Technical Overview and Lessons Learned - CCS - Home
advertisement
Anytime Anywhere Component of AIS/W2k Pilot Project
Technical Overview and Lessons Learned
Doug Edmonds
Windows Administrative Servers – Virginia Tech
2/18/02
Table of Contents
Anytime Anywhere Component of AIS/W2k Pilot Project_____________________ 1
Technical Overview and Lessons Learned __________________________________ 1
2/18/02 _______________________________________________________________ 1
Table of Contents ______________________________________________________ 2
Table of Figures________________________________________________________ 4
Introduction ___________________________________________________________ 6
System and Disaster Recovery ____________________________________________ 7
Universal Disk Image ________________________________________________________ 8
Purpose ________________________________________________________________________ 8
UDI Creation Procedure ___________________________________________________________ 8
Partitions _____________________________________________________________________ 8
DOS Installation ______________________________________________________________ 10
Installing DOS to the C: Drive _________________________________________________ 10
Modification of Win98 Startup Disk files ________________________________________ 10
Other files on C Drive _______________________________________________________ 10
Windows 2000 Installation Procedure _____________________________________________ 12
SYSPREP ____________________________________________________________________ 13
Creating the Images ___________________________________________________________ 15
After running SYSPREP _____________________________________________________ 15
Creating the FS full disk image ________________________________________________ 15
Loading the FS and UDI images _______________________________________________ 16
Instructions for loading images ________________________________________________ 16
Conflict Resolution ____________________________________________________________ 17
LAZARUS________________________________________________________________ 19
Purpose _______________________________________________________________________ 19
SNAPSHOT ______________________________________________________________ 21
Purpose _______________________________________________________________________ 21
REMOUNTER ____________________________________________________________ 27
Purpose _______________________________________________________________________ 27
User Data Storage and Accessibility ______________________________________ 29
Roaming Profiles and Folder Redirection _____________________________________ 30
Purpose _______________________________________________________________________ 30
Roaming Profiles________________________________________________________________ 30
Folder Redirection ______________________________________________________________ 30
Folder Synchronization __________________________________________________________ 31
Anytime Anywhere Procedures _____________________________________________________ 32
Disk Quota __________________________________________________________________ 32
Group Policy Object ___________________________________________________________ 32
Roaming Profiles and Folder Redirection __________________________________________ 33
Security Concerns _______________________________________________________________ 34
Conflict Resolution ______________________________________________________________ 35
Winzip 8.0 ___________________________________________________________________ 35
Microsoft Office XP____________________________________________________________ 35
MS Access ___________________________________________________________________ 35
POPULUS ________________________________________________________________ 36
2
Purpose _______________________________________________________________________ 36
Creating User Accounts __________________________________________________________ 36
Creating Users’ Data Folders ______________________________________________________ 36
APPENDICES ________________________________________________________ 38
Appendix A: DEFAULT AUTOEXEC.BAT _____________________________________ 39
Appendix B: MODIFIED AUTOEXEC.BAT ____________________________________ 40
Appendix C: DEFAULT CONFIG.SYS ________________________________________ 41
Appendix D: MODIFIED CONFIG.SYS ________________________________________ 42
Appendix E: “SYSPREP.INF” ________________________________________________ 43
Appendix F: “MERGEIDE.REG” _____________________________________________ 48
Appendix G: AIS/W2K PILOT PROJECT DEPLOYMENT PROCEDURE ____________ 52
Appendix H: Lazarus v0.0.3 Source ____________________________________________ 58
Appendix I: Lazarus Ghost command switch files _________________________________ 59
Appendix J: SnapShot v1.2.0.0 Source _________________________________________ 60
Appendix K: SnapShot “Snap” Ghost command switch files ________________________ 68
Appendix L: SnapShot “Shot” Ghost command switch files _________________________ 69
Appendix M: RMounter v1.2.1.0 Source Code ___________________________________ 70
Appendix N: Example of mount.vol GUID list ___________________________________ 72
Appendix O: “Test-Lab User GP” _____________________________________________ 73
Appendix P: “Slow Link Policy” GPO __________________________________________ 97
Appendix Q: “Add Users” .csv file syntax ______________________________________ 110
Appendix R: W2k-Pilot “AddUser.csv” ________________________________________ 111
Appendix S: Populus v1.0.0.0 Source__________________________________________ 112
Appendix T: Procedure for Adding a new user to the AIS/W2k-Pilot _________________ 117
3
Table of Figures
Figure 1: HARD DRIVE PARTITIONS _____________________________________________ 9
Figure 2: Lazarus Windows interface _____________________________________________ 20
Figure 3: Lazarus System Shutdown ______________________________________________ 20
Figure 4: Informational Message box _____________________________________________ 23
Figure 5: SnapShot Selection Menu _______________________________________________ 23
Figure 6: Missing SnapShot History File ___________________________________________ 24
Figure 7: SnapShot Selection Menu (No History File) ________________________________ 24
Figure 8: No Previous SnapShot Activity (no SnapShot image or History File) _____________ 24
Figure 9: Loading a Snapshot image ______________________________________________ 25
Figure 10: No Snapshot available to load __________________________________________ 25
Figure 11: Old Snapshot Warning ________________________________________________ 25
Figure 12: Invalid Snapshot Age (creation date of file differs from SnapShot history file) _____ 25
Figure 13: Previous Snapshot Found when attempting to “take” a Snapshot ______________ 26
Figure 14: SnapShot Canceled___________________________________________________ 26
Figure 15: SnapShot Rebooting Warning __________________________________________ 26
Figure 16: System Rebooting ____________________________________________________ 26
Figure 17: “UserData” Permissions ______________________________________________ 34
Figure 18: Test-Lab GPO Screenshots ____________________________________________ 73
Figure 19 _____________________________________________________________ 74
Figure 20 _____________________________________________________________ 75
Figure 21 _____________________________________________________________ 76
Figure 22 _____________________________________________________________ 77
Figure 23 _____________________________________________________________ 78
Figure 24 _____________________________________________________________ 79
Figure 25 _____________________________________________________________ 79
Figure 26 _____________________________________________________________ 80
Figure 27 _____________________________________________________________ 81
Figure 28 _____________________________________________________________ 82
Figure 29 _____________________________________________________________ 83
Figure 30 _____________________________________________________________ 84
Figure 31 _____________________________________________________________ 85
Figure 32 _____________________________________________________________ 86
Figure 33 _____________________________________________________________ 87
Figure 34 _____________________________________________________________ 88
Figure 35 _____________________________________________________________ 89
Figure 36 _____________________________________________________________ 90
Figure 37 _____________________________________________________________ 91
Figure 38 _____________________________________________________________ 92
Figure 39 _____________________________________________________________ 93
Figure 40 _____________________________________________________________ 93
Figure 41 _____________________________________________________________ 94
Figure 42 _____________________________________________________________ 95
Figure 43 _____________________________________________________________ 96
Figure 44: Slow Link GPO Screenshots ____________________________________________ 97
Figure 45 _____________________________________________________________ 98
Figure 46 _____________________________________________________________ 99
Figure 47 ____________________________________________________________ 100
Figure 48 ____________________________________________________________ 101
Figure 49 ____________________________________________________________ 102
4
Figure 50 ____________________________________________________________ 103
Figure 51 ____________________________________________________________ 104
Figure 52 ____________________________________________________________ 105
Figure 53 ____________________________________________________________ 106
Figure 54 ____________________________________________________________ 107
Figure 55 ____________________________________________________________ 108
Figure 56 ____________________________________________________________ 108
Figure 57 ____________________________________________________________ 109
Figure 58: Options Dialog Box – selecting individual user ____________________________ 119
Figure 59: Individual User_____________________________________________________ 119
Figure 60: Options – selecting multiple users ______________________________________ 120
Figure 61: Enter User List Location _____________________________________________ 120
Figure 62: Invalid Users Log file – no invalid users in user list ________________________ 121
Figure 63: Invalid Users Log file –invalid users found in user list ______________________ 121
Figure 64: Cancel box if invalid users were found in user list _________________________ 122
Figure 65: Post-Populus Permission Cleanup ______________________________________ 123
Figure 66: Remove Inherited Permissions _________________________________________ 124
Figure 67: Reset Permissions on all child objects ___________________________________ 124
Figure 68: Permission Reset Verification _________________________________________ 125
Figure 69: Closing the Security Window __________________________________________ 125
5
Introduction
The goal of the Anytime Anywhere component of the AIS/W2k Pilot Project was
to explore technologies that decrease the user’s downtime during system failures and to
increase the user’s data accessibility, regardless of the user’s location and network access.
To accomplish this goal, it was necessary to differentiate between user data and system
data. After this was done, the Anytime Anywhere component can be divided into two
sections, one dealing with the system and disaster recovery, and one dealing with user
data storage and accessibility.
For the computer, “Lazarus” and a “Universal Disk Image (UDI)” were developed
to enable a user or computer technician to quickly restore a default Windows 2000 Pro
installation to a disabled computer. “SnapShot” was developed as a pre-emptive disaster
recovery tool to be initiated by the user.
For the user data, two Microsoft Windows 2000 technologies were implemented,
Roaming Profiles and Folder Redirection. This allowed for the transparent storing of the
user’s desktop profile and data on a network drive and making them available regardless
of the computer used to log into the domain.
This paper will give a detailed account of the implementation of these
technologies as well as detail the other programs and procedures that were developed
during the testing process to help automate the administration of the technologies.
6
System and Disaster Recovery
7
Universal Disk Image:
Purpose:
One of the purposes of the Anytime Anywhere component was to provide
a method to quickly restore a computer to a fresh, default Windows 2000
installation to aid in new computer rollout and disaster recovery. To this end, we
decided to make a default Windows 2000 Pro install with SP1 and the latest OS
hot-fixes, then, using imaging software, save an image of that install for use with
new computer deployment and disaster recovery/reinstallation. This image is the
Universal Disk Image (UDI).
UDI Creation Procedure:
Partitions:
For the deployment of the UDI to work, the computer’s hard drive must be
properly partitioned (See Figure 1). I booted off a standard Win98 Startup Disk
and used fdisk.exe to create the partitions I needed. I then again booted off the
Win98 Startup Disk and formatted the C: drive in FAT 16.
o Partition 1
C: Drive
FAT
Partition Label “BOOT”
102MB
Contains
DOS installation
Windows 2000 boot files
o BOOT.INI
o BOOTSECT.DOS
o IO.SYS
o NTDETECT.COM
o NTLDR
Other programs used in the Pilot Project.
o Partition 2
D: Drive
NTFS
Approximately 45% of the size of the hard drive
Partition Label “OS”
Contains
Windows 2000 installation
Partition primarily accessed by user
NTFS mount point is used to mount D:\I386 to the I386 partition
The registry will be edited by the ReMounter utility to
point the system to the D:\I386 directory for the Windows
2000 Installation files.
8
o Partition 3
No Drive Letter
Invisible to user
FAT32
399MB
Partition Label “I386”
Contains
Windows 2000 installation files
o This eliminates the need for the Windows 2000 Pro
CD when updating drivers or adding other
Windows 2000 components
Mounted via NTFS mount points (in Disk Management) to
D:\I386. When booting to DOS, visible as the D: drive.
o Partition 4
No Drive Letter
Invisible to user
FAT32
Remaineder of the hard drive
Partition Label “STORAGE”
Contains
Ghost executable for use with Lazarus and SnapShot
UDI image to allow for disaster recovery
Snapshot image and the SnapShot history file
o When SnapShot is run, a temporary NTFS mount
point to the STORAGE partition is created. This
mount point is closed after SnapShot is done.
When booting to DOS, visible as the E: drive.
Initially, I manually set the size for the OS and the STORAGE partitions.
Command line switches for Ghost allows for the resizing of individual partitions
as the image is being loaded. Using these switches, I set the OS partition to be
45% of the total hard drive size and the STORAGE partition to use the remainder
of the hard drive space.
Figure 1: HARD DRIVE PARTITIONS
Drive Letter
C
D
Label
BOOT
OS
I386
STORAGE
Size
102MB
45% of HD
399MB
Remainder of HD
9
File System
FAT16
NTFS
FAT32
FAT32
DOS Installation:
After formatting the C: drive, I made it bootable by transferring the system files
from the floppy to the C: drive. I then copied the rest of the contents of the floppy
disk to the C: Drive and modified them for my purpose. After this, I was ready to
install Windows 2000.
Installing DOS to the C: Drive:
1. After C: Drive is formatted in FAT16, boot to Win98 Startup.
2. At the A prompt (“A:\>”) type (w/o quotes) “sys c:”
3. This command transfers the system files to the C: drive and makes it
bootable.
Modification of Win98 Startup Disk files:
When you boot to a Win98 Startup Disk, it creates a RAM Disk and
extracts the contents of ebd.cab to the RAM Disk. The ebd.cab file
contains the following tools:
ATTRIB.EXE
CHKDSK.EXE
DEBUG.EXE
EDIT.COM
EXT.EXE
EXTRACT.EXE
FORMAT.COM
HELP.BAT
MSCDEX.EXE
RESTART.COM
SCANDISK.EXE
SCANDISK.INI
SYS.COM
Because I wanted these files to be available, I manually extracted them
and placed them in the C:\EBD directory that I created.
I then modified the Autoexec.bat and Config.sys to remove the following
(See APPENDICES A, B, C, and D):
1. AUTOEXEC.BAT modifications (See APPENDICES A and
B)
a. Removed lines for RAM Disk Creation
b. Removed lines for EBD.CAB error checking and
extraction
2. CONFIG.SYS modifications (See APPENDICES C and D)
a. Modified the menu time for the CD Rom Driver
install to automatically enable the CD Rom drive
b. Removed the line referring to the RAM Drive
Other files on C Drive:
The C: Drive also contains a DF directory containing other programs used
in the Pilot Project. These programs are as follows:
10
1. “boot” directory – modified autoexec.bat and boot.ini files used by
SnapShot and Lazarus for booting into DOS and then back into
Windows 2000
2. “Lazarus” directory – Disaster Recovery tool (See Lazarus section)
3. “ReMounter” directory – Tool used to Reassign drive letters, populate
the STORAGE partition with Ghost and the SnapShot directories, and
configure the Installation Path to point to D: instead of the CD-ROM
Drive (See ReMounter section)
4. “SMS Launch” directory – SMS Client utility for connecting to SMS
Server
5. “SnapShot” directory – Pre-emptive Disaster Recovery tool (See
SnapShot section)
6. “sys” directory – Miscellaneous utilities used by several of the other
programs.
7. REP2???.BAT – 3 trouble shooting utilities for modifying the
autoexec.bat and boot.ini.
11
Windows 2000 Installation Procedure:
The Windows 2000 Pro installation procedure was fairly typical. Following is the
procedure I followed to install Windows 2000 and prepare it for Ghosting to
create the UDI.
1. Installed Windows 2000 Pro (SP1 integrated)
a. When prompted for installation partition, I selected the second
partition, set its size to 6000MB and the file format to NTFS.
b. When prompted for which components to install, I unselected all
but the following:
i. Index Service
1. I actually don’t think I selected this but it was
installed anyway
ii. Management and Monitoring ToolsSimple Network
Management Protocol
1. SNMP was installed initially for SMS but later it
was discovered that it wasn’t needed. Future
versions of the UDI will not have SNMP installed.
2. Set Administrator password to a non-blank password. SYSPREP requires
that the Administrator password be blank to run but for security purposes,
don’t make it blank yet.
3. Ran Daisy
4. Daisy downloaded and installed the latest OS hot-fixes and rebooted.
5. Formatted I386 and STORAGE directory in FAT32 and copied the
following folders/files to the partitions
a. Files copied to I386 partition
i. The contents of the I386 directory on the Windows 2000
Pro (w/ int. SP1) CD
ii. The files are copied but not the I386 folder itself
b. Files copied to the STORAGE partition
i. “Ghost” directory
1. “GHOST.EXE” (version 7.0)
ii. “SnapShot” directory
1. “Snap” directory
6. SYSPREP preparation
a. Create a “SYSPREP” directory at the root of the D: Drive
b. Copy SYSPREP and accompanying files (See SYSPREP section)
to D:\SYSPREP
12
SYSPREP:
I used SYSPREP v1.1 to remove the SID from the computer and prepare it for
Ghosting. Along with removing the SID, SYSPREP, using an answer file (See
APPENDIX E), greatly decreases the Hardware dependency of an image by
allowing for different Mass Storage Devices between the computer the image was
created on and the computer the image is to be loaded on.
