
</settings>
</unattend>
14
Copyright © Expert Networking Group Limited
System Partition
Update unattend files
Updated “CreatePartitions” section
<?xml version="1.0" encoding="utf-8"?>
<!-- techbite-bitlocker, Jamie Glendinning
-->
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral"
versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="modify">
<CreatePartitions>
<!-- System partition -->
<CreatePartition wcm:action="modify">
<Extend>false</Extend>
<Order>1</Order>
<Type>Primary</Type>
<Size>400</Size>
</CreatePartition>
<!-- Windows partition -->
<CreatePartition wcm:action="modify">
<Order>2</Order>
<Type>Primary</Type>
<Extend>false</Extend>
<Size>20000</Size>
</CreatePartition>
</CreatePartitions>
15
Copyright © Expert Networking Group Limited
System Partition
Update unattend files
Update “ModifyPartitions” Section
<ModifyPartitions>
<!-- System partition -->
<ModifyPartition wcm:action="add">
<Extend>false</Extend>
<Order>1</Order>
<PartitionID>1</PartitionID>
<Label>System</Label>
<Format>NTFS</Format>
<Active>true</Active>
</ModifyPartition>
<!-- Windows partition -->
<ModifyPartition wcm:action="add">
<Order>2</Order>
<PartitionID>2</PartitionID>
<Label>Windows</Label>
<Letter>C</Letter>
<Format>NTFS</Format>
<Extend>false</Extend>
</ModifyPartition>
</ModifyPartitions>
</Disk>
<WillShowUI>OnError</WillShowUI>
</DiskConfiguration>
</component>
</settings>
</unattend>
16
Copyright © Expert Networking Group Limited
System Partition
Update unattend files
Save the changes to the autounattend.xml file.
Update the sysprep.xml file with the same changes.
The sysprep.xml file can be found:
<projectfolder>\unattend\ autounattend\ $OEM$\$1\Ztoolkit\sysprep\sysprep.xml
Note: The sysprep file does not need to be updated
but is done to avoid future confusion.
17
Copyright © Expert Networking Group Limited
System Partition
Review base image
Using your preferred unattended installation method
create a new Windows 7 image.
The new base image will contain two partitions.
Opening it with image explorer it should look like:
18
Copyright © Expert Networking Group Limited
System Partition
Update Project settings
When restoring the base image – the system partition
may be configured by Windows with a drive letter even
though it is a system partition and this was not
configured in the base image.
To workaround this issue a diskpart script can be used
to remove the drive letter.
19
Copyright © Expert Networking Group Limited
System Partition
Update Project settings
Create
a diskpart.txt file containing:
Select disk 0
detail disk
select volume 1
Remove
exit
Add this file to the project custom files folder
Update
phase1-before.vbs script to add a command to run the
diskpart script
' Add custom script here...
utils.appendlog "Configuring disk partitions"
diskpart_status = utils.run ("diskpart.exe -s c:\ztoolkit\diskpart.txt",0,true)
utils.appendlog "diskpart script status: " & diskpart_status
Create
a new Ztoolkit image and copy to ZENworks imaging
server
20
Copyright © Expert Networking Group Limited
System Partition
Restoring Images
The new base image can be restored as normal and
will replace both partitions each time it is restored.
The command line option to restore the add-on images
must be modified to ensure that the files are restored
into the second (OS) partition instead of partition 1
i.e. –ap=a1:p2
21
Copyright © Expert Networking Group Limited
System Partition
Restoring Images
Update zim.cfg file:
Dialog:Popup,"Restoring
ENGL
Smart
Windows
build
process,
please
wait...",green
Dialog:Popup,"Restoring
ENGL
Smart
Windows
build
process,
please
wait...",green
Pause:3
Pause:3
File:Run,"img
%imgrestorecmd%%project_image_path%/%base_image%",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/%base_image%",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/hotfixes.zmg
–ap=a1:p2",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/hotfixes.zmg",verbose
If:Var,machine_type,eq,"tablet"
If:Var,machine_type,eq,"tablet"
File:Run,"img
%imgrestorecmd%%project_image_path%/tablet.zmg
–ap=a1:p2 ",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/tablet.zmg",verbose
End:
End:
File:Run,"img
%imgrestorecmd%%project_image_path%/%project_novcomp%
–ap=a1:p2 ",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/%project_novcomp%",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/%project_ztoolkit%
–ap=a1:p2 ",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/%project_ztoolkit%",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/%drivers_image%
–ap=a1:p2 ",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/%drivers_image%",verbose
Pause:2
Pause:2
Dialog:Popupclose
Dialog:Popupclose
22
Copyright © Expert Networking Group Limited
System Partition
Testing build process
Once all the files have been updated they need to be
tested.