Also, an MS Knowledge Base article (Article ID: Q271965) was found that
documents a procedure by which you are able to merge registry entries ahead of
time to support all IDE controllers natively supported by Windows 2000.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q271965
I used Setup Manager from the Windows 2000 Server Resource Kit to generate a
SYSPREP.INF file. The SYSPREP.INF file is an answer file for SYSPREP.EXE
and is used for answer the questions to the Mini-Setup Wizard that runs after
running SYSPREP.EXE and restarting the computer. Setup Manager also created
a SYSPREP.BAT file that you can edit to add command line switches for the
SYSPREP.EXE program to run.
1. Boot into Safe Mode (an MS PSS support call regarding SYSPREP
verified that it is not necessary to boot into safe mode. Future UDI
Creations will not boot into safe mode here, but the initial UDI was.)
2. Open Device Manager
a. Show hidden devices by clicking on “View””Show hidden
devices”
b. Uninstall every device that is allowed
i. Start with “System Devices””PCI bus” to remove a
majority of devices initially
ii. After removing the “PCI bus”, a message might appear
stating that a new device has been found. Click “OK” and
continue uninstalling the rest of the devices.
iii. DO NOT restart the computer if prompted
c.
3. Running SYSPREP
a. Purpose
i. Removes computer SID and prepares for Ghosting
ii. Using a SYSPREP.INF file, allows difference in Mass
Storage Devices and for automation of the Mini-Setup
Wizard that appears after running SYSPREP and rebooting
b. Browse to “D:\SYSPREP\move_to_sysroot-sys32-drivers” and
copy the contents (atapi.sys, intelide.sys, pciide.sys, pciidex.sys) to
the “D:\Winnt\System32” directory.
c. Open D:\SYSPREP\mergeide.reg in Notepad and remove the
following lines:
13
d.
e.
f.
g.
i. The first line: ********* START COPY FROM HERE
*************
ii. The last line: ************ END COPY HERE
***************
iii. Make sure to remove the whole line including the carriage
return but leave an empty line at the end of the file.
iv. Save the file
Double-click on the “MERGEIDE.REG” (See APPENDIX F) file
to merge its contents into the registry
Open Command Prompt and browse to D:\SYSPREP
Run SYSPREP.BAT
i. This batch file runs SYSPREP with the –pnp switch that
forces Windows to do a legacy device detection and to reenumerate the Plug and Play devices on the destination
computer
SYSPREP should shut down the computer if no errors occur and
you are now ready to Ghost the computer
14
Creating the Images:
Two Ghost images are actually needed, one of just the whole hard drive
and one of the just the OS partition (the partition that contains the Windows 2000
install). The reason for this is that Ghost will not save the Master Boot Record
(MBR, the record of what OSes are installed and where) when just imaging a
partition. But, because the UDI will be updated periodically, we want the UDI to
just be of the OS partition. Also, having a full disk image, minus the OS
Partition, allows faster computer deployment because we can automate the disk
partitioning and formatting.
Here is the procedure I followed for creating the UDI and what is called
the FS Image (image containing the partitioned hard drive image, Windows 2000DOS dual boot MBR, DOS installation, the “DF” directory programs, and I386
Windows 2000 installations files).
After running SYSPREP and shutting down the computer but prior to
restarting it:
Creating the UDI OS partition image:
1. Run Ghost and save a “Partition Image” of the computer. This can be
done employing several methods
a. Install a second hard drive and ghost the original hard drive to
an image onto the second hard drive
b. Boot the initial computer from a networked enabled Ghost boot
disk and
i. Connect a second computer to the initial computer via a
crossover cable/private network and map a network
drive to the second computer. Use that mapped drive to
store the Partition Image.
ii. Run a Ghost Multicast Server and initiate the creation
of the Partition Image from the Multicast Server, saving
the Partition Image to the Multicast Server
c. Use Removable media to save the Partition Image
i. CD-RW
ii. Jaz
2. This partition image is the Universal Disk Image used to load
Windows 2000 on new systems and on systems needing disaster
recovery.
Creating the FS full disk image:
1. Run Ghost and save a “Disk Image” of the computer. This can be
done employing several methods that are described above in the
“Creating the UDI OS partition image” section.
2. Move the Disk Image created to a computer that has Ghost Explorer
installed.
3. Run Ghost Explorer and open up the Disk Image.
15
4. Delete the contents of the OS Partition. ***NOTE*** Delete just the
contents of the partition and not the partition itself.
5. Recompile the Disk Image in Ghost Explorer.
6. This disk image is the FS Image.
Loading the FS and UDI images:
The FS image only needs to be loaded on new computers. On
computers where disaster recovery is needed, the hard drive has already been
partitioned so only the UDI is needed to be loaded. Loading the images
involves booting to a DOS boot disk and running Ghost to load the specific
image with the proper Ghost command line switches.
To help automate this, I have developed a set of bootable CDs with
custom batch files that will run Ghost with the proper command line switches
to load the FS and UDI images. For new computers, first load the FS image
and then the UDI. For computers needing disaster recovery, load just the
UDI.
Instructions for loading images:
See APPENDIX G for detailed instructions on loading the FS and UDI
images using the deployment CDs. When performing Disaster Recovery, start
at step “IV” of the document to load only the UDI image.
16
Conflict Resolution:
In deciding on the partitioning above, many configurations were tried but
abandoned.
1. Hiding the C: Drive
We wanted to have Windows 2000 installed on the C: Drive
because that is what the users are familiar with but since DOS was
on the C drive it had to be formatted in FAT16, which was not
acceptable. I attempted to hide the C: drive but was not allowed by
Windows 2000 because it contained the system files necessary to
boot to Windows 2000. So, we decided to leave C: drive visible
and educate the user that the D: drive was his/her primary drive.
2. Creating a UDI with Windows 2000 Pro (w/int SP2)
I attempted to create a new UDI based on a Windows 2000 Pro
install that had Service Pack 2 slipstreamed (integrated) into the
installation files. I used the same SYSPREP answer file that I
previously used for the original UDI (that was based on a
Windows 2000 Pro w/int SP1 install) and followed the exact same
procedure as is listed in the UDI section. When running SYSPREP
on the install to prepare it for ghosting, I would receive the
following error message and SYSPREP would abort
SYSPREP Error:
An error occurred while trying to update your
registry.
Unable to continue.
I was able to determine that the error was due to an invalid entry in
the [SYSPREPMassStorage] section of the SYSPREP.INF answer
file. PSS suggested commenting out the entire section and adding
each entry back one at a time, attempting to run SYSPREP each
time to see if SYSPREP crashed. Doing this, I found that two lines
of the 156 entries were invalid. MS PSS wanted to close the case
there but I wanted them to answer why the two lines caused an
error in the SP2 install but not the SP1 install. MS PSS said that to
answer that it would require a great deal of research. I asked them
to answer it anyway. MS PSS called back two days later to say
that, even though the entries in the [SYSPREPMassStorage]
section were taken from the MS sample SYSPREP.INF, MS does
not support it and they closed the case. MS does not support any
modifications made to the Syprep.inf file that is generated by the
“Setup Manager” Resource Kit utility. (See MS PSS Call:
SYSPREP)
I created an image using the revised SYSPREP.INF file but every
attempt to load it on a computer other than the one the UDI was
created on caused the computer to hang at the blue screen
17
immediately prior to the Windows Login box appearing. This
error would occur even though the computer receiving the UDI
was identical to the computer the UDI was created on.
It was decided to just stick with the original UDI for the duration
of the Pilot Project.
18
LAZARUS
Purpose:
The concept behind Lazarus was to develop a technique to aid in new computer
deployment and disaster recovery, in respect to the other components of the AIS/W2k
Pilot Project.
To this end, using Winbatch, I developed a program that would automate the
loading of the UDI onto a computer. Lazarus is a program that is located on the user’s
computer and, when run, would reboot the computer into DOS and load the UDI
(Universal Disk Image) onto the D: (OS) partition. After the image has been loaded, the
computer is then rebooted back into Windows 2000 at which time the Windows 2000
Mini-Setup Wizard is run (because SYSPREP was used prior to the Ghosting of the
image) assigning the computer a new Security Identifier (SID).
Lazarus is actually two programs, “LAZ.EXE” (See APPENDIX H), which is run
while in Windows 2000, and “RUS.BAT”, which runs after the computer has booted into
DOS. The Windows component, “LAZ.EXE”, merely informs the user that the computer
will be rebooted and modifies the “BOOT.INI” and “AUTOEXEC.BAT” files to boot
into DOS and execute “RUS.BAT”. The user interface with “LAZ.EXE” is simply a
message box informing the user that computer will be rebooted then a system message
box counting down to the restart. “RUS.BAT” is executed by the “AUTOEXEC.BAT”
file when DOS is loaded. “RUS.BAT” modifies the “BOOT.INI” and
“AUTOEXEC.BAT” files to boot back into Windows 2000 at next reboot and executes
“GHOST.EXE” with the “RUSWITCH.TXT” (See APPENDIX I) command file.
The final version of Lazarus developed is v0.0.3. It is a simple program so not
much tweaking needed to be done from the initial version.
The executable and source code, along with the .CMP file (contains compiling
information for Winbatch) are included in the “Source” folder provided with this
documentation.
19
Lazarus Screenshots
Figure 2: Lazarus Windows interface
Figure 3: Lazarus System Shutdown
20
SNAPSHOT
Purpose:
SnapShot was not originally part of the Pilot Project. While explaining Lazarus at
an early Status Meeting, the concept of a tool that could allow the users to backup their
computer before making a system change was suggested. From this, SnapShot was
conceived.
SnapShot has become a pre-emptive disaster recovery tool that allows a user to
take a “snapshot” image of the D: (OS) prior to making any changes to the system
configuration, i.e., installing new hardware, installing a new software driver, etc. If
anything occurs that makes the computer unstable, SnapShot can be run again to reload
the snapshot to restore the computer to the state it was in prior to the configuration
change.
Like Lazarus, SnapShot is comprised of two programs: the Windows component,
“SNAPSHOT.EXE” (See APPENDIX J), and the DOS component, “SNAP.BAT” or
“SHOT.BAT” depending on whether SnapShot is taking or loading a “snapshot”. When
“SNAPSHOT.EXE” is executed, an informational message is displayed informing the
user the function of SnapShot. The user selects whether to take or load a snapshot.
“SNAPSHOT.EXE” then modifies the “BOOT.INI” and the “AUTOEXEC.BAT” files to
boot the computer into DOS and restarts the computer. After DOS loads, the
“AUTOEXEC.BAT” file executes either “SNAP.BAT” or “SHOT.BAT” which runs
Ghost and the accompanying command switch file (See APPENDICES K and L). The
.BAT file also modifies the “BOOT.INI” and “AUTOEXEC.BAT” to boot the computer
back into Windows 2000 after the snapshot is loaded and the computer is restarted.
SnapShot has been through many version updates. The original was very simple
and did not have much user intervention or error-checking. The latest version has an
Informational Message, error-checking, checks for previous snapshots (SnapShot
currently allows for only one snapshot), gives date of last snapshot, gives username of
last person to initiate SnapShot (last person to take or load a snapshot), and gives age of
last snapshot.
For SnapShot to be able to determine information such as, username and action of
last SnapShot user, and age of snapshot, a SnapShot History file, “SNAPSHOT.HIS”,
was added. This file is stored on the STORAGE partition, which is hidden from
Windows 2000. For SnapShot to be able to access it, it creates a temporary NTFS Mount
Point to the STORAGE partition, gathers the information needed from the
“SNAPSHOT.HIS” file, writes new information to the “SNAPSHOT.HIS” file, then
removes the mount point.
If the snapshot image is older than 7 days, the user is given a warning stating that
loading an old image could have disastrous effects. There are two reasons for this
warning. First, a lot can change on a user’s computer in 7 days and loading a snapshot
will overwrite any changes that have occurred, good or bad. Second, when a computer is
joined to a Domain, a Computer Account password is established between the computer
21
and the Domain Controller’s. This Computer Account password is changed
automatically every 7 days. The domain keeps a copy of the current password and the
immediate previous password in cases where the computer is not available at the time the
password is changed. If a computer is unavailable twice for two consecutive password
changes, then the computer will have to be removed from the domain and re-added
before it can access domain resources again. If a user loads a snapshot that is older than
3 weeks, the Computer Account password that the computer has will not match any of the
Computer Account passwords that the Domain Controller’s have for this computer.
The executable and source code, along with the .CMP file (contains compiling
information for Winbatch) are included in the “Source” folder provided with this
documentation.
22
SnapShot Screenshots
Figure 4: Informational Message box
Figure 5: SnapShot Selection Menu
23
Figure 6: Missing SnapShot History File
Figure 7: SnapShot Selection Menu (No History File)
Figure 8: No Previous SnapShot Activity (no SnapShot image or History File)
24
Figure 9: Loading a Snapshot image
Figure 10: No Snapshot available to load
Figure 11: Old Snapshot Warning
Figure 12: Invalid Snapshot Age (creation date of file differs from SnapShot history file)
25
Figure 13: Previous Snapshot Found when attempting to “take” a Snapshot
Figure 14: SnapShot Canceled
Figure 15: SnapShot Rebooting Warning
Figure 16: System Rebooting
26
REMOUNTER
Purpose:
ReMounter is a Winbatch program whose original purpose was for the automation
of reassigning the drive letters of a computer after the UDI has been loaded. Even though
the I386 and STORAGE partitions were hidden on the system that the UDI was created
on, after SYSPREP is run, all the drives become visible again. It became necessary to
again hide the I386 and STORAGE partitions and recreate the NTFS Mount Point for the
I386 partition to the D:\I386 directory. Also, since SYSPREP reset the SourcePath and
ServicePackSourcePath (registry keys determining where the computer looks for the OS
installation files when needed) back to the CD-Rom Drive, it became necessary to set
these registry keys to point to the D:\I386 directory again.
ReMounter automates these processes. The SYSPREP.INF, the SYSPREP
Answer file, executes ReMounter after the Mini-Setup Wizard is completed. For some
reason, SYSPREP sometimes fails to run ReMounter. It is easy to determine if
ReMounter has failed to run. Simply open My Computer and look for an I386 or
STORAGE partition. If ReMounter did fail to run, you can manually execute it at
C:\DF\ReMounter\Rmounter.exe.
Since the initial creation of ReMounter, I have added other configuration changes
that are needed on systems that have just received the UDI. The following are the
functions provided by ReMounter v1.2.1 (See APPENDIX M):
1. Hide the I386 and STORAGE partitions and reassign drive letters for the
remaining drives
2. Change the following registry keys for the source path of the OS install files
and Service Pack files found at
HKLM\Software\Microsoft\Windows\CurrentVersion\Setup
a. SourcePath – Value = D:
b. ServicePackSourcePath – Value = D:
3. Create Start Menu shortcuts for Lazarus and SnapShot in “D:\Documents and
Settings\All Users\Start Menu\Programs\Administrative Tools”
4. Create the needed directory structure and copy needed files to the STORAGE
partition
a. Create the following directories
i. Ghost
ii. SnapShot
1. Snap – located inside the SnapShot folder
b. Copy GHOST.EXE to the Ghost directory
Since ReMounter was created to run on the initial login after the UDI has been
loaded, it was created to run silently and has no user interface. It is not a utility that
should be used on a regular basis. ReMounter depends on having no partitions hidden for
it to run properly (after the UDI is loaded no drive letters are hidden). It enumerates the
GUIDs for each drive using the MS “MOUNTVOL.EXE” utility (See APPENDIX N)
and determines which partition is which based on the order the GUIDs are listed.
Lettered hard drive partitions (i.e. C:, D:, etc) are listed first so the I386 and STORAGE
27
partitions are always E: and F: respectively. If some of the partitions are not assigned
numbers, they will appear after the numbered drives and ReMounter will not work
properly. Error-checking has been written in for some of the other functions of
ReMounter, but because of the limitations of the “MOUNT.VOL” utility, none were able
to be added for this function.
The executable and source code, along with the .CMP file (contains compiling
information for Winbatch) are included in the “Source” folder provided with this
documentation.
28
User Data Storage and Accessibility
29
Roaming Profiles and Folder Redirection
Purpose:
The concept of “Anytime Anywhere” refers to the ability of a user to access
his/her data regardless of what computer s/he is on or the status of network availability.
This would allow a user to work on documents in the office or at home, connected to the
Internet/Intranet or disconnected. To this end, two Microsoft technologies were used:
Roaming Profiles and Folder Redirection.
Roaming Profiles
Roaming Profiles allow a user to log into any computer in his/her domain or
trusted domain and receive the same desktop environment as they would from their own
computer. This includes the Desktop Wallpaper, Favorites, certain Application Data, My
Documents, User’s Desktop Folder, etc. The benefits of Roaming Profiles are that no
matter which computer you are working on, the environment is the same and your files
will be available to you.
With Roaming Profiles, a user’s profile is saved on a network drive (for the Pilot,
we used a Dell PowerVault 735N Network Attached Storage device, NAS) and is
accessed and downloaded when a user logs into a computer. When a user logs in to a
computer for the first time, his User Profile is downloaded to that computer. When s/he
finishes his/her work and logs off, any changes to his/her profile are saved back up to the
network location. If the network is unavailable when the user logs on, the user’s profile
will be loaded with a cached copy of the user profile (this only works if the user has
logged on to the computer previously when the computer was on the network; if not,
there is no cached profile to load). When the network becomes available again, a
synchronization of the network profile and the cached profile will take place.
One downside of Roaming Profiles is that the entire profile must be downloaded
at login and then uploaded at log off. Login and logoff times therefore increase. For
users with high speed connections, this will be barely noticeable. If the user has a large
number of files stored in his My Documents folder or on his/her Desktop, the time again
increases. Over a modem, this can cause the login/logout times to be very long.
Folder Redirection
To help alleviate this downside, we implemented Folder Redirection along with
Roaming Profiles. Folder Redirection allows for certain directories to be transparently
redirected to a network drive. To the user, it appears as if the folder is still on his/her
computer. Redirected folders look just like any other folder except that its contents are
located on a network drive.
The five folders that can be redirected are the user’s My Documents folder, My
Pictures folder, Desktop folder, Start Menu folder, and Application Data folder.
Redirected Folders are not downloaded to the user’s computer at login. Instead, the files
will be downloaded to the user’s computer as s/he accesses them. For the Pilot Project,
we elected to redirect just the user’s My Document and Desktop folders.
30
Folder Synchronization
Since the goal was to make the user’s files available to him/her, while on or off
the network, we also enabled Offline Stores, which using the Folder Synchronization
utility, allows a user to store cached copies of specified network files and folders to the
local computer. Like Roaming Profiles, if changes are made to a file while offline, when
the user gets back online, a Folder Synchronization takes place and uploads the changes
to the network files. In cases where there is a discrepancy between the network and the
local file during the Folder Synchronization (i.e., I work offline on a file at home on my
laptop, then come to work the next day and make different changes to the original file on
my desktop computer), the user will be prompted to either keep one file over the other or
to keep both files.
31
Anytime Anywhere Procedures:
For the Pilot Project, the user’s Roaming Profiles and Redirected Folders were
stored on a Dell PowerVault 735N Network Attached Storage Device (NAS) running
“Powered by Windows 2000” software. Since it is running Windows 2000 natively, I
was able to easily implement Windows 2000 technology, such as Disk Quota and NTFS
permissions.
Initially, this was to be tested on the NetApp NAS owned by the "General Use,
Research UNIX and Security" (GURUS) department as well, but several issues prevented
full testing (later tests have shown that the NetApp NAS, with the latest ONTap OS, is
capable of performing the same function that the Dell NAS performed in the Pilot).
I used a custom built utility named Populus, Windows 2000 Group Policy
Objects, and Windows 2000 Disk Quota, to setup users and configure the Roaming
Profiles and Folder Redirection.
Disk Quota
Windows 2000 Disk Quota allows me to restrict the amount of disk space a user
gets on a partition. Since I was given no indication of how much space should be
allotted, I randomly chose 500MB as the default quota limit. The quota limit can be
adjusted on a user by user basis but the initial quota is 500MB. The restriction is not on a
folder by folder basis, but rather on the user. User A gets 500MB of space anywhere on
the network share that he has been granted NTFS permissions. The pilot users were
granted permission only to their UserData\%UserName%\ folders.
Group Policy Object
To begin, I created a Windows 2000 Group Policy Object (GPO) that would be
applied to all users in the Test-Lab Organizational Unit (OU) located in the W2k-Pilot
Domain. This GPO allows me to make a blanket configuration change to multiple
computers without having to go to each computer and manually make the changes. This
GPO contains some basic computer configuration settings, but its main purpose is for
enabling the folder redirection on the “My Document” and individual user’s “Desktop”
folders, enabling Offline Stores for the redirected files, and configuring Folder
Synchronization for the redirected files. (See APPENDIX O)
I also created another GPO for use with laptop users. This GPO is a computer
GPO only. It is applied to all computers located in the “Laptop” OU of the Test-Lab
domain. This GPO contains configurations that enable “Slow Link” detection for
laptops. Windows 2000 allows a modem user to dial his/her internet connection when
he/she logs in. If this occurs and slow link detection is not enabled, then the computer
will try to download the user’s Profile, which could take a long time. With slow link
detection enabled, Windows 2000 will detect that the user’s connection is low speed and
instead load the user’s cached profile. See “Slow Link Policy” on the second following
page. (See APPENDIX P)
32
Roaming Profiles and Folder Redirection
User accounts were created for all the AIS/W2k Pilot Project participants. Each
account was configured to use Roaming Profiles and have a profile stored on the Dell
NAS, at \\tron.ais-pilot.w2k-pilot.vt.edu\UserData\Profiles\%username%\. The UserData
folder is the share folder on the NAS. The “Test-Lab User GP” GPO was also configured
so that each user’s “My Documents” and “Desktop” folder was located at the following
locations, respectively:
\\tron.ais-pilot.w2k-pilot.vt.edu\UserData\%username%\My Documents
\\tron.ais-pilot.w2k-pilot.vt.edu\UserData\%username%\Desktop.
Roaming Profiles consist of the following folders and files:
Application Data (MS Office personalization, Netscape bookmarks (at least 6.x),
Wallpaper, etc)
Cookies
Favorites
NetHood
PrintHood
Recent
SendTo
Templates
And the following “top-level” files (located in the root of the user’s profile folder)
NTUSER.DAT
NTUSER.DAT.LOG
NTUSER.INI
NTUSER.POL
When a member of the AIS-PILOT OU logs onto a computer in the forest, one of
two things happens. One, if it is the first time the user has logged onto a computer since
his/her account has been configured for roaming profiles, the user receives the default
profile configuration for that computer and the profile is copied to the user’s “Profile”
data folder located on the NAS and becomes the users roaming profile. Or two, after the
initial login and roaming profile creation, when the user logs onto a computer, the user’s
profile is downloaded to the computer and loaded for the user. When the user logs off,
any changes made to the profile are saved up to the NAS.
At each login, every part of the user’s profile is copied from the NAS to the
workstation and loaded. At every logoff, the profile on the local workstation
synchronizes with the copy on the NAS, i.e., if the user made any changes to the local
profile, it will get replicated up to the copy on the NAS.
Folder Redirection has been implemented for all users participating in the
AIS/W2k-Pilot. This feature changes the actual location of the user’s “My Documents”
folder and the user’s “Desktop” folder. Folder redirection lessens the time it takes to
complete the logon process and saves network bandwidth by downloading files located in
a user’s “My Document” and “Desktop” folders on a file-by-file basis, as the files are
33
needed. If Folder Redirection is implemented by itself, no synchronization is needed at
logoff because the user’s files are saved directly to the NAS. Implementing Folder
Redirection with Offline Stores, as we do, causes the Redirected Folders on the local
system to synchronize with the folders on the NAS. This allows the user to access his/her
files even when the computer is off the network and the NAS is unavailable. When the
network becomes available again, a File Synchronization is triggered (by logging in,
logging out, or initiated by the user) and any changes are uploaded to the NAS. If there is
a discrepancy between the network version of a file and the local version, then the user is
given the option to save one or the other, or both files.
Security Concerns:
By default, when a user that has been configured for Roaming Profiles and Folder
Redirection logs in for the first time, the user’s Profile folder and redirected folders will
be created on the network share. When this was initially tested, it was determined that
the NTFS Security on the user’s folders was not strict enough. A user would be able to
not only see his/her share but also be able to enumerate the parent folder of every user,
thus giving a full list of usernames.
To prevent this, the NTFS permissions were set as shown in Figure 17. The
Authenticated Users group had “Traverse Folder / Execute File” permission on the
UserData folder (the share folder) but no other permissions and then each individual user
had full permissions on his/her %username% folder. SYSTEM had full control over all
folders and files. To be able to set the NTFS permissions to the security level desired, the
user folders had to be created and permissions had to be set manually. Later, due to
conflicts with software (WinZip, Microsoft Office XP, and MS Access, see “Conflict
Resolutions”), the permissions had to be reduced back to the original NTFS permissions
(See Figure 17).
Figure 17: “UserData” Permissions
Share Permissions
E:\UserData – Everyone = Full (default share permissions)
NTFS Permissions
E:\UserData – [Permissions not propagated to child files/folders]
Domain Admins = “Full”
SYSTEM = “Full”
Authenticated User’s = “Traverse Folder / Execute File”
“List Folder / Read Data”
“Read Attributes”
“Read Extended Attributes”
E:\UserData\%username% - [Permissions propagated to child files/folders]
SYSTEM = “Full”
%Username% = “Full”
34
Conflict Resolution
WinZip 8.0:
When users attempted to extract a zipped file to a redirected folder, they would
receive an error that the location could not be found. I corresponded with WinZip Tech
Support via e-mail but received no useful information from them. I began trying
different NTFS permission configurations and found that, for WinZip to work, the
Authenticated User’s group had to have “List Folder / Read Data” permission on the
UserData folder as well as the “Traverse Folder / Execute File” permission. WinZip
Tech Support could not tell me why this was necessary.
Microsoft Office XP: (See MS PSS Call: Office XP)
When users attempted to save an Office document, an error would occur and the
Office program would exit, causing a loss of data. After some testing, it was determined
that the real issue was not with saving a document but with the Office product’s ability to
access the default “Document” location. A Microsoft Paid Support Services case was
opened. While waiting to hear back from MS on this case, I discovered that the NTFS
permissions on the parent share (UserData folder) was too strict. Along with the original
NTFS permissions, it was necessary to add the “Read Attributes” and the “Read
Extended Attributes” permissions. The MS PSS call was left open until they could
explain why the parent folder (UserData) needed the added permissions even when the
permissions were not propagated to the child files/folders. After a month, and no
progress from MS PSS, we closed the case.
MS Access:
A user would receive an error when attempting to open an Access Database from
a redirected folder. After some research, I came across the following MS KB Article:
“An Intranet Site Is Identified as an Internet Site When You Use an FQDN or IP Address
(Q303650)”. Because a “Fully Qualified Domain Name”, FQDN, is used for the
Redirected Folder locations, Windows 2000 treats it as an Internet site. To be able to
open an Access Database over an Internet site, a modification is needed in the IE Internet
Security Zone settings. To allow users to open Access databases located in redirected
folders, the FQDN of the NAS needed to be added to the Trusted Sites of each computer.
I was able to add this change to the “Test-Lab User GP” GPO instead of having to
manually make the change on all the Test-Pilot computers.
35
POPULUS
Purpose:
When the AIS/W2k-Pilot Project began, user accounts and user data folders had
to be created for all Pilot participants. For each user, it was necessary to enable Roaming
Profiles and to manually set NTFS permissions on the user data folders. As the Pilot
progressed, more users were added to broaden the testing. When we were nearing the
completion of this testing phase, the W2k-Pilot AD Forest was reinstalled to eliminate
anything that was implemented and then rejected in the first phase of testing. At this
point, a method for automating the creation of user accounts and user data folders (and
subsequent NTFS Permissions on said folders) was explored. The solution was found in
the combination of the “Add Users” Windows 2000 Server Resource Kit utility and an inhouse utility called “Populus”.
Creating User Accounts:
The Windows 2000 Server Resource Kit has a utility called “Add Users”
(ADDUSERS.EXE) that allows an administrator to batch create/delete/edit user accounts
and local and global groups based on a comma-delimited file (like the .CSV files used in
Excel). When the W2k-Pilot AD Forest was reinstalled, I used the “Add Users” utility
and a .CSV file (See APPENDIX Q and R) to batch create the 54 user accounts needed as
well as enabling Roaming Profiles for each account.
For more information regarding the “Add Users” (ADDUSERS.EXE) Windows
2000 Resource Kit Utility, reference the following website:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q199878
Creating Users’ Data Folders:
Each user needed a location on the Dell PowerVault 735N Network Applied
Storage (NAS) Device to store his/her roaming profile and redirected folders (“My
Document” and “Desktop” folders). If the folders for both the Roaming Profile and the
Redirected Files do not exist, they are created when the user logs on (for example, the
folders do not exist for users that have never logged onto the domain before). For the
Pilot, the default NTFS permissions applied to the folders were too lenient so permissions
would need to be modified.
Instead of having the folders and NTFS permissions automatically generated and
then modifying the permissions on a user-by-user basis, it is simpler for administrative
purposes to manually create the folders and manually set the proper NTFS permissions.
It is simpler because the permissions are set properly initially. If the NTFS permissions
were automatically generated and then modified on a user-by-user basis, there is the
possibility that a set of folders could be missed and the NTFS permissions not modified
to the more secure configuration.
Whereas it is easier for administrative purposes to manually create the folders and
set the NTFS permissions, it is still a tedious job that would be very susceptible to user
error when being performed. For this reason, I developed a Winbatch program called
Populus (See APPENDIX S) to create user data folders and set the proper NTFS
36
permissions needed for each. Used in conjunction with the “Add Users” Windows 2000
Resource Kit utility, I was able to effectively automate both the creation of user accounts
and the creation of said user’s data folders (and NTFS permissions) on the NAS. I have
also written up the procedure I followed when adding new users to the AIS/W2k-Pilot
(See APPENDIX T).
The executable and source code, along with the .CMP file (contains compiling
information for Winbatch) are included in the “Source” folder provided with this
documentation.
37
APPENDICES
38
Appendix A: DEFAULT AUTOEXEC.BAT
BOLD – Removed lines
ITALIC– Modified lines
@ECHO OFF
set EXPAND=YES
SET DIRCMD=/O:N
set LglDrv=27 * 26 Z 25 Y 24 X 23 W 22 V 21 U 20 T 19 S 18 R 17 Q 16 P 15
set LglDrv=%LglDrv% O 14 N 13 M 12 L 11 K 10 J 9 I 8 H 7 G 6 F 5 E 4 D 3
C
cls
call setramd.bat %LglDrv%
set temp=c:\
set tmp=c:\
path=%RAMD%:\;a:\;z:\
copy command.com %RAMD%:\ > NUL
set comspec=%RAMD%:\command.com
copy extract.exe %RAMD%:\ > NUL
copy readme.txt %RAMD%:\ > NUL
:ERROR
IF EXIST ebd.cab GOTO EXT
echo Please insert Windows 98 Startup Disk 2
echo.
pause
GOTO ERROR
:EXT
%RAMD%:\extract /y /e /l %RAMD%: ebd.cab > NUL
echo The diagnostic tools were successfully loaded to drive %RAMD%.
echo.