PXE
boot an appropriate workstation
Restore
images via the Zim menu
Workstation
23
will build successfully
Copyright © Expert Networking Group Limited
System Partition
Testing build process
Review the partition structure on the machine once the
machine has built.
It should look something like this:
24
Copyright © Expert Networking Group Limited
Additional partitions
25
Copyright © Expert Networking Group Limited
Additional partitions
In the scenario covered so far the base image was
restored and included two partitions.
Sysprep mini-setup then extended the OS partition to fill
the disk to give the built machine access to the full hard
disk.
If a different partition structure is required then there are
several problems that need to be overcome.
26
Copyright © Expert Networking Group Limited
Additional partitions
Scenario - Laptops
400MB
40GB
System partition
OS Partition
Remainder
of disk as D:\ drive
Scenario - Desktops
400MB
OS
27
System partition
Partition – fill the disk
Copyright © Expert Networking Group Limited
Additional partitions
In order to meet the requirements of this scenario the
partitions need to be configured first – then images
restored into partitions (standard img functionality)
This can be achieved using the
–ap=a1:p2
command line option
The base image created earlier has two partitions, a
400MB partition and a 20GB partition.
28
Copyright © Expert Networking Group Limited
Additional partitions
If the following restore commands are run:
img –r –p techbite-bitlocker/win7-ent-x64-postsp.zmg –ap=a1:p1
img –r –p techbite-bitlocker/win7-ent-x64-postsp.zmg –ap=a2:p2
Then the first command will restore the system partition
into partition 1 onto the file system.
It will then process the second 20GB partition but will
skip the actual restoration of the files.
This results in the above commands taking twice as
long as the basic restore:
img –r –p techbite-bitlocker/win7-ent-x64-postsp.zmg
29
Copyright © Expert Networking Group Limited
Additional partitions
Solution:
Create
individual images instead of one large image containing
multiple partitions
Configure
Zim to partition the disk
Configure
Zim to restore individual images into appropriate
partitions
30
Copyright © Expert Networking Group Limited
Additional partitions
Image creation
Create individual images instead of one large image
containing multiple partitions
Follow
normal steps to create a Windows 7 base image (using
configuration changes as detailed earlier)
PXE
At
boot machine to ZENworks Imaging Environment
Zim menu
Select
Maintenance Menu
Select
Exit to Prompt
At
the bash prompt run these commands to create images
img –m –p <project-folder>/systempartition.zmg –x=2
img –m –p <project-folder>/win7-ent-x86-postsp.zmg –x=1
31
Copyright © Expert Networking Group Limited
Additional partitions
Image Creation
32
Copyright © Expert Networking Group Limited
Additional partitions
Image creation
Create ddrive.zmg file
Boot
a machine using Windows PE media
Launch
diskpart
diskpart
Run
diskpart commands
Select disk 0
clean
Create partition primary size=400
format fs=ntfs quick
exit
33
Copyright © Expert Networking Group Limited
Additional partitions
Image creation
PXE
At
boot machine to ZENworks Imaging Environment
Zim menu
Select
Maintenance Menu
Select
Exit to Prompt
At
the bash prompt run these commands to create images
img –m –p <project-folder>/ddrive.zmg
34
Copyright © Expert Networking Group Limited
Additional partitions
Image creation
35
Copyright © Expert Networking Group Limited
Additional partitions
Image creation
36
Copyright © Expert Networking Group Limited
System Partition
Update Project settings
When restoring the base image – the system partition
may be configured by Windows with a drive letter even
though it is a system partition and this was not
configured in the base image.
If the System partition is assigned to D:\ then the data
partition will be assigned E:\ .
To workaround this issue a diskpart script can be used
to remove the drive letter from the system partition and
reassign the E:\ drive letter to the data partition.
37
Copyright © Expert Networking Group Limited
System Partition
Update Project settings
Create
a diskpart.txt file containing:
Select
detail
select
Remove
select
assign
exit
disk 0
disk
volume 1
volume 3
letter=d
Add this file to the project – custom files folder
Update
phase1-before.vbs script to add a command to run the
diskpart script
' Add custom script here...
utils.appendlog "Configuring disk partitions"
diskpart_status = utils.run ("diskpart.exe -s c:\ztoolkit\diskpart.txt",0,true)
utils.appendlog "diskpart script status: " & diskpart_status
Create
a new Ztoolkit image and copy to ZENworks imaging
server
38
Copyright © Expert Networking Group Limited
Additional partitions
Updated
Need
to update Zim.cfg file
create
appropriate partitions
restore
39
image files have now been created.
appropriate images into partitions
Copyright © Expert Networking Group Limited
Additional partitions
Zim.cfg
Zim script - configure default partition actions
; Launch a Form to display detected hardware and select machine type
Form:Start,"info","Hardware Detected","_OkCancel^_Ok",Blue
Form:Item,"Item1",StaticText,"-Manufacturer
: %lookup_section%"
Form:Item,"Item2",StaticText,"-Model
: %lookup_value%"
Form:Item,"Item3",StaticText,"-Hardware Image
: %drivers_image%"
Form:Item,"Item4",StaticText,"-Hardware Type
: %machine_type%"
Form:Item,"Item5",Label,"Computer Name
:"
Form:Item,"Item6",EditBox,"%COMPUTERNAME%“
Form:Item,"Item7",Label,"Auto Restart after imaging:"
Form:Item,"Item8",Radiobuttons,"Yes","Yes,No"
Form:Display,"info"
If:Var,_Form,Eq,"_Cancel"
Menu:Return
End:
Set:Ask_COMPUTERNAME,%_Info_item6%
Set:AutoRestart,%_Info_item8%
If:Var,Ask_COMPUTERNAME,ne,"%COMPUTERNAME%"
Set:COMPUTERNAME,"%Ask_COMPUTERNAME%"
End:
; Default Partitioning actions
if:var,machine_type,eq,"laptop"
Set:partition1_action,"-type=ntfs -size=400"
Set:partition2_action,"-type=ntfs -size=40000"
Set:partition3_action,"-type=ntfs"
else:
Set:partition1_action,"-type=ntfs -size=400"
Set:partition2_action,"-type=ntfs"
Set:partition3_action,""
end:
40
Copyright © Expert Networking Group Limited
Additional partitions
Zim.cfg
Zim.cfg – configuring the partition table :
Dialog:Ask,"", "Warning! All hard disk data on this machine will be erased.\n \nContinue?","_YesNo",red
If:Var,_ask,eq,"_No"
Menu:Return
End:
; configuring partition table.
; check if zisd:vendordataengl exists if it does not - assume this is a new machine and we need to clear all partitions.
; Read zisd:VendorDataENGL
zisd:get,VendorDataENGL,VendorDataENGLSTRING
If:var,VendorDataENGLSTRING,eq,""
set:ask_wipe,"Yes"
End:
41
Copyright © Expert Networking Group Limited
Additional partitions
Zim.cfg
Zim.cfg – configuring the partition table :
Dialog:Popup,"Configuring Partitions, please wait...",green
;Clear all partitions
if:var,ask_wipe,eq,"Yes“
; delete existing partitions
file:run,"img -pd 4",verbose
File:Run,"cat imglogr
file:run,"img -pd 3",verbose
File:Run,"cat imglogr
file:run,"img -pd 2",verbose
File:Run,"cat imglogr
file:run,"img -pd 1",verbose
File:Run,"cat imglogr
>> /zimbin/zim.log",verbose
>> /zimbin/zim.log",verbose
>> /zimbin/zim.log",verbose
>> /zimbin/zim.log",verbose
;Create new partition structure
if:var,partition3_action,ne,""
; we need to create 3 partitions
file:run,"img -pc 1 %partition1_action%",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
file:run,"img -pc 2 %partition2_action%",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
file:run,"img -pc 3 %partition3_action%",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
; restore d-drive.zmg file
File:Run,"img %imgrestorecmd%%project_image_path%/d-drive.zmg -ap=a1:p3",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
else:
file:run,"img -pc 1 %partition1_action%",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
file:run,"img -pc 2 %partition2_action%",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
end:
else:
42
Copyright © Expert Networking Group Limited
Additional partitions
Zim.cfg