IF "%config%"=="NOCD" GOTO QUIT
IF "%config%"=="HELP" GOTO HELP
LH %ramd%:\MSCDEX.EXE /D:mscd001 /L:z
echo.
GOTO QUIT
:HELP
cls
call help.bat
echo Your computer will now restart and the startup menu will appear.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
restart.com
GOTO QUIT
:QUIT
echo To get help, type HELP and press ENTER.
echo.
rem clean up environment variables
set CDROM=
set LglDrv=
39
Appendix B: MODIFIED AUTOEXEC.BAT
@ECHO OFF
cls
set temp=c:\temp
set tmp=c:\temp
path=c:\;c:\ebd;%CDROM%:\
LH c:\ebd\MSCDEX.EXE /D:mscd001 /L:%CDROM%
40
Appendix C: DEFAULT CONFIG.SYS
BOLD – Removed lines
ITALIC – Modified lines
[menu]
menuitem=CD, Start computer with CD-ROM support.
menuitem=NOCD, Start computer without CD-ROM support.
menuitem=HELP, View the Help file.
menudefault=CD,30
menucolor=7,0
[CD]
device=himem.sys /testmem:off
device=oakcdrom.sys /D:mscd001
device=btdosm.sys
device=flashpt.sys
device=btcdrom.sys /D:mscd001
device=aspi2dos.sys
device=aspi8dos.sys
device=aspi4dos.sys
device=aspi8u2.sys
device=aspicd.sys /D:mscd001
[NOCD]
device=himem.sys /testmem:off
[HELP]
device=himem.sys /testmem:off
[COMMON]
files=10
buffers=10
dos=high,umb
stacks=9,256
devicehigh=ramdrive.sys /E 2048
lastdrive=z
41
Appendix D: MODIFIED CONFIG.SYS
[menu]
menuitem=CD, Start computer with CD-ROM support.
menuitem=NOCD, Start computer without CD-ROM support.
menuitem=HELP, View the Help file.
menudefault=CD,0
menucolor=7,0
[CD]
device=himem.sys /testmem:off
device=oakcdrom.sys /D:mscd001
device=btdosm.sys
device=flashpt.sys
device=btcdrom.sys /D:mscd001
device=aspi2dos.sys
device=aspi8dos.sys
device=aspi4dos.sys
device=aspi8u2.sys
device=aspicd.sys /D:mscd001
[NOCD]
device=himem.sys /testmem:off
[HELP]
device=himem.sys /testmem:off
[COMMON]
files=10
buffers=10
dos=high,umb
stacks=9,256
lastdrive=z
42
Appendix E: “SYSPREP.INF”
;SetupMgrTag
[Unattended]
InstallFilesPath=D:\SYSPREP\i386
TargetPath=\WINNT
[GuiUnattended]
OEMSkipRegional=1
TimeZone=35
[UserData]
FullName="Va Tech"
OrgName="Va Tech"
[Display]
BitsPerPel=32
Xresolution=1024
YResolution=768
Vrefresh=75
[Identification]
JoinWorkgroup=WORKGROUP
[Networking]
InstallDefaultComponents=Yes
[SYSPREPMassStorage]
PCMCIA\*PNP0600=%systemroot%\inf\mshdc.inf
PCMCIA\KME-KXLC005-A99E=%systemroot%\inf\mshdc.inf
PCMCIA\_-NinjaATA--3768=%systemroot%\inf\mshdc.inf
PCMCIA\FUJITSU-IDE-PC_CARD-DDF2=%systemroot%\inf\mshdc.inf
*AZT0502=%systemroot%\inf\mshdc.inf
PCI\CC_0101=%systemroot%\inf\mshdc.inf
PCI\VEN_10B9&DEV_5215=%systemroot%\inf\mshdc.inf
PCI\VEN_10B9&DEV_5219=%systemroot%\inf\mshdc.inf
PCI\VEN_10B9&DEV_5229=%systemroot%\inf\mshdc.inf
PCI\VEN_1097&DEV_0038=%systemroot%\inf\mshdc.inf
PCI\VEN_1095&DEV_0640=%systemroot%\inf\mshdc.inf
PCI\VEN_1095&DEV_0646=%systemroot%\inf\mshdc.inf
PCI\VEN_0E11&DEV_AE33=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_1222=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_1230=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_7010=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_7111=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_2411=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_2421=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_2441=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_244A=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_244B=%systemroot%\inf\mshdc.inf
PCI\VEN_8086&DEV_7199=%systemroot%\inf\mshdc.inf
PCI\VEN_1042&DEV_1000=%systemroot%\inf\mshdc.inf
PCI\VEN_1039&DEV_0601=%systemroot%\inf\mshdc.inf
PCI\VEN_1039&DEV_5513=%systemroot%\inf\mshdc.inf
43
PCI\VEN_10AD&DEV_0001=%systemroot%\inf\mshdc.inf
PCI\VEN_10AD&DEV_0150=%systemroot%\inf\mshdc.inf
PCI\VEN_105A&DEV_4D33=%systemroot%\inf\mshdc.inf
PCI\VEN_1106&DEV_0571=%systemroot%\inf\mshdc.inf
*ADP1540=%systemroot%\inf\scsi.inf
*ADP1542=%systemroot%\inf\scsi.inf
*ADP4215=%systemroot%\inf\scsi.inf
DETECTEDIsa\aha154x=%systemroot%\inf\scsi.inf
SPARROW_SCSI=%systemroot%\inf\scsi.inf
DETECTED\sparrow=%systemroot%\inf\scsi.inf
*ADP1502=%systemroot%\inf\scsi.inf
*ADP1505=%systemroot%\inf\scsi.inf
*ADP1510=%systemroot%\inf\scsi.inf
*ADP1512=%systemroot%\inf\scsi.inf
*ADP1515=%systemroot%\inf\scsi.inf
*ADP1520=%systemroot%\inf\scsi.inf
*ADP1522=%systemroot%\inf\scsi.inf
*ADP3015=%systemroot%\inf\scsi.inf
*ADP3215=%systemroot%\inf\scsi.inf
*ADP6360=%systemroot%\inf\scsi.inf
*ADP6370=%systemroot%\inf\scsi.inf
PCMCIA\Adaptec__Inc.-APA-1460_SCSI_Host_Adapter-BE89=%systemroot%\inf\scsi.inf
PCMCIA\Adaptec__Inc.-APA-1460_SCSI_Host_Adapter-B67E=%systemroot%\inf\scsi.inf
PCMCIA\Adaptec__Inc.-APA-1460_SCSI_Host_Adapter-6F71=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5075=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5175=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5275=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5375=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5475=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5575=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5675=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5775=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5078=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5178=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5278=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5378=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5478=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5578=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5678=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_5778=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7860=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_6078=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_6178=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_6278=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_6378=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_6478=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_6578=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_6778=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7078=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7178=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7278=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7478=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7578=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7678=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7778=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_8078=%systemroot%\inf\scsi.inf
44
PCI\VEN_9004&DEV_8178=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_8278=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_8478=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_8578=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_8678=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_8778=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_8878=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7891=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7892=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7895=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7896=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_7897=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_3B78=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_EC78=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_6075=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_6075&SUBSYS_75609004=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_3860=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_0010=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_0020=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_0030=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_001F=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_002F=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_003F=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_0050=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_0051=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_005F=%systemroot%\inf\scsi.inf
*FDC0000=%systemroot%\inf\scsi.inf
DETECTEDPci\Fd16_700=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_00CF=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_00C0=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_008F=%systemroot%\inf\scsi.inf
PCI\VEN_9005&DEV_0080=%systemroot%\inf\scsi.inf
PCI\VEN_10CD&DEV_2300=%systemroot%\inf\scsi.inf
PCI\VEN_10CD&DEV_1100=%systemroot%\inf\scsi.inf
PCI\VEN_10CD&DEV_1200=%systemroot%\inf\scsi.inf
PCI\VEN_10CD&DEV_1300=%systemroot%\inf\scsi.inf
PCMCIA\AdvanSys_-PCMCIA_Ultra_SCSI_ABP460-25c7=%systemroot%\inf\scsi.inf
PCI\VEN_10CD&DEV_1300&SUBSYS_133010CD=%systemroot%\inf\scsi.inf
PCI\VEN_1022&DEV_2020=%systemroot%\inf\scsi.inf
PCI\VEN_8086&DEV_1960&SUBSYS_0438101E=%systemroot%\inf\scsi.inf
PCI\VEN_8086&DEV_1960&SUBSYS_11121111=%systemroot%\inf\scsi.inf
PCI\VEN_8086&DEV_1960&SUBSYS_10C6103C=%systemroot%\inf\scsi.inf
PCI\VEN_8086&DEV_1960&SUBSYS_0466101E=%systemroot%\inf\scsi.inf
PCI\VEN_8086&DEV_1960&SUBSYS_11111111=%systemroot%\inf\scsi.inf
PCI\VEN_8086&DEV_1960&SUBSYS_10C7103C=%systemroot%\inf\scsi.inf
PCI\VEN_101E&DEV_9060=%systemroot%\inf\scsi.inf
PCI\VEN_101E&DEV_9010=%systemroot%\inf\scsi.inf
PCI\VEN_8086&DEV_1960&SUBSYS_03A2113C=%systemroot%\inf\scsi.inf
BUSLOGIC_SCSI=%systemroot%\inf\scsi.inf
DETECTED\buslogic=%systemroot%\inf\scsi.inf
*BUS0042=%systemroot%\inf\scsi.inf
MF\EISA_BUS4201_DEV0=%systemroot%\inf\scsi.inf
PCI\VEN_104B&DEV_1040=%systemroot%\inf\scsi.inf
FLASHPNT_SCSI=%systemroot%\inf\scsi.inf
PCI\VEN_104B&DEV_8130=%systemroot%\inf\scsi.inf
CPQARRAY_SCSI=%systemroot%\inf\scsi.inf
45
PCI\VEN_0E11&DEV_AE10=%systemroot%\inf\scsi.inf
*CPQ4410=%systemroot%\inf\scsi.inf
*CPQ4411=%systemroot%\inf\scsi.inf
CPQFWS2E_SCSI=%systemroot%\inf\scsi.inf
PCI\VEN_0E11&DEV_A0EC=%systemroot%\inf\scsi.inf
CPQFCALM_SCSI=%systemroot%\inf\scsi.inf
*CPQFD17=%systemroot%\inf\scsi.inf
DETECTED\cpqarray=%systemroot%\inf\scsi.inf
DETECTED\cpqfcalm=%systemroot%\inf\scsi.inf
DETECTED\cpqfws2e=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_008F=%systemroot%\inf\scsi.inf
PCI\VEN_10DF&DEV_1AE5=%systemroot%\inf\scsi.inf
PCI\VEN_10DF&DEV_f700=%systemroot%\inf\scsi.inf
PCI\VEN_10DF&DEV_f800=%systemroot%\inf\scsi.inf
FD16_700_SCSI=%systemroot%\inf\scsi.inf
PCMCIA\Future_Domain_Corporation-SCSI_PCMCIA_Credit_Card_Controller1BF8=%systemroot%\inf\scsi.inf
PCI\VEN_1036&DEV_0000=%systemroot%\inf\scsi.inf
DETECTED\fd16_700=%systemroot%\inf\scsi.inf
GEN_SCSIADAPTER=%systemroot%\inf\scsi.inf
PCI\VEN_8086&DEV_1960&SUBSYS_10CC103C=%systemroot%\inf\scsi.inf
PCI\VEN_8086&DEV_1960&SUBSYS_10CD103C=%systemroot%\inf\scsi.inf
PCI\VEN_1014&DEV_002E=%systemroot%\inf\scsi.inf
PCMCIA\IBM-PCMCIA_PorTable_CD-ROM_Drive-84E3=%systemroot%\inf\scsi.inf
PCMCIA\IBM-PCMCIA_CD-ROM_DRIVE_CD-400-5AFA=%systemroot%\inf\scsi.inf
PCMCIA\IBM-PCMCIA_PorTable_CD-ROM_Drive-84E2=%systemroot%\inf\scsi.inf
PCI\VEN_1101&DEV_9500=%systemroot%\inf\scsi.inf
PCI\VEN_1101&DEV_9400=%systemroot%\inf\scsi.inf
PCI\VEN_1101&DEV_9401=%systemroot%\inf\scsi.inf
PCI\VEN_1101&DEV_134A=%systemroot%\inf\scsi.inf
PCI\VEN_1101&DEV_0002=%systemroot%\inf\scsi.inf
PCI\VEN_9004&DEV_1160=%systemroot%\inf\scsi.inf
PCI\VEN_1069&DEV_0001=%systemroot%\inf\scsi.inf
PCI\VEN_1069&DEV_0002=%systemroot%\inf\scsi.inf
PCI\VEN_1069&DEV_0010=%systemroot%\inf\scsi.inf
PCI\VEN_1011&DEV_1065&SUBSYS_00201069=%systemroot%\inf\scsi.inf
PCI\VEN_1069&DEV_BA55=%systemroot%\inf\scsi.inf
DETECTED\dac960nt=%systemroot%\inf\scsi.inf
NCRC710_SCSI=%systemroot%\inf\scsi.inf
DETECTED\ncrc710=%systemroot%\inf\scsi.inf
PCI\VEN_1077&DEV_1020=%systemroot%\inf\scsi.inf
PCI\VEN_1077&DEV_2100&SUBSYS_00011077=%systemroot%\inf\scsi.inf
PCI\VEN_1077&DEV_1240=%systemroot%\inf\scsi.inf
PCI\VEN_1077&DEV_1080=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_0001=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_0002=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_0003=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_0004=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_0005=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_0006=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_000B=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_000C=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_000D=%systemroot%\inf\scsi.inf
PCI\VEN_1000&DEV_000F=%systemroot%\inf\scsi.inf
PCI\VEN_105A&DEV_4D38=%systemroot%\inf\scsi.inf
46
[Branding]
BrandIEUsingUnattended=Yes
[Proxy]
Proxy_Enable=0
Use_Same_Proxy=0
[GuiRunOnce]
Command0=c:\DF\ReMounter\rmounter.exe
47
Appendix F: “Mergeide.reg”
********* START COPY FROM HERE *************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\prim
ary_ide_channel]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="atapi"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\seco
ndary_ide_channel]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="atapi"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp
0600]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="atapi"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*azt0
502]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="atapi"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\gend
isk]
"ClassGUID"="{4D36E967-E325-11CE-BFC1-08002BE10318}"
"Service"="disk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#c
c_0101]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_0e11&dev_ae33]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_1039&dev_0601]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_1039&dev_5513]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_1042&dev_1000]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
48
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_105a&dev_4d33]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_1095&dev_0640]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_1095&dev_0646]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_1097&dev_0038]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_10ad&dev_0001]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_10ad&dev_0150]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_10b9&dev_5215]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_10b9&dev_5219]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_10b9&dev_5229]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_1106&dev_0571]
"Service"="pciide"
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_8086&dev_1222]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"
49
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_8086&dev_1230]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_8086&dev_2411]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_8086&dev_2421]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_8086&dev_7010]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_8086&dev_7111]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#
ven_8086&dev_7199]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"
;Add driver for Atapi (requires atapi.sys in drivers directory)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000000
"Tag"=dword:00000019
"Type"=dword:00000001
"DisplayName"="Standard IDE/ESDI Hard Disk Controller"
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,61,00,74,00,61,00,70,00,69,00,2e,\
00,73,00,79,00,73,00,00,00
;Add driver for intelide (requires intelide.sys in drivers directory)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntelIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000004
"Type"=dword:00000001
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,6e,00,74,00,65,00,6c,00,69,\
00,64,00,65,00,2e,00,73,00,79,00,73,00,00,00
50
;Add driver for pciide (requires pciide.sys and pciidex.sys in drivers directory)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCIIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000003
"Type"=dword:00000001
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,70,00,63,00,69,00,69,00,64,00,65,\
00,2e,00,73,00,79,00,73,00,00,00
************ END COPY HERE ***************
51
Appendix G: AIS/W2K PILOT PROJECT CONFIGURATION DEPLOYMENT
PROCEDURE
v1.0
011129
***NOTE*** It is possible that there are multiple CDs for the deployment of the AIS/W2k Pilot Project System
Configurations. This is due to the fact that the File Structure image (FS), which includes the Windows 2000
Installation files (I386 files) can cause the data to exceed that of a normal, high-capaciy (700MB) CD. If this occurs,
CD 1 will be labled the FS CD for File Structure CD and CD 2 will be the UDI CD for Universal Disk Image CD.