Zim.cfg – configuring the partition table :
; Machine is being re-imaged - so need to delete partition 1 & 2
file:run,"img -pd 1",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
file:run,"img -pd 2",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
; now need to recreate system and c: drive
file:run,"img -pc 1 %partition1_action%",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
file:run,"img -pc 2 -type=ntfs",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
End:
; set system partition as active
file:run,"img -pa 1",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
Dialog:Popupclose
43
Copyright © Expert Networking Group Limited
Additional partitions
Zim.cfg
Zim.cfg – configuring image restore :
Dialog:Popup,"Restoring ENGL Smart Windows build process, please wait...",green
Pause:3
File:Run,"img %imgrestorecmd%%project_image_path%/%base_image%",verbose
%imgrestorecmd%%project_image_path%/systempartition.zmg -ap=a1:p1",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/hotfixes.zmg",verbose
File:Run,"cat
imglogr >> /zimbin/zim.log",verbose
If:Var,machine_type,eq,"tablet"
File:Run,"img %imgrestorecmd%%project_image_path%/%base_image% -ap=a1:p2",verbose
File:Run,"img
File:Run,"cat %imgrestorecmd%%project_image_path%/tablet.zmg",verbose
imglogr >> /zimbin/zim.log",verbose
End:
File:Run,"img %imgrestorecmd%%project_image_path%/hotfixes.zmg -ap=a1:p2",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/%project_novcomp%",verbose
File:Run,"cat
imglogr >> /zimbin/zim.log",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/%project_ztoolkit%",verbose
If:Var,machine_type,eq,"tablet"
File:Run,"img
%imgrestorecmd%%project_image_path%/%drivers_image%",verbose
File:Run,"img
%imgrestorecmd%%project_image_path%/tablet.zmg -ap=a1:p2",verbose
Pause:2
End:
Dialog:Popupclose
File:Run,"img %imgrestorecmd%%project_image_path%/%project_novcomp% -ap=a1:p2",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
File:Run,"img %imgrestorecmd%%project_image_path%/%project_ztoolkit% -ap=a1:p2",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
File:Run,"img %imgrestorecmd%os/%project_os%/%drivers_image% -ap=a1:p2",verbose
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
Pause:2
Dialog:Popupclose
Note: review TID 2011007 “Capture img error codes to
zim.log file” https://www.engl.co.uk/kb/tid-2011007.htm
for more info on using the command line:
File:Run,"cat imglogr >> /zimbin/zim.log",verbose
44
Copyright © Expert Networking Group Limited
Additional partitions
Testing Build Process
Review the partition structure on the machine once the
machine has built.
It should look something like this:
45
Copyright © Expert Networking Group Limited
BitLocker
46
Copyright © Expert Networking Group Limited
BitLocker
Overview
What is BitLocker?
BitLocker Drive Encryption is a data protection feature
available in Windows 7 Enterprise and Windows 7
Ultimate.
BitLocker protects your hard drive from offline attack.
This is the type of attack where a malicious user will
take the hard drive from your mobile machine and
connect it to another machine so they can harvest your
data. BitLocker also protects your data if a malicious
user boots from an alternate Operating System.
With either attack method, BitLocker encrypts the hard
drive so that when someone has physical access to the
drive, the drive is unreadable.
47
Copyright © Expert Networking Group Limited
BitLocker
Requirements
Requirement Description
48
Hardware
configuration
Meet the minimum requirements for Windows 7
Operating
system
Windows 7 Ultimate, Windows 7 Enterprise, or Windows
Server 2008 R2
Hardware
TPM
TPM version 1.2
A TPM is not required for BitLocker; however, only a computer
with a TPM can provide the additional security of pre-startup
system integrity verification and multifactor authentication
BIOS
configuration
A Trusted Computing Group (TCG)-compliant BIOS.
The BIOS must be set to start first from the hard disk, and not
the USB or CD drives.
The BIOS must be able to read from a USB flash drive during
startup
File system
At least two NTFS disk partitions, one for the system drive and
one for the operating system drive. The system drive partition
must be at least 100 megabytes (MB) and set as the active
partition
Copyright © Expert Networking Group Limited
BitLocker
Build Process scenario
Scenario - Laptops
400MB
40GB
System partition
OS Partition
Remainder
At
of disk as D:\ drive
imaging select option to enable BitLocker for OS partition
Scenario - Desktops
400MB
OS
49
System partition
Partition – fill the disk
Copyright © Expert Networking Group Limited
BitLocker
Build Process scenario
Assumptions
TPM
device is present on hardware and is enabled
Recovery
keys to be stored in Active Directory
Windows
7 Enterprise base image
System
partition configured as per previous scenario
Enabling
BitLocker by Using a WMI Script
(EnableBitLocker.vbs) is available
Data
50
drive (D:\) is not encrypted
Copyright © Expert Networking Group Limited
BitLocker
Enable BitLocker by using a WMI Script
Enabling BitLocker by Using a WMI Script
http://technet.microsoft.com/en-gb/library/dd875527%28WS.10%29.aspx
EnableBitLocker.vbs is a fully functional sample
deployment script that uses the publicly available
BitLocker and Trusted Platform Module (TPM) WMI
providers that can be used as is or customized to meet
the needs of your organization.
Download script:
http://go.microsoft.com/fwlink/?LinkID=151997
Download documentation:
http://archive.msdn.microsoft.com/bdedeploy/Release/ProjectReleases.aspx?Relea
seId=3206
51
Copyright © Expert Networking Group Limited
BitLocker
Update Zim.cfg
Update information read in from ZISD when Zim loads
; Read zisd:VendorDataENGL
Zisd:Get,VendorDataENGL,VendorDataENGLSTRING
; Read stored information in from VendorDataENGL
Set:zisd_project,GetKeyPairStringValue("%VendorDataENGLSTRING%", "project")
Set:zisd_bit_OS,GetKeyPairStringValue("%VendorDataENGLSTRING%", “bit_OS")
52
Copyright © Expert Networking Group Limited
BitLocker
Update Zim.cfg
Update Zim form
; Launch a Form to display detected hardware and select machine type
Form:Start,"info","Hardware Detected","_OkCancel^_Ok",Blue
Form:Item,"Item1",StaticText,"-Manufacturer
: %lookup_section%"
Form:Item,"Item2",StaticText,"-Model
: %lookup_value%"
Form:Item,"Item3",StaticText,"-Hardware Image
: %drivers_image%"
Form:Item,"Item4",StaticText,"-Hardware Type
: %machine_type%"
Form:Item,"Item5",Label,"Computer Name
:"
Form:Item,"Item6",EditBox,"%COMPUTERNAME%“
Form:Item,"Item7",Label,"Auto Restart after imaging:"
If:var,machine_type,eq,”laptop”
Form:Item,"Item8",Radiobuttons,"Yes","Yes,No"
Form:Item,"Item7",Label,"Encrypt OS Partition:"
Form:Display,"info"
Form:Item,"Item8",Radiobuttons,"%zisd_bit_OS%","No,Yes"
If:Var,_Form,Eq,"_Cancel"
End:
Form:Item,"Item9",Label,"Auto
Menu:Return
Restart after imaging:"
End:
Form:Item,"Item10",Radiobuttons,"Yes","Yes,No"
Set:Ask_COMPUTERNAME,%_Info_item6%
Form:Display,"info"
Set:AutoRestart,%_Info_item8%
If:Var,_Form,Eq,"_Cancel"
If:Var,Ask_COMPUTERNAME,ne,"%COMPUTERNAME%"
Menu:Return
End:
Set:COMPUTERNAME,"%Ask_COMPUTERNAME%"
End:
Set:Ask_COMPUTERNAME,%_Info_item6%
Set:BitLocker_OS,%_Info_item8%
Set:AutoRestart,%_Info_item10%
If:Var,Ask_COMPUTERNAME,ne,"%COMPUTERNAME%"
Set:COMPUTERNAME,"%Ask_COMPUTERNAME%"
End:
53
Copyright © Expert Networking Group Limited
BitLocker
Update Zim.cfg