For the most part the instructions for single-cd installs and multiple-cd installs will be the same. If the instructions
differ for a particular step, the single-CD instructions will be listed as normal, followed by the multiple-CD instructions
(MCD) enclosed in brackets, "[]", and and between the following tags, <MCD>instructions</MCD>.
CONTENTS OF CD(s):
"BootDisk.exe" Creates UDI BootDisk if the computer can't "Boot to CD"
"fs.bat" Batch file to load the FS Image ("w2kfs.gho") using the switches in "fswtich.txt"
"fswitch.txt" File containing the batch command line switches for loading the FS Image
"ghost.exe" "Disk Imaging Software", used to load the images
"udi.bat" Batch file to load the UDI ("udi.gho") using the switches in "udisw.txt"
"udi.gho" UDI (Universal Disk Image) file
"udisw.txt" File containing the batch command line switches for loading the UDI
"W2k Deployment Procedures.txt" Instructions for installing the AIS/W2k Pilot Project Configuration
"w2kfs.gho" FS Image
"QUICK-INSTALLATION" INSTRUCTIONS (SEE BELOW FOR DETAILED-INSTALLATION
INSTRUCTIONS):
I. Power on computer and boot to CD (or to the UDI BootDisk you created. See the Detailed-Installation Instructions
for how to create the UDI BootDisk.)
[<MCD>Boot off of the FS CD (CD 1)</MCD>]
II. Change to DOS prompt to CD-ROM drive letter, should be Z:.
type following at "C:\>":
z: <enter>
III. Load the "File System" image by running the fs.bat file
type the following at Z:\>:
fs.bat
IV. After the "File System" image has been loaded the computer will reboot. Allow it to boot to the CD again.
[<MCD>Boot off of the UDI CD (CD 2)</MCD>]
V. Change to DOS prompt to CD-ROM drive letter, should be Z:.
type following at "C:\>":
z: <enter>
52
VI. Load the "UDI" image by running the udi.bat file
type the following at the Z:\>:
udi.bat
VII. After the "UDI" image has been loaded the computer will reboot. Remove the CD from the CD Drive and allow
the computer to boot to the hard drive
VIII. Windows 2000 will start up and the Mini-Setup Wizard should begin.
The Mini-Setup Wizard should prompt you for the following
1) Agreement to MS EULA (License agreement)
2) COMPUTER NAME and Administrator Password
3) Prompt to reboot after Mini-Setup Wizard is complete
4) At first login after loading the UDI, there might be an error box that appears stating that
"D:\SYSPREP" could not be found. Click "OK" and ignore.
IX. After completing the Mini-Setup Wizard and rebooting, there are 4 more steps that need to be completed to finish
the setup.
1) Configure the Network Properties
2) Add the computer to the test-lab.w2k-pilot.vt.edu domain
3) Install the SMS Client
a) Run SMSMan.exe located at c:\df\SMSLaunch\SMSMan.exe
b) When prompted for the "Select a Systems Management Installation Option", choose to "Specify
installation Location" and enter "yori" (without the quotes)
c) Allow setup to finish, keeping the default settings.
4) If this is on of the TEST-LAB-?? computers, add the associated admin user (i.e. orient_admin for the
Orientation's lab computer) to the local administrators group.
--------------
[SEE THE TROUBLESHOOTING SECTION FOR ADDITIONAL INFORMATION]
DETAILED-INSTALLATION INSTRUCTIONS:
I. Power on computer and boot to CD
You might need to enable the "Boot to CD" option in the BIOS. If after configuring the BIOS the computer
still won't boot from the CD, place the CD in an already booted up computer and run BootDisk.exe to create the UDI
BootDisk. You will need a blank floppy.
[<MCD>Boot off of the FS CD (CD 1).</MCD>]
II. Change to DOS prompt to CD-ROM drive letter, should be Z:.
type following at "C:\>":
z: <enter>
III. Load the "File System" image by running the fs.bat file
File System image = "Full Disk" image (as opposed to a "Single Partition" image) loaded using Ghost
command line switches to do the following:
1) Re-size and Re-partition the computer hard drive (It will only affect the Master hard drive if
multiple hard drives are present)
2) Install DOS 7.0 on the C: drive and the Master Boot Record (MBR) for dual-booting DOS and
Windows 2000
3) Copy the Windows 2000 (w/integrated SP1) I386 directory to the I386 partition
To Load the File System image:
type the following at Z:\>:
53
fs.bat
The fs.bat simply runs "z:\ghost.exe @z:\fswitch.txt", which executes ghost.exe and tells it to run
the command line switches found in the fswitch.txt file.
This will run Ghost and load an image that repartitions the hard drive into 4 partitions and sizes them
accordingly:
PARTITION #
DRIVE LETTER
PARTITION NAME
FILE SYSTEM
SIZE
1st Partition
C:
BOOT
FAT
100MB
2nd Partition
D:
OS
NTFS
45% of the hard drive size
3rd Partition
none
I386
FAT32
400MB
4th Partition
none
STORAGE
FAT32
remainder of hard drive
The BOOT and I386 partitions will have DOS 7.0 and the Windows 2000 installation files on them,
respectively. The OS and STORAGE partitions will be blank.
The Ghost Command Line switches used can be found in the fswitch.txt file. Following is the full contents
of the fswitch.txt file
###########################
-batch
-clone,mode=load,SRC=w2kfs.gho,DST=1,sze1=100M,sze2=45P,sze3=400M,sze4=V
-quiet
-fnf
-sure
-rb
###########################
EXPLANATION OF SWITCHES
1) -batch
Batch mode switch. Prevents abort messages waiting for user acknowledgment, and
removes user interaction prompts.
2) -clone,mode=load,SRC=w2kfs.gho,DST=1,sze1=100M,sze2=45P,sze3=400M,
sze4=V
Clone operation switch. This switch allows automation of Ghost operations. Used to
specify to Ghost how to size the partitions.
3) -quiet
Quiet mode. Disables status updates and user intervention.
4) -fnf
Turns off fingerprint creation.
5) -sure
Use the -sure switch in conjunction with -clone to avoid being prompted with the final
question ‘Proceed with disk clone - destination drive will be overwritten?’
6) -rb
Restarts after finishing a load or copy. After completing a load or copy operation, the
target computer must be restarted so that the operating system can load the new
disk/partition information.
IV. After the "File System" image has been loaded the computer will reboot. Allow it to boot to the CD again.
[<MCD>Boot off of the UDI CD (CD 2)</MCD>]
V. Change to DOS prompt to CD-ROM drive letter, should be Z:.
type following at "C:\>":
z: <enter>
VI. Load the "UDI" image by running the udi.bat file
UDI image = "Single Partition" loaded using Ghost command line switches to do the following
1) Load a Windows 2000 image to the 2nd partition (D:). The SYSPREP Utility was used in the
preparation of this image.
54
To Load the UDI image:
type the following at the Z:\>:
udi.bat
The udi.bat simply runs "z:\ghost.exe @z:\udisw.txt", which executes ghost.exe and tells it to run
the command line switches found in the udisw.txt file.
This will run Ghost and load a "Single Partition" image which contains a freshly sypreped Windows 2000,
meaning that at the next boot up the Windows 2000 Mini-Setup Wizard will run, generating a new SID for the
computer, as if it were a new install.
The Ghost Command Line switches used can be found in the udisw.txt file. Following is the full contents of
the udisw.txt file. All but the "-clone" line is identical to the contents of the fswitch.txt.
###########################
-batch
-clone,mode=pload,SRC=udi.gho:1,DST=1:2,sze3=V
-quiet
-fnf
-sure
-rb
###########################
SEE ABOVE FOR EXPLANATION OF SWITCHES
VII. After the "UDI" image has been loaded the computer will reboot. Remove the CD from the CD Drive and allow
the computer to boot to the hard drive
NOTE -- There is no danger if the computer again boots to the CD. Merely remove the CD and reboot the
computer again.
VIII. Windows 2000 will start up and the Mini-Setup Wizard should begin.
The Mini-Setup Wizard should prompt you for the following
1) Agreement to MS EULA (License agreement)
2) COMPUTER NAME and Administrator Password
3) Prompt to reboot after Mini-Setup Wizard is complete
4) At first login after loading the UDI, there might be an error box that appears stating that
"D:\SYSPREP" could not be found. Click "OK" and ignore. This error occurs because
SYSPREP was executed from Windows Explorer. After SYSPREP is executed and the
computer is rebooted, the SYSPREP folder is deleted. At first login, Windows trys to open
Windows Explorer up to D:\SYSPREP but it doesn't exist and therefore generates the error.
This error should be eliminated in future UDI versions by running SYSPREP from the
command line.
IX. After completing the Mini-Setup Wizard and rebooting, there are 4 more steps that need to be completed to finish
the setup.
1) Configure the Network Properties
2) Add the computer to the test-lab.w2k-pilot.vt.edu domain
3) Install the SMS Client
a) Run SMSMan.exe located at c:\df\SMSLaunch\SMSMan.exe
b) When prompted for the "Select a Systems Management Installation Option", choose to "Specify
installation Location" and enter "yori" (without the quotes)
c) Allow setup to finish, keeping the default settings.
4) If this is on of the TEST-LAB-?? computers, add the associated admin user (i.e. orient_admin for the
Orientation's lab computer) to the local administrators group.
--------------
[SEE THE TROUBLESHOOTING SECTION FOR ADDITIONAL INFORMATION]
TROUBLESHOOTING
55
It is also a good idea to make sure that the Rmounter program ran properly. Rmounter.exe is a utility that
runs at the initial login immediately following the loading of the UDI. The purpose of Rmounter.exe is to hide the I386
and STORAGE partitions, mount the I386 partition as an NTFS Mount Point to the D:\I386 directory, and re-assign
drive letters.
Below is a description of the partions and drive letter assignments before and after Rmounter.exe is executed.
Pre-rmounter.exe
BOOT (C:)
OS (D:)
I386 (E:)
STORAGE (F:)
[Remaining Removable drives--depending on system hardware, could be one or more
Zip, Jaz, or CD peripheral]
Post-rmounter.exe
BOOT (C:)
OS (D:)
[Remaining Removable drives--depending on system hardware, could be one or more
Zip, Jaz, or CD peripheral]
If after loading the UDI and logging in, the disk partitions are still in a "Pre-rmounter.exe" configuration, rerun the rmounter.exe.
-Run the Rmounter utility
1) Run rmounter.exe located at c:\df\ReMounter\rmounter.exe
2) Rmounter will run transparently and should only take a couple of seconds
a) if you currently have the Windows Explorer open, you should see the
changes take place
3) Verify the Rmounter has properly configured the disk partitions in the "Postrmounter.exe" configuration
4) If the the disk partitions are still in a "Pre-rmounter.exe" configuration, follow the
"Rules for Manually Setting the Disk Partion Configuration"
-------------Rules for Manually Setting the Disk Partion Configuration
1. Make sure to close any instances of "Windows Explorer" that are open so no drives will be "in use" as we
changed the configuration
2. Open the Disk Management Utility
a) Right-click on the "My Computer" icon on the Desktop and select "Manage" from the context
menu that appears
b) In the left window pane, left-click on "Computer Management (Local)"-->"Storage"-->"Disk
Management"
3. Remove the drive letter assignment for the I386 partition and mount it as a volume to the D:\I386 directory
A) Remove "I386" Drive Letter Assignment
1) In the bottom, right window pane, Right-click on the partion block labeled "I386 (E:)"
and select "Change Drive Letter and Path..." from the context menu that appears
2) In the "Change Drive Letter and Path for I386 (E:)" window that appears, left-click on
the "Remove" button
3) In the "Confirm" message that appears, left-click on the "Yes" button
4) Now the partion label should have chanbed from "I386 (E:)" to "I386"
B) Add I386 as Mount Volume
1) In the bottom, right window pane, Right-click on the partion block labeled "I386 (E:)"
and select "Change Drive Letter and Path..." from the context menu that appears
2) In the "Change Drive Letter and Path for I386 (E:)" window that appears, left-click on
the "Add" button
3) In the "Add New Drive Letter or Path" window that appears, left-click on the circle
next to "Mount in this NTFS Folder" and then left-click on the "Browse" button
4) In the "Browse for Drive Path", click on the "+" next to "D:\" in the bottom window to
expand the directory listing
56
5) IF AN "I386" DIRECTORY ALREADY DOES NOT EXIST, FOLLOW STEP 5)a)
IF AN "I386" DIRECTORY DOES EXIST, SKIP TO STEP 6
a) How to Create an "I386" Directory if it doesn't already exist
i) If an "I386" directory does not exist, left-click on "D:\" to highlight
it and then left-click on the "New Folder" button
ii) A new folder will appear in the directory listing highlighted and
ready to be renamed. Name it "I386"
6) Left-click on the "I386" directory to highlight it and then left-click on the "OK" button
a) If after highlighting the I386 directory, the "OK" button is still "grayed out"
then the I386 directory is not empty. You should delete the contents of the
D:\I386 directory and then continue with Step 6.
7) Left-click on the "OK" button in the "Add New Drive Letter or Path" window
C) Remove "STORAGE" Drive Letter
1) In the bottom, right window pane, Right-click on the partion block labeled
"STORAGE (F:)" and select "Change Drive Letter and Path..." from the context
menu that appears
2) In the "Change Drive Letter and Path for STORAGE (F:)" window that appears, leftclick on the "Remove" button
3) In the "Confirm" message that appears, left-click on the "Yes" button
4) Now the partion label should have chanbed from "STORAGE (F:)" to "STORAGE"
D) Change Drive Letter Assignment for existing removable media peripheral (i.e., Zip, Jaz, CD,
etc)
1) In the bottom, right window pane, down the left side is the listing of the different hard
drives and removable media installed on the computer. After any hard drives
(labeled as "Disk0", "Disk1", etc.), the removable media devices will be listed.