Update BitLocker information to ZISD
; Update the information in ZISD
Zisd:Put,NetBiosName,%COMPUTERNAME%
; Update VendorDataENGL (sample)
Set:VendorDataENGLSTRING,PutKeyPairStringValue("%VendorDataENGLSTRING%","Machine_Type","%machine_type%")
Set:VendorDataENGLSTRING,PutKeyPairStringValue("%VendorDataENGLSTRING%","OS","%project_os%")
Set:VendorDataENGLSTRING,PutKeyPairStringValue("%VendorDataENGLSTRING%","Project","%lookup_project%“)
Set:VendorDataENGLSTRING,PutKeyPairStringValue("%VendorDataENGLSTRING%","Project","%lookup_project%")
Set:VendorDataENGLSTRING,PutKeyPairStringValue("%VendorDataENGLSTRING%","bit_OS","%BitLocker_OS%“)
Save changes to zim.cfg file
54
Copyright © Expert Networking Group Limited
BitLocker
Update project files
Add EnableBitLocker.vbs file to the project custom files
55
Copyright © Expert Networking Group Limited
BitLocker
Update project files
Update phase4-before.vbs script to
56
Check
ZISD for BitLocker options
Enable
BitLocker (when required)
Initiate
encryption of OS partition
Copyright © Expert Networking Group Limited
BitLocker
Update project files
Update phase4-before.vbs script
' ENGL Imaging Toolkit 6
' Copyright (C) 1999-2011 Expert Networking Group Limited
' techbite-BitLocker
' Jamie Glendinning
' Custom script template (phase4-before.vbs)
' Custom script template (phase4-before.vbs)
' Attach to ENGL Ztoolkit ActiveX Control
' Attach
ActiveX Control
Set
LDAP to ENGL
= Ztoolkit
CreateObject("ENGL.Ztoolkit.LDAP")
Set Utils
LDAP
= CreateObject("ENGL.Ztoolkit.Utils")
CreateObject("ENGL.Ztoolkit.LDAP")
Utils
CreateObject("ENGL.Ztoolkit.Utils")
Set ZENworks
= CreateObject("ENGL.Ztoolkit.ZENworks")
Set ZENworks
= CreateObject("ENGL.Ztoolkit.ZENworks")
' Set ZISD Version
' Set ZISD Version
ZENworks.ZISDVersion
= 11
ZENworks.ZISDVersion = 11
' Add custom script here...
' Add custom script here...
' Read in ZISD:VendorDataENGL
VendorDataENGLSTRING
= ZENworks.GetZisdAttributeValue("VendorDataENGL")
' Separate strings
zisd_bit_OS
= Utils.GetKeyPairStringValue(VendorDataENGLSTRING, "bit_OS")
If zisd_bit_OS = "Yes" then
' BitLocker needs to be enabled on this machine
utils.appendlog "Enabling BitLocker"
utils.appendlog "Enabling BitLocker on OS Partition"
utils.run "%comspec% /c BdeHdCfg.exe -target default -quiet >> c:\ztoolkit\ztoolkit.log",0,true
bit_status = utils.run ("wscript c:\ztoolkit\EnableBitLocker.vbs /on:tpm /l:c:\ztoolkit\ztoolkit.log",0,true)
utils.appendlog "BitLocker script status: " & bit_status
utils.run "%comspec% /c manage-bde -status >> c:\ztoolkit\ztoolkit.log",0,true
end if
57
Copyright © Expert Networking Group Limited
BitLocker
Testing Build Process
Restore the updated project files
Reboot after images have restored, the workstation will
build successfully
Review the build machine to confirm everything is
working as expected
Ztoolkit.log
Launch
file – this should contain BitLocker information
a command prompt
manage-bde –status
This will give information on current status of the local partitions
Control Panel – launch BitLocker Drive Encryption will
show similar information
Open
58
Copyright © Expert Networking Group Limited
BitLocker
Testing Build Process
Ztoolkit.log file – this should contain
EnableBitLocker.vbs information
...
[03-Aug-11 12:29:44] [Zmainrun-Phase4] Running custom scripts (pre-phase)...
[03-Aug-11 12:29:44] [Zmainrun-Phase4]
Processing 'phase4-before.vbs'...
[03-Aug-11 12:29:44] [Zmainrun-Phase4] [Debug] Running [wscript C:\Ztoolkit\phase4-before.vbs]
[03-Aug-11 12:29:44] [ZtoolkitCtrl] ENGL ZtoolkitCtrl 6.0.5.0 (x86)
[03-Aug-11 12:29:44] [ZtoolkitCtrl] Copyright (C) 1999-2011 Expert Networking Group Limited
[03-Aug-11 12:29:44] [ZtoolkitCtrl] Licensed to: ENGL System Test
[03-Aug-11 12:29:44] [ZtoolkitCtrl] ZENworks.GetZisdAttributeValue() attribute: 'VendorDataENGL'
[03-Aug-11 12:29:44] [ZtoolkitCtrl]
returning [Yes]
[03-Aug-11 12:29:44] [ZtoolkitCtrl] Enabling BitLocker
[03-Aug-11 12:29:44] [ZtoolkitCtrl] Enabling BitLocker on OS Partition
BitLocker Drive Preparation Tool version 6.1.7600
Copyright (C) 2006-2008 Microsoft Corporation.
Script processing started 03/08/2011
12:29:49
Proper number of command line arguments passed to the script
-------------------------------------------------------------------------------------Executing with the following arguments---------------------------------------------------------------------------------------Enable parameters: tpm
Logging location: c:\ztoolkit\ztoolkit.log
...
59
Copyright © Expert Networking Group Limited
BitLocker
Testing Build Process
Ztoolkit.log file – this should contain
manage-bde -status information
BitLocker Drive Encryption: Configuration Tool version 6.1.7600
Copyright (C) Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Windows]
[OS Volume]
Size:
74.53 GB
BitLocker Version:
Windows 7
Conversion Status:
Encryption in Progress
Percentage Encrypted: 0%
Encryption Method:
AES 128 with Diffuser
Protection Status:
Protection Off
Lock Status:
Unlocked
Identification Field: None
Key Protectors:
TPM
Numerical Password
Volume D: []
[Data Volume]
Size:
BitLocker Version:
Conversion Status:
Percentage Encrypted:
Encryption Method:
Protection Status:
Lock Status:
Identification Field:
Automatic Unlock:
Key Protectors:
74.13 GB
None
Fully Decrypted
0%
None
Protection Off
Unlocked
None
Disabled
None Found
[03-Aug-11 12:29:55] [Zmainrun-Phase4] [Debug]
60
Copyright © Expert Networking Group Limited
returned 0 (exit code: 0)...
BitLocker
Testing Build Process
Control Panel - BitLocker Drive Encryption
61
Copyright © Expert Networking Group Limited
BitLocker
Testing Build Process
Review the partition structure on the machine once the
machine has built.
It should look something like this:
62
Copyright © Expert Networking Group Limited
Summary
63
Copyright © Expert Networking Group Limited
Summary
Using Imaging Toolkit v6 you can create a universal
Windows 7 build process that includes a system
partition.
It is also possible to automate the encryption of the OS
partition using BitLocker.
The examples given in this TechBite session can be
easily extended to meet individual customer
requirements including encryption of the DATA partition
64
Copyright © Expert Networking Group Limited
Issues
65
Copyright © Expert Networking Group Limited
Issues
If you would like any more information or assistance
with the procedures detailed in this TechBite let us
know!
•Log
an incident via My ENGL
https://www.engl.co.uk/Support.aspx
•Report
an issue via support forum
https://www.engl.co.uk/Support.aspx
•Email
support@engl.co.uk
66
Copyright © Expert Networking Group Limited
More information
67
Copyright © Expert Networking Group Limited
More Information
Useful links

Product information and Downloads
https://www.engl.co.uk/Products/ImagingToolkit.aspx

Success Stories
https://www.engl.co.uk/Company/SuccessStories.aspx

Partners
www.engl.co.uk/partners
68
Copyright © Expert Networking Group Limited
More Information
Future Events

Tech Bite sessions

Brainshare
https://www.engl.co.uk/Events.aspx
69
Copyright © Expert Networking Group Limited
www.engl.co.uk
Related documents
partition This term is often used as a synonym for distribution and
partition This term is often used as a synonym for distribution and
Link
Link
CompTIA602Q
CompTIA602Q
Name Period Date World Cultures 6.0 Chapter 12 South Asia
Name Period Date World Cultures 6.0 Chapter 12 South Asia
Tutorial 7, PPT - Dr. Aiman Hanna
Tutorial 7, PPT - Dr. Aiman Hanna
Sum of subset reduce to Partition
Sum of subset reduce to Partition
Download