Repeat the following instructions for each removable media device starting from the
top of the list down.
a) Right-click on the removable device in the left side of the bottom, right
window and select "Change Drive Letter and Path..."
b) In the "Change Drive Letter and Path for %DEVICENAME%
(%DRIVELETTER%:)" window that appears, left-click on the "Edit"
button (where "%DEVICENAME%" is the device and
"%DRIVELETTER%" is the assigned drive letter)
c) Change the Drive letter to the next available drive letter alphabetically.
i) In the "Edit Drive Letter or Path" window that appears, left-click
on the arrow next to the current drive letter.
ii) In the drop down menu that appears, use the up arrow to select the
first available drive letter.
iii) When you left-click on the first available drive letter, the context
menu will disappear
d) Left-click on the "OK" button to close the "Edit Drive Letter or Path"
window
e) In the "Confirm" message that appears, left-click on the "Yes" button
f) Now the drive letter assignment should have changed from the old drive
letter to the new drive letter
g) Follow steps a)-f) for the next peripheral
57
Appendix H: Lazarus v0.0.3 Source
;Part one of "Lazarus" - "Laz"
;v0.0.3
; moved Pause function to top of script - Now, no changes are made to
the system until the user has reach
;
the "point of no return", the point at which he is unable to back
out of the action
;v0.0.2
; modified Laz to remove "Read-Only" attribute from autoexe.bat as well
as the "Hidden" attribute
;v0.0.1
; 1) Modify the Boot.ini so that the system boots immediately into DOS
on the next boot up
;
a) Have 3 "Boot.ini" files - 1) Boots to Windows 2000 regularly,
2) Boots to DOS immediately, 3) Currently active Boot.ini (will
alternate between the first two)
;Added Extenders
AddExtender("wwwnt34i.dll")
Pause ("Rebooting", 'Click "OK" to Reboot your Computer')
;Remove the file attributes from the boot.ini and autoexec.bat files
FileAttrSet("c:\boot.ini","rsh")
FileAttrSet("c:\autoexec.bat","rh")
;Copying and renaming the boot.dos file to c:\boot.ini, overwriting the
previous boot.ini file
FileCopy ("c:\df\boot\boot.dos","c:\boot.ini",@FALSE)
;Copying and renaming the autoexec.dos file to c:\autoexec.bat,
overwriting the previous autoexec.bat file
FileCopy ("c:\df\boot\autoexec.laz","c:\autoexec.bat",@FALSE)
;Reboot the local computer
wntShutdown("",'Your computer will now reboot and beginning loading the
Default System State. This will take several
minutes.',5,@FALSE,@TRUE)
58
Appendix I: Lazarus Ghost command switch files
Ruswitch.txt — descriptions in bold following
-batch
-clone,mode=pload,SRC=e:\ghost\images\0-image.gho:1,DST=1:2
-quiet
-fnf
-sure
-rb
-batch = Prevents abort messages that wait for user acknowledgement.
-clone,mode=pload,SRC=e:\ghost\images\0-image.gho:1,DST=1:2
-clone = specifies the cloning operation that you want Ghost to perform
mode=pload = loading a partition instead of a full image
SRC=e:\ghost\images\0-image.gho = give path to source image
:1 = use 1 partition on source image, needed even if it only contains one partition
DST=1:2 = tells location of destination partition, here it is on hard drive #1, partition #2
-quiet = QUIET mode. No user intervention allowed and no screen display.
-fnf = Turns off Fingerprint creation.s
-sure = Used in conjunction with -CLONE to avoid the final proceed prompt.
-rb = In batch mode, this forces automatic reboot after completion.
59
Appendix J: SnapShot v1.2.0.0 Source
;"SnapShot"
; -Pre-emptive Disaster Recovery tool
AddExtender("wwwnt34i.dll")
utils=("C:\DF\SYS\")
GoSub ABOUT
curPid=(Environment("USERNAME"))
mvf=("D:\Temp\DF\sto_mv")
If !(DirExist(mvf)) Then
DirMake(mvf)
EndIf
sys=("C:\DF\SYS")
If !(DirExist(sys)) Then
DirMake(sys)
EndIf
RunHideWait(Environment("COMSPEC"),"/c %utils%mountvol >
C:\DF\SYS\parguids.txt")
pguid=(FileOpen("C:\DF\SYS\parguids.txt","READ"))
A = ""
B = ""
while (B != "*EOF*")
A = B
B = StrTrim(FileRead(pguid))
If B == "*** NO MOUNT POINTS ***" Then
fex=FileExist("C:\DF\SYS\i386.txt")
Switch fex
Case 0
i386 = FileOpen("C:\DF\SYS\i386.txt","WRITE")
FileWrite(i386,"%A%")
FileClose(i386)
Break
Case 1
storage = FileOpen("C:\DF\SYS\storage.txt","WRITE")
FileWrite(storage,"%A%")
FileClose(storage)
Break
EndSwitch
EndIf
EndWhile
stotxt=FileOpen("C:\DF\SYS\storage.txt","READ")
stoguid=FileRead(stotxt)
FileClose(stotxt)
RunHideWait(Environment("COMSPEC"),'/c %utils%mountvol
"D:\Temp\DF\sto_mv" %stoguid%')
FileClose(pguid)
60
lstSnp=FileExist("D:\Temp\DF\sto_mv\SnapShot\Snap\snapshot.gho")
hisExist=FileExist("D:\Temp\DF\sto_mv\SnapShot\Snap\snapshot.his")
If (lstSnp==1) Then
snpCreateDate=(FileYmdHms("D:\Temp\DF\sto_mv\SnapShot\Snap\snapsho
t.gho"))
Endif
If (lstSnp==1) && (hisExist==0) Then
txt1=("A previous SnapShot was found but the corresponding History
file is missing. ")
txt2=("The SnapShot history will not be available. This is NOT a
Critical error. ")
txt3=("%@crlf%%@crlf%You can continue without problems and a new
SnapShot History file will be generated.")
txtFull=StrCat(txt1,txt2,txt3)
Message("SnapShot - Missing History File",txtFull)
EndIf
If (hisExist==0) Then
snpHisNew=(FileOpen("D:\Temp\DF\sto_mv\SnapShot\Snap\snapshot.his","A
PPEND"))
FileWrite(snpHisNew,"#ACTION*DATE*USER")
If (lstSnp==1) Then
FileWrite(snpHisNew,"take*%snpCreateDate%*unknown")
Endif
FileClose(snpHisNew)
EndIf
While ((lstSnp==2) || (hisExist==2))
Message("File in Use",'A needed file is currently being used by
another program. Please close all programs and then click "OK"')
EndWhile
Switch lstSnp
Case 0
lstPid="No Previous Snapshot Present"
lstDate="No Previous Snapshot Present"
lstAct="No Previous Snapshot Present"
lstCrtDate="No Previous Snapshot Present"
Break
Case 1
snpHis=(FileOpen("D:\Temp\DF\sto_mv\SnapShot\Snap\snapshot.his","R
EAD"))
nxtLine=""
lstLine=""
While (nxtLine!="*EOF*")
lstLine=nxtLine
nxtLine=FileRead(snpHis)
EndWhile
FileClose(snpHis)
lstPid=StrSub(lstLine,26,-1)
lstAct=StrSub(lstLine,1,4)
61
lstDateLong=StrSub(lstLine,6,19)
lstDateY=StrSub(lstDateLong,1,4)
lstDateM=StrSub(lstDateLong,6,2)
lstDateD=StrSub(lstDateLong,9,2)
lstTimeH=StrSub(lstDateLong,12,2)
lstTimeM=StrSub(lstDateLong,15,2)
lstTimeS=StrSub(lstDateLong,18,-1)
delTime=":"
delDate="/"
lstDate=StrCat(lstDateM,delDate,lstDateD,delDate,lstDateY)
If Int("%lstTimeH%")<12 Then AMPM=0
Else AMPM=1
Switch AMPM
Case 0
morn=" AM"
lstTimeAM=StrCat(lstTimeH,delTime,lstTimeM,delTime,lstTimeS,morn)
Break
Case 1
eve=" PM"
lstTimeHPM=Int("%lstTimeH%")-int("12")
lstTimePM=StrCat(lstTimeHPM,delTime,lstTimeM,delTime,lstTimeS,eve)
Break
EndSwitch
lstCrtDateY=StrSub(SnpCreateDate,1,4)
lstCrtDateM=StrSub(SnpCreateDate,6,2)
lstCrtDateD=StrSub(SnpCreateDate,9,2)
lstCrtTimeH=StrSub(SnpCreateDate,12,2)
lstCrtTimeM=StrSub(SnpCreateDate,15,2)
lstCrtTimeS=StrSub(SnpCreateDate,18,-1)
delCrtTime=":"
delCrtDate="/"
delCrtSpace=" on "
lstCrtDay=StrCat(lstCrtDateM,delCrtDate,lstCrtDateD,delCrtDate,lst
CrtDateY)
If ((Int("%lstCrtTimeH%")<=11) || (Int("%lstCrtTimeH%")==24)) Then
AMPM=0
Else AMPM=1
Switch AMPM
Case 0
morn=" AM"
lstCrtTime=StrCat(lstCrtTimeH,delCrtTime,lstCrtTimeM,delCrtTime,ls
tCrtTimeS,morn)
Break
Case 1
eve=" PM"
lstCrtTimeHPM=Int("%lstCrtTimeH%")
If lstCrtTimeHPM>12 Then
lstCrtTimeHPM=lstCrtTimeHPM-int("12")
EndIf
lstCrtTime=StrCat(lstCrtTimeHPM,delCrtTime,lstCrtTimeM,delCrtTime,
lstCrtTimeS,eve)
62
Break
EndSwitch
lstCrtDate=StrCat(lstCrtTime,delCrtSpace,lstCrtDay)
Break
EndSwitch
GoSub MENU
While ((snpAction!=1) && (lstSnp==0))
GoSub MENU
EndWhile
newAction=""
newDateTime=TimeYmdHms()
delHis="*"
Switch snpAction
Case 1
If lstSnp==1 Then
q=AskYesNo("Previous Snapshot Found","A previous Snapshot
was found. If you Take a Snapshot, the previous Snapshot will be
overwritten.%@crlf%%@crlf%Do you wish to continue?")
If q==@NO Then
Message("SnapShot Canceled", "You have chosen
not to continue. The SnapShot utility will now exit.")
GoSub Leave
EndIf
EndIf
newAction="TAKE"
Break
Case 2
snpAge=(TimeDiffDays(newDateTime,lstDateLong))
txtLoad1="Loading a Snapshot will overwrite any changes made to
your computer since the Snapshot was taken."
txtLoad2='%@crlf%%@crlf%The Snapshot to be loaded is %snpAge% days
old.%@crlf%%@crlf%Select "YES" to begin loading the Snapshot or "No"
to abort.'
txtLoadFull=StrCat(txtLoad1,txtLoad2)
q=AskYesNo("Loading Snapshot",txtLoadFull)
If q==@YES Then
If snpAge>14 Then
GoSub OLD
Else
If snpAge<0 Then
GoSub INVALID
EndIf
EndIf
EndIf
If q==@NO Then
63
continue.
Message("SnapShot Canceled", "You have chosen not to
The SnapShot utility will now exit.")
GoSub Leave
EndIf
newAction="LOAD"
Break
EndSwitch
GoSub CONFIRM
newDateTime=TimeYmdHms()
newHis=StrCat(newAction,delHis,newDateTime,delHis,curPid)
newSnpHis=FileOpen("D:\Temp\DF\sto_mv\SnapShot\Snap\snapshot.his","APPEND
")
FileWrite(newSnpHis,"%newHis%")
FileClose(newSnpHis)
Switch snpAction
case 1
FileAttrSet("c:\boot.ini","rsh")
FileCopy("\df\boot\boot.dos","c:\boot.ini",@FALSE)
FileAttrSet("c:\autoexec.bat","rsh")
FileCopy("\df\boot\autoexec.snp","c:\autoexec.bat",@FALSE)
break
case 2
FileAttrSet("c:\boot.ini","rsh")
FileCopy("\df\boot\boot.dos","c:\boot.ini",@FALSE)
FileAttrSet("c:\autoexec.bat","rsh")
FileCopy("\df\boot\autoexec.sht","c:\autoexec.bat",@FALSE)
break
EndSwitch
RunHideWait(Environment("COMSPEC"),'/c %utils%linkd "D:\Temp\DF\sto_mv"
/d')
GoSub REBOOT
;SUB-ROUTINES
:LEAVE
RunHideWait(Environment("COMSPEC"),'/c %utils%linkd "D:\Temp\DF\sto_mv"
/d')
Exit
:ABOUT
snpAboutFormat=`WWWDLGED,5.0`
snpAboutCaption=`About SnapShot`
snpAboutX=166
snpAboutY=118
snpAboutWidth=182
snpAboutHeight=193
snpAboutNumControls=15
snpAbout01=`14,6,156,DEFAULT,STATICTEXT,DEFAULT,"SnapShot is a utility
for taking an image of the current"`
snpAbout02=`14,16,156,DEFAULT,STATICTEXT,DEFAULT,"status of your
computer. You can also use SnapShot to"`
64
snpAbout03=`14,26,156,DEFAULT,STATICTEXT,DEFAULT,"load a previously taken
snapshot to restore your system"`
snpAbout04=`14,36,156,DEFAULT,STATICTEXT,DEFAULT,"to it's previous
configuration. This can be useful as a"`
snpAbout05=`14,46,156,DEFAULT,STATICTEXT,DEFAULT,"disaster recovery
method when you are attempting to change"`
snpAbout06=`14,56,156,DEFAULT,STATICTEXT,DEFAULT,"the configuration of
your computer, i.e when you are"`
snpAbout07=`14,66,156,DEFAULT,STATICTEXT,DEFAULT,"installing new programs
or device drivers."`
snpAbout08=`14,88,156,DEFAULT,STATICTEXT,DEFAULT,"NOTE: While SnapShot
does have some archival qualities it is"`
snpAbout09=`14,98,156,DEFAULT,STATICTEXT,DEFAULT,"not meant as a
Backup/Archive Solution. It's purpose is for"`
snpAbout10=`14,108,156,DEFAULT,STATICTEXT,DEFAULT,"'short term' system
backup. A snapshot older than one week"`
snpAbout11=`14,118,156,DEFAULT,STATICTEXT,DEFAULT,"can be severely
outdated depending on the amount of"`
snpAbout12=`14,128,156,DEFAULT,STATICTEXT,DEFAULT,"changes you have made.
"`
snpAbout13=`20,164,64,DEFAULT,PUSHBUTTON,DEFAULT,"Continue",1`
snpAbout14=`98,164,64,DEFAULT,PUSHBUTTON,DEFAULT,"Cancel",2`
snpAbout15=`14,146,156,DEFAULT,STATICTEXT,DEFAULT,"RESTORE OLDER
SNAPSHOTS AT YOUR OWN RISK!"`
aboutBP=Dialog("snpAbout")
If aboutBP==2 Then GoSub Leave
Return
:OLD
snpOldFormat=`WWWDLGED,5.0`
snpOldCaption=`WARNING - OLD SNAPSHOT`
snpOldX=115
snpOldY=145
snpOldWidth=170
snpOldHeight=96
snpOldNumControls=6
snpOld01=`14,10,144,DEFAULT,STATICTEXT,DEFAULT,"The Snapshot you are
about to load is %snpAge% days old."`
snpOld02=`24,68,52,DEFAULT,PUSHBUTTON,DEFAULT,"Continue",1`
snpOld03=`90,68,52,DEFAULT,PUSHBUTTON,DEFAULT,"Abort",2`
snpOld04=`14,48,110,DEFAULT,STATICTEXT,DEFAULT,"You may continue but do
so at your own risk."`
snpOld05=`14,18,144,DEFAULT,STATICTEXT,DEFAULT,"Loading an Old Snapshot
is not advisable since many"`
snpOld06=`14,26,134,DEFAULT,STATICTEXT,DEFAULT,"changes to the computer
have likely taken place."`
oldBP=Dialog("snpOld")
If oldBP==2 Then GoSub Leave
Return
:INVALID
snpInvAgeFormat=`WWWDLGED,5.0`
snpInvAgeCaption=`INVALID SNAPSHOT AGE`
snpInvAgeX=115
65
snpInvAgeY=145
snpInvAgeWidth=160
snpInvAgeHeight=96
snpInvAgeNumControls=6
snpInvAge01=`14,10,134,DEFAULT,STATICTEXT,DEFAULT,"The SnapShot utility
has returned an invalid Age for"`
snpInvAge02=`20,64,52,DEFAULT,PUSHBUTTON,DEFAULT,"Continue",1`
snpInvAge03=`84,64,52,DEFAULT,PUSHBUTTON,DEFAULT,"Abort",2`
snpInvAge04=`14,46,110,DEFAULT,STATICTEXT,DEFAULT,"Load Snapshot at your
own risk."`
snpInvAge05=`14,18,126,DEFAULT,STATICTEXT,DEFAULT,"the current Snapshot.
The validity of the Snapshot"`
snpInvAge06=`14,26,50,DEFAULT,STATICTEXT,DEFAULT,"cannot be verified."`
invBP=Dialog("snpInvAge")
If invBP==2 Then GoSub Leave
Return
:MENU
snpFormat=`WWWDLGED,5.0`
snpCaption=`SnapShot Selection Menu`
snpX=115
snpY=145
snpWidth=151
snpHeight=148
snpNumControls=15
snp01=`8,126,44,DEFAULT,PUSHBUTTON,DEFAULT,"Take SnapShot",1`
snp02=`54,126,44,DEFAULT,PUSHBUTTON,DEFAULT,"Load SnapShot",2`
snp03=`100,126,44,DEFAULT,PUSHBUTTON,DEFAULT,"Cancel",3`
snp04=`12,50,74,DEFAULT,STATICTEXT,DEFAULT,"Date of last Snapshot
activity:"`
snp05=`12,82,74,DEFAULT,STATICTEXT,DEFAULT,"Snapshot action perfomed
by:"`
snp06=`94,50,52,DEFAULT,VARYTEXT,lstDate,""`
snp07=`94,82,52,DEFAULT,VARYTEXT,lstPid,""`
snp08=`12,4,128,DEFAULT,STATICTEXT,DEFAULT,"Press 'Take SnapShot' to
capture a system snapshot."`
snp09=`12,16,128,DEFAULT,STATICTEXT,DEFAULT,"Press 'Load SnapShot' to
restore a system snapshot."`
snp10=`12,28,128,DEFAULT,STATICTEXT,DEFAULT,"Press 'Cancel' to abort the
SnapShot utility."`
snp11=`12,66,36,DEFAULT,STATICTEXT,DEFAULT,"Action taken:"`
snp12=`94,66,52,DEFAULT,VARYTEXT,lstAct,""`
snp13=`12,98,64,DEFAULT,STATICTEXT,DEFAULT,"Creation date of current"`
snp14=`12,106,64,DEFAULT,STATICTEXT,DEFAULT,"Snapshot image:"`
snp15=`94,98,52,DEFAULT,VARYTEXT,lstCrtDate,""`
snpAction=Dialog("snp")
If snpAction==3 Then GoSub Leave
If ((snpAction==2) && (lstSnp==0)) Then
Message("NO SNAPSHOT TO LOAD",'A Snapshot cannot be loaded because no
Snapshot was found. Click "OK" to return to the Snapshot Selection
Menu')
EndIf
Return
66
:CONFIRM
confirmFormat=`WWWDLGED,5.0`
confirmCaption=`REBOOTING`
confirmX=115
confirmY=145
confirmWidth=161
confirmHeight=83
confirmNumControls=5
confirm01=`10,10,144,DEFAULT,STATICTEXT,DEFAULT,"SnapShot needs to reboot
your computer to begin the utility. "`
confirm02=`10,28,136,DEFAULT,STATICTEXT,DEFAULT,"Click "OK" to reboot
your computer and run SnapShot"`
confirm03=`10,40,92,DEFAULT,STATICTEXT,DEFAULT,"Click "Cancel" to abort
Snapshot"`
confirm04=`22,62,48,DEFAULT,PUSHBUTTON,DEFAULT,"OK",1`
confirm05=`90,62,48,DEFAULT,PUSHBUTTON,DEFAULT,"Cancel",2`
confirmBP=Dialog("confirm")
If confirmBP==2 Then GoSub Leave
EndIf
Return
:REBOOT
wntShutdown("","Your computer will now reboot and run SnapShot.
will take several minutes.",10,@FALSE,@TRUE)
Return
67
This
Appendix K: SnapShot “Snap” Ghost command switch files
Snswitch.txt – for taking a snapshot
-batch
-clone,mode=pdump,SRC=1:2,DST=e:\SnapShot\Snap\snapshot.gho
-quiet
-z
-fnf
-sure
-rb
-batch = Prevents abort messages that wait for user acknowledgement
-clone,mode=pdump,SRC=1:2,DST=e:\SnapShot\Snap\snapshot.gho
-clone = specifies the cloning operation that you want Ghost to perform
mode=pdump = dumping a partition to an image
SRC=1:2 = gives location of partition to create image from. The
specified partition is on Hard Drive #1, Partition #2
DST=e:\SnapShot\snapshot.gho = destination and file name to which
the partition image will be saved
-quiet= QUIET mode. No user intervention allowed and no screen display.
-z = Compression rate at which to save the image. –Zx where x is
a number between 1 and 9. 1 is the fastest compression and is
also the default if no number is given with the –Z switch.
-fnf = Turns off Fingerprint creation.
-sure = Used in conjunction with -CLONE to avoid the final proceed prompt.
-rb = In batch mode, this forces automatic reboot after completion.
68
Appendix L: SnapShot “Shot” Ghost command switch files
Shswitch.txt – for taking a snapshot
-batch
-clone,mode=pload,SRC=e:\SnapShot\Snap\snapshot.gho,DST=1:2
-quiet
-fnf
-sure
-rb
-batch = Prevents abort messages that wait for user acknowledgement
-clone,mode=pload,SRC=e:\SnapShot\Snap\snapshot.gho,DST=1:2
-clone = specifies the cloning operation that you want Ghost to perform
mode=pdump = dumping a partition to an image
SRC= e:\SnapShot\snapshot.gho = source path and file name of
image to be loaded
DST=1:2 = destination of image to be loaded. The destination
partition listed here is on Hard Drive #1, Partition #2
-quiet= QUIET mode. No user intervention allowed and no screen display.
-fnf = Turns off Fingerprint creation.
-sure = Used in conjunction with -CLONE to avoid the final proceed prompt.
-rb = In batch mode, this forces automatic reboot after completion.
69
Appendix M: RMounter v1.2.1.0 Source Code
;Rmounter
; Used after SYSPREP image is loaded to setup the proper "SourcePath",
STORAGE Partition directories, Lazarus and Snapshot shortcuts, and
drive letters and mount points
regkey=RegOpenKey(@REGMACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\
Setup")
RegSetValue(regkey,"[SourcePath]","D:\")
RegSetValue(regkey,"[ServicePackSourcePath]","D:\")
RegCloseKey(regkey)
;Place Lazarus and Snapshot shortcuts in the All Users' Administrative
Tools
LnkDes=("D:\Documents and Settings\All Users\Start
Menu\Programs\Administrative Tools")
LnkSrc=("C:\DF\ReMounter")
lazLnk=("%LnkDes%\Lazarus.lnk")
snpLnk=("%LnkDes%\Snapshot.lnk")
If !(FileExist(lazLnk)) Then
FileCopy("%LnkSrc%\Lazarus.lnk","%LnkDes%\",@False)
EndIf
If !(FileExist(snpLnk)) Then
FileCopy("%LnkSrc%\Snapshot.lnk","%LnkDes%\",@False)
EndIf
;Create the STORAGE Partition directory structure and copy ghost.exe to
it
snapdir=("F:\SnapShot\Snap")
ghostdir=("F:\Ghost")
If !(DirExist(snapdir)) Then
DirMake(snapdir)
EndIf
If !(DirExist(ghostdir)) Then
DirMake(ghostdir)
EndIf
ghostSrc=("C:\DF\ReMounter\ghost.exe")
ghostDes=("%ghostdir%\ghost.exe")
If ((FileExist(ghostSrc)) && (!(FileExist(ghostDes)))) Then
FileCopy("%ghostSrc%","%ghostDes%",@FALSE)
;Hide Partitions and reassign drive letters
utils=("C:\DF\SYS\")
RunHideWait(Environment("COMSPEC"),"/c %utils%mountvol > volids.txt")
volids=FileOpen("volids.txt","READ")
RunHideWait(Environment("COMSPEC"),"/c %utils%delrp d:\I386")
DirMake("d:\I386")
A = ""
B = ""
i386ID = ""
storageID = ""
70
jazID = ""
cdromID = ""
while (B != "*EOF*")
A = B
B = StrTrim(FileRead(volids))
If ((B == "E:\") | (B == "*** NO MOUNT POINTS ***"))
i386ID = A
EndIf
Then
If B == "F:\" Then
storageID = A
EndIf
If B == "G:\" Then
jazID = A
EndIf
If B == "H:\" Then
cdromID = A
EndIf
EndWhile
ie_i386ID=ItemExtract(4,i386ID,"\")
ie_storageID=ItemExtract(4,storageID,"\")
ie_jazID=ItemExtract(4,jazID,"\")
ie_cdromID=ItemExtract(4,cdromID,"\")
RunHideWait(Environment("COMSPEC"),"/c %utils%mountvol d:\I386
\\?\%ie_i386ID%\")
RunHideWait(Environment("COMSPEC"),"/c
RunHideWait(Environment("COMSPEC"),"/c
RunHideWait(Environment("COMSPEC"),"/c
RunHideWait(Environment("COMSPEC"),"/c
%utils%mountvol
%utils%mountvol
%utils%mountvol
%utils%mountvol
E:\
F:\
G:\
H:\
RunHideWait(Environment("COMSPEC"),"/c %utils%mountvol E:\
\\?\%ie_jazID%\")
RunHideWait(Environment("COMSPEC"),"/c %utils%mountvol F:\
\\?\%ie_cdromID%\")
FileClose(volids)
Exit
71
/D")
/D")
/D")
/D")
Appendix N: Example of mount.vol GUID list
Creates, deletes, or lists a volume mount point.
MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L
path
VolumeName
/D
/L
Specifies the existing NTFS directory where the mount
point will reside.
Specifies the volume name that is the target of the mount
point.
Removes the volume mount point from the specified
directory.
Lists the mounted volume name for the specified
directory.
Possible values for VolumeName along with current mount points are:
\\?\Volume{5cc6e393-495b-11d5-8fb9-806d6172696f}\
C:\
\\?\Volume{5cc6e391-495b-11d5-8fb9-806d6172696f}\
D:\
\\?\Volume{69f25d58-6cbe-11d5-9bd3-806d6172696f}\
P:\
\\?\Volume{5cc6e38d-495b-11d5-8fb9-806d6172696f}\
Z:\
\\?\Volume{5cc6e38e-495b-11d5-8fb9-806d6172696f}\
X:\
\\?\Volume{5cc6e38f-495b-11d5-8fb9-806d6172696f}\
Y:\
\\?\Volume{5cc6e38c-495b-11d5-8fb9-806d6172696f}\
A:\
72
Appendix O: “Test-Lab User GP”
pushed to w2k-pilot.vt.edu/VT/TEST-LAB OU (v1.3, 011129)
Computer Configuration settings=Enabled
User Configuration settings=Enabled
Figure 18: Test-Lab GPO Properties
73
Computer Configuration
Administrative Templates
Administrative Templates Network
Administrative Templates NetworkOffline Files
Figure 19
74
***Event logging level=[Not configured] Enabled – 3 (Log ‘server offline’, ‘net stopped’ and ‘net
started’, and ‘server available for reconnection’)
Figure 20
75
***Subfolders always available offline=[Not configured] Enabled
Figure 21
76
User Configuration
Windows Settings
Windows Settings Internet Explorer Maintenance Security
Figure 22
77
***Security Zones and Content Ratings=[blank] Under the “Security Zones” section, I clicked
“Modify Settings” which brought up a typical IE Security configuration window. I
selected “Trusted Sites”, clicked on the “Sites” button, added “tron.test-lab.w2kpilot.vt.edu”, and unchecked “Require server verification (https:) for all sites in this
zone”. I added this object to fix an issue with opening an Access DB from the user’s My
Documents/Desktop Folder.
Figure 23
78
Figure 24
Figure 25
79
Windows Settings Folder Redirection (Right-click on the individual component and select properties to
modify the policy)
Figure 26
80
***Desktop=[No administrative policy specified] Basic – Redirect everyone’s folder to the same
location; Target folder location: \\tron.ais-pilot.w2kpilot.vt.edu\Stores\Users\%username%\Desktop
[Settings Tab -- clear the “Grant the user exclusive rights to Desktop” box]
Figure 27
81
***My Documents=[No administrative policy specified] Basic – Redirect everyone’s folder to the
same location; Target folder location: \\tron.ais-pilot.w2k-pilot.vt.edu\
UsersData\%username%\My Documents
[Settings Tab -- clear the “Grant the user exclusive rights to My Documents” box]
Figure 28
82
***My Pictures=[ No administrative policy specified] Follow the My Documents folder
Figure 29
83
Administrative Templates
Administrative TemplatesStart Menu & Taskbar
Figure 30
84
***Add Logoff to the Start Menu=[Not configured] Enabled
Figure 31
85
Administrative TemplatesDesktop
Figure 32
86
***Remove My Documents icon from desktop=[Not configured] Disabled
Figure 33
87
***Prohibit user from changing My Documents path=[Not configured] Enabled
Figure 34
88
Administrative TemplatesNetworkOffline Files
Figure 35
89
***Synchronize all offline files before logging off=[Not configured] Enabled
Figure 36
90
***Action on server disconnect=[Not configured] Enable – Action: Work offline (Server’s files are
available to local computer
Figure 37
91
***Disable 'Make Available Offline'=[Not configured] Enabled
Figure 38
92
***Administratively assigned offline files=[Not configured] Enabled – Specify network files and
folders that are always available offline (\\%computername%\Documents and
Settings\%username%\My Documents; \\%computername%\Documents and
Settings\%username%\Desktop)
Figure 39
Figure 40
93
***Event logging level=[Not configured] Enabled – 3 (Log ‘server offline’, ‘net stopped’ and ‘net
started’, and ‘server available for reconnection’)
Figure 41
94
Administrative TemplatesSystemLogon/Logoff
Figure 42
95
***Exclude directories in roaming profile=[Not configured] Enabled – Temporary Internet Files;
History; Temp; Windows; Start Menu
Figure 43
96
Appendix P: “Slow Link Policy” GPO
pushed to entire test-lab.w2k-pilot.vt.edu/Laptops OU (v1.2, 020208)
Computer Configuration settings=Enabled
User Configuration settings=Disabled
Figure 44: Slow Link GPO Properties
97
Computer Configuration
Administrative Templates
Administrative TemplatesSystemLogon
Figure 45
98
***Do not detect slow network connections=[Not configure] Disabled
Figure 46
99
***Slow network connection timeout for user profiles=[Not configured] Endabled – Connection
speed (Kbps): 500 or Time (milliseconds): 120
Figure 47
100
***Prompt user when slow link is detected=[Not configured] Enabled
Figure 48
101
***Timeout for dialog boxes=[Not configured] Enabled – Time (seconds): 45
Figure 49
102
Administrative Templates NetworkOffline Files
Figure 50
103
***Enabled=[Not configured] Enabled
Figure 51
104
***Disable user configuration of Offline Files=[Not configured] Enabled
Figure 52
105
***Synchronize all offline files before logging off=[Not configured] Enabled
Figure 53
106
***Action on server disconnect=[Not configured] Enabled – Work offline
Figure 54
107
***Administratively assigned offline files=[Not configured] Enabled – Specify network files and
folders that are always available offline (\\%computername%\Documents and
Settings\%username%\My Documents; \\%computername%\Documents and
Settings\%username%\Desktop)
Figure 55
Figure 56
108
***Subfolders always available offline=[Not configured] Enabled
Figure 57
109
Appendix Q: “Add Users” .csv file syntax
[User]
UserName,FullName,Password,Comment,HomeDriveAndPath,Profile,Script,
[Global]
GlobalGroupName,Comment,UserName, ...
[Local]
LocalGroupName,Comment,UserName, ...
110
Appendix R: W2k-Pilot “AddUser.csv”
[User]
Username,username(reverse) ,,,,\\tron.test-lab.w2k-pilot.vt.edu\UserData\%username%\Profile\,
111
Appendix S: Populus v1.0.0.0 Source
;POPULUS -- beta v.1 -; Local program to automate the creation of the Profile and Redirected
Folders directories on TRON and set the proper NTFS permissions,
%username% Full, System Full
;
Will create directories one PID (just enter the PID in the field)
at a time or multiple PIDs (using a line-delimited text file)
localpath = FilePath(WinExeName(""))
;Add Required WIL Extender(s)
AddExtender("wwwnt34i.dll")
;Remove previous InvalidUsers.log and create a new one
If FileExist("%localpath%InvalidUsers.log") == 1 Then
FileDelete("%localpath%InvalidUsers.log")
EndIf
;Run the OPTION Sub-Routine
GoSub OPTION
;Check for the existence of the E:\UserData folder
path = "E:\UserData"
If !DirExist(path) Then
Message("Directy Path Doesn't Exist","Verify the Existence of the
Directory Path and Re-run Populus.%@CRLF%Path should be E:\UserData")
GoSub LEAVE
EndIf
While chk1 == "0"
Message("Invalid Selection", "You must choose at least one Folder to
create.")
GoSub OPTION
EndWhile
Switch rad1
Case 1
pid = "PID"
While ((pid == "") | (pid == "PID"))
IndFormat=`WWWDLGED,5.0`
IndCaption=`Individual User`
IndX=61
IndY=82
IndWidth=104
IndHeight=75
IndNumControls=4
Ind01=`14,8,64,DEFAULT,STATICTEXT,DEFAULT,"Enter the User's
PID"`
Ind02=`12,24,64,DEFAULT,EDITBOX,pid,"PID"`
Ind03=`12,42,36,DEFAULT,PUSHBUTTON,DEFAULT,"OK",1`
Ind04=`54,42,36,DEFAULT,PUSHBUTTON,DEFAULT,"Cancel",2`
listBP=Dialog("Ind")
If listBP==2 Then GoSub LEAVE
If ((pid == "") | (pid == "PID")) Then
Message("Invalid PID", "You Must Enter A PID")
EndIf
112
EndWhile
Break
Case 2
list = "USERLIST"
While ((list == "") | (list == "USERLIST"))
IndFormat=`WWWDLGED,5.0`
IndCaption=`Multiple Users`
IndX=61
IndY=82
IndWidth=100
IndHeight=67
IndNumControls=4
Ind01=`14,8,76,DEFAULT,STATICTEXT,DEFAULT,"Enter the User
List Location"`
Ind02=`12,24,64,DEFAULT,EDITBOX,list,"USERLIST"`
Ind03=`12,42,36,DEFAULT,PUSHBUTTON,DEFAULT,"OK",1`
Ind04=`54,42,36,DEFAULT,PUSHBUTTON,DEFAULT,"Cancel",2`
listBP=Dialog("Ind")
If listBP==2 Then GoSub LEAVE
If ((list == "") | (list == "PID")) Then
Message("Invalid Selection", "You Must Enter a valid
path")
EndIf
EndWhile
Break
EndSwitch
If rad1 == 1 Then
GoSub ONE
Else
GoSub MULTI
EndIf
:LEAVE
Exit
Return
:OPTION
PopulusFormat=`WWWDLGED,5.0`
PopulusCaption=`Populus`
PopulusX=61
PopulusY=82
PopulusWidth=144
PopulusHeight=88
PopulusNumControls=10
Populus01=`16,24,50,DEFAULT,CHECKBOX,chk1,"Roaming Profile",1`
Populus02=`16,36,50,DEFAULT,CHECKBOX,chk1,"My Documents",2`
Populus03=`16,48,50,DEFAULT,CHECKBOX,chk1,"Desktop",4`
Populus04=`86,24,52,DEFAULT,RADIOBUTTON,rad1,"Individual User",1`
Populus05=`30,68,36,DEFAULT,PUSHBUTTON,DEFAULT,"Process",1`
Populus06=`84,68,36,DEFAULT,PUSHBUTTON,DEFAULT,"Cancel",2`
Populus07=`86,48,48,DEFAULT,RADIOBUTTON,rad1,"Multiple Users",2`
Populus08=`94,36,36,DEFAULT,STATICTEXT,DEFAULT,"OR"`
Populus09=`10,8,60,DEFAULT,STATICTEXT,DEFAULT,"FOLDERS TO CREATE"`
Populus10=`78,8,58,DEFAULT,STATICTEXT,DEFAULT,"NUMBER OF USERS"`
113
optBP=Dialog("Populus")
If optBP==2 Then GoSub LEAVE
Return
;Sub-Routine for Single User
:ONE
GoSub CREATE
Return
;Sub-Routine for Multiple Users
:MULTI
pid = ""
pidlist = FileOpen(list,"READ")
;Process the PID List and look for invalid PIDs
time = Timedate()
noExistLogCreate = FileOpen("%localpath%InvalidUsers.log","WRITE")
FileWrite(noExistLogCreate,"%time% -- Invalid User Log")
FileClose(noExistLogCreate)
While (pid != "*EOF*")
pid = StrTrim(FileRead(pidlist))
noExist = wntUserExist("\\BONOBOS","%pid%")
If noExist == 0 Then
noExistLogAppend =
FileOpen("%localpath%InvalidUsers.log","APPEND")
FileWrite(noExistLogAppend,"%pid%")
FileClose(noExistLogAppend)
EndIf
EndWhile
FileClose(pidlist)
;Show the InvalidUsers.log file to the operator so he can determine if
there are invalid accounts. Anything between the Date line and the
*EOF* line are invalid accounts.
RunWait("notepad.exe","%localpath%InvalidUsers.log")
invPIDs = AskYesNo("Any Invalid Accounts?", "Were there invalid
accounts?%@CRLF%Select 'YES' to exit Populus and edit the user
list.%@CRLF%Otherwise, select 'NO' to continue.")
If invPIDs == @YES Then
GoSub LEAVE
EndIf
;Use PID list to create the User Folders and Set Permissions
pid = ""
nextpid = ""
pidlist = FileOpen(list,"READ")
While (pid != "*EOF*")
pid = StrTrim(FileRead(pidlist))
If pid == "*EOF*" Then
Break
EndIf
GoSub CREATE
EndWhile
Return
114
;Sub-Routine for creating the folders
:CREATE
fullpath = StrCat(path,"\",pid)
DirMake(fullpath)
Switch chk1
Case 0
Message("Invalid Variable","Invalid 'chk1' variable.
re-run Populus.%@CRLF%Value cannot = 0 (zero)")
GoSub LEAVE
Break
Case 1
;
GoSub PROFILE
GoSub PERMS
Break
Case 2
GoSub MYDOCS
GoSub PERMS
Break
Case 3
;
GoSub PROFILE
GoSub MYDOCS
GoSub PERMS
Break
Case 4
GoSub DESKTOP
GoSub PERMS
Break
Case 5
;
GoSub PROFILE
GoSub DESKTOP
GoSub PERMS
Break
Case 6
GoSub MYDOCS
GoSub DESKTOP
GoSub PERMS
Break
Case 7
;
GoSub PROFILE
GoSub MYDOCS
GoSub DESKTOP
GoSub PERMS
Break
EndSwitch
Return
;:PROFILE
;prof = "Profile"
;ProfilePath = StrCat(fullpath,"\",prof)
;DirMake(ProfilePath)
;Return
:MYDOCS
docs = "My Documents"
MyDocsPath = StrCat(fullpath,"\",docs)
DirMake(MyDocsPath)
Return
:DESKTOP
115
Debug and
desk = "Desktop"
DesktopPath = StrCat(fullpath,"\",desk)
DirMake(DesktopPath)
Return
;Sub-Routine for setting the proper NTFS permissions on the users'
directories, %username% - Full, SYSTEM - Full
:PERMS
svrname = "BONOBOS"
uncpath = StrCat("\\",svrname)
acct = StrCat("W2k-Pilot","\",pid)
wntAccessAdd(uncpath,fullpath,acct,300,"Dir2K:Full",4)
wntAccessAdd(uncpath,fullpath,"SYSTEM",300,"Dir2K:Full",4)
;wntAccessMod(uncpath,fullpath,300,2,1)
Return
116
Appendix T: Procedure for Adding a new user to the AIS/W2k-Pilot
1.
Create the user
a. Create a “comma separated value (csv)” text file containing the following syntax and user
attributes (For a large number of users, you can create the file in a spreadsheet program,
such as Excel, and then save it as a .csv file, then rename the .csv file it to a .txt file)
i. SYNTAX
1. User Name , Full name, Password, Description, HomeDrive,
Homepath, Profile, Script
ii. ATTRIBUTES
1. User Name = PID
2. Full name
3. Password
4. Profile = Full path to the storage location of the users Roaming Profile,
i.e. \\Fully Qualified Domain Name
(FQDN)\UserData\%username%\Profile\
iii. TEXT FILE EXAMPLE: (For the attributes that aren’t used, still add the
commas)
LINE 1:
[User]
LINE 2:
<PID1>,<fullname1>,<password>,,,,\\servername.test-lab.w2kpilot.vt.edu\UserData\%username%\Profile\
LINE 3 (and following):
<PID2>,<fullname2>,<password>,,,,\\servername.test-lab.w2kpilot.vt.edu\UserData\%username%\Profile\
iv. SAMPLE TEXT FILE (Lines shouldn’t wrap):
[User]
msmith,Mike Smith,changeme,,,,\\tron.test-lab.w2kpilot.vt.edu\UserData\%username%\Profile\
ndoe,Nancy Doe, changeme,,,,\\tron.test-lab.w2kpilot.vt.edu\UserData\%username%\Profile\
jluser,Joe L. User, changeme,,,,\\tron.test-lab.w2kpilot.vt.edu\UserData\%username%\Profile\
b. Save the text file to a location that is accessible by a Domain Controller (DC) of the
domain in which the user accounts will reside or copy the file to a floppy disk
c. Also save a copy of the “addusers.exe” utility from the Windows 2000 Server Resource
Kit to the same location as the text file (either network share or floppy disk)
d. Login to the DC of the domain in which the user accounts will reside and download the
txt file (or copy it from the floppy disk)
e. Open up DOS window by typing “cmd” from the “Run…” utility
f. Change the prompt to the location in which you save the addusers.exe file and the text
file by using the “cd” command
i. If you saved the files to c:\temp\utility\ directory, at the command prompt type
the following
<type>
cd \
Goes to the root level
cd temp\utility
changes to the c:\temp\utility>
g. Run the addusers.exe with the following variables, where DC Name is the NetBIOS name
of the DC, FilePath is the location of the comma-delimited text file, and FileName.txt is
the actual name of the text file:
<type>
addusers \\DC Name /c c:\FilePath\FileName.txt
117
h.
i.
j.
2.
Text should begin to stream by in the DOS window, displaying either that the account
was created or it failed
i. If an account creation failed, check the following:
1. See if an account by this name already exists, if so either user a
different name or delete the already created account
2. Verify that the correct syntax is used for the individual account in the
text file
In Active Directory Users and Computers, verify that they accounts have been created
and move them to the proper Organizational Unit (OU)
NOTE—by default, all user accounts created via the addusers.exe utility are set to “User
must change password at next login”. To disable this, use the “/p” switch when you run
addusers.exe
Use the “Populus” utility to create user data folders in the UserData share and set ACLs on the
folders [NOTE—Populus verifies the existence of the user accounts before it creates the folders so
the account creation must be done first]
a. Preparations prior to running Populus
i. For the creation of data folders for INDIVIDUAL USERS, simply run Populus
and follow the instructions
ii. For the creation of data folders for MULTIPLE USERS, create a line-delimited
text file containing the user account names only (no preceding or trailing
carriage returns) [NOTE--If you created a text document from an Excel
spreadsheet for the User Account Creation, you can save the first column, which
contains the User Name attribute, to a text file and save it.]
1. SYNTAX
a. User Name
2. ATTRIBUTES
a. User Name = PID
3. TEXT FILE EXAMPLE:
LINE 1:
user01
LINE 2:
user02
LINE 3:
user03
LINE 4:
etc.
4. SAMPLE TEXT FILE:
msmith
ndoe
jluser
iii. Save the text file to a location that is accessible by a TRON or copy the file to a
floppy disk
iv. Log into TRON and copy the Populus text file to a location on TRON. A good
place is in the same directory as the Populus utility, E:\0_Installed\Populus.
b. POPULUS LOCATION:
i. Populus is located on TRON.TEST-LAB.W2K-PILOT.VT.EDU at
E:\0_Installed\Populus\Populus.exe
ii. You can run Populus by either of the following methods
1. Click on “Start””Run…”; In the “Run” window that appears, type
“E:\0_Installed\Populus\Populus.exe” and click the “OK” button
2. Via Windows Explorer or My Computer, browse to
“E:\0_Installed\Populus” and double click on “Populus.exe”
c. SINGLE USER
i. For creation of data folders for a single user, run Populus and select the
following:
118
1.
2.
3.
Under “FOLDERS TO CREATE”, select
a. My Documents
b. Desktop
c. Do not select “Roaming Profiles”, this folder will be created
auto-magically when the user first logs on and his/her profile
is generated. Future versions of Populus will remove this
folder option.
Under “NUMBER OF USERS”, select
a. “Individual User”
Click the “Process” button
Figure 58: Options Dialog Box – selecting individual user
4.
In the “Individual User” window that appears
a. Enter the User’s PID in the “PID” field and click the “OK”
button to create the user data folders selected and set the
proper user NTFS Permissions
Figure 59: Individual User
119
d.
MULTIPLE USERS
i. For creation of data folders for a multiple users, run Populus and select the
following:
1. Under “FOLDERS TO CREATE”, select
a. My Documents
b. Desktop
c. Do not select “Roaming Profiles”, this folder will be created
auto-magically when the user first logs on and his/her profile
is generated. Future versions of Populus will remove this
folder option.
2. Under “NUMBER OF USERS”, select
a. “Individual User”
3. Click the “Process” button
Figure 60: Options – selecting multiple users
4.
In the “Multiple Users” window that appears
a. Enter the full path to the location of the Populus text file
created in the “Preparations prior to running Populus” section
(for example, “E:\0_Installed\Populus”) and click the “OK”
button to have Populus process the text file and verify the user
accounts existence.
Figure 61: Enter User List Location
120
5.
Populus will then open up “InvalidUsers.log” in Notepad and display
any user accounts in the Populus text file that do not have
corresponding domain user accounts.
a. If there are no invalid user accounts, the file will be displayed
like the following:
Figure 62: Invalid Users Log file – no invalid users in user list
b.
If there are invalid user accounts, the file will be displayed
like the following, with “blah4” and “blah5” being invalid
user accounts:
Figure 63: Invalid Users Log file –invalid users found in user list
121
6.
Populus will wait to continue until you have closed Notepad at which
time it will present you with the “Any Invalid Accounts?” message box
a. If there are invalid accounts, click on the “Yes” button to
cancel Populus. Create the needed accounts or fix the entries
in the Populus text file and re-run Populus
b. If there are no invalid accounts, click on the “No” button and
Populus will finish processing the text file and create the user
data folders selected and set the proper user NTFS
Permissions
Figure 64: Cancel box if invalid users were found in user list
122
e.
Post-Populus Permission Cleanup
i. The current version of Populus does not remove the NTFS File Inheritance
option for the file permissions. This must be done manually. This is due to a
limitation in the Winbatch programming language and should be fixed with a
new version of Populus when Winbatch is updated.
1. After the user data folders are created, modify the NTFS Permissions to
remove permissions for the “Authenticated Users” group and the
“Domain Admins” group.
a. Browse to “E:\UserData”, right-click on the user data folder
just created (the folder named with his/her PID), and select
“Properties” from the context menu that appears.
b. In the “%FolderName% Properties” window, click on the
“Security Tab” and uncheck the option “Allow inheritable
permissions from parent to propagate to this object”
Figure 65: Post-Populus Permission Cleanup
123
c.
In the “Security” window that appears, click on the “Remove”
button
Figure 66: Remove Inherited Permissions
d.
e.
In the “%FolderName% Properties” window, click on the
“Advanced” button
In the “Access Control Setting for %FolderName%”, click to
enable the “Reset permissions on all child objects and enable
propagation of inheritable permissions.” option and click the
“OK” button
Figure 67: Reset Permissions on all child objects
124
f.
In the “Security” message that appears, click on the “Yes”
button
Figure 68: Permission Reset Verification
g.
Click on the “OK” button to close the “%FolderName%
Properties” window
Figure 69: Closing the Security Window
125
