Avoid Windows data collection services.

Big_Brother_is_Watching_Wide

One of the biggest issues and concerns that people have with Windows 10 is the fact that it dials back to HQ(Microsoft) and provides usage statistics. The quickest route to avoid this is to install Linux on your machine, something like Linux Mint is what I would recommend. Alternatively there are many documented ways to disable this “feature” in Windows 10, I have done it at home, but since moved back to windows 8.1 with classic shell. Soon I’m moving to Linux, I’m just waiting for Steam OS to be released.
Gaming is the only thing holding me back.
One thing you might not be aware of is that Windows 7 and 8+, are implementing the same Telemetry systems as Windows 10.
Umm, no thanks.
These systems will install on your computer via Windows update.
As such here is a list of the updates you should avoid in order to omit anonymous data collection by your operating system and have it sent back to Microshaft (Microsoft).

(KB2952664) — This update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows. This Update seems to seriously corrupt systems.
(KB2976978) — This update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows.
(KB2990214) — This update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows.
(KB3068708) — This kind of update helps the overall application experience on Windows, by improving the current operating system for upgrade to the latest version of Windows.
(KB3035583) —  will pitch the free Windows 10 upgrade to customers.  which does not seem to cause a problem other than it readies my computer for Microsoft to start sending “reminders” to upgrade (Malware by most definitions).
(KB3022345) — which corrupts system files, as can be seen if your run SFC following this update. 
(KB2977759) — This update will help Microsoft and its partners ensure compatibility for customers who are seeking to install the latest Windows operating system.
(KB2922324) — Looks like this one has been pulled.
(KB3021917) — This update will help Microsoft and its partners deliver better system performance for customers who are seeking to install the latest Windows operating system.
(KB3050265) — General improvements are made to support upgrades to a later version of Windows.
(KB3068708) — This update introduces the Diagnostics and Telemetry tracking service to in-market devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded.

The Malicious update KB’s need to be ripped out by the roots!!
(KB3014460) Effects Win8.x

Source.

Update:

Here is a quick little script to help you remove all and any of the updates you have installed. Paste this into a txt file and then rename it with a .bat extension. Run the batch file with admin rights.

:: KB killer
@echo off
wusa /uninstall /kb:2952664 /quiet /norestart
wusa /uninstall /kb:2976978 /quiet /norestart
wusa /uninstall /kb:2990214 /quiet /norestart
wusa /uninstall /kb:3068708 /quiet /norestart
wusa /uninstall /kb:3035583 /quiet /norestart
wusa /uninstall /kb:3022345 /quiet /norestart
wusa /uninstall /kb:2977759 /quiet /norestart
wusa /uninstall /kb:2922324 /quiet /norestart
wusa /uninstall /kb:3021917 /quiet /norestart
wusa /uninstall /kb:3050265 /quiet /norestart
wusa /uninstall /kb:3068708 /quiet /norestart
END

 

Add and remove the KBs as desired. Please note that not all the KBs described in the article are in the script. Specifically the Windows 8 one.

Here is another script that I found on hakspek.com, paste it into a .txt file and then change the extension to .bat. Then run the batch file as an administrator.

@echo off
echo

echo Step 1: Delete Updates…
echo Delete KB3075249 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3075249
echo Delete KB3080149 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3080149
echo Delete KB3021917 (telemetry for Win7)
start /w wusa.exe /uninstall /kb:3021917
echo Delete KB3022345 (telemetry)
start /w wusa.exe /uninstall /kb:3022345
echo Delete KB3068708 (telemetry)
start /w wusa.exe /uninstall /kb:3068708
echo Delete KB3044374 (Get Windows 10 for Win8.1)
start /w wusa.exe /uninstall /kb:3044374
echo Delete KB3035583 (Get Windows 10 for Win7sp1/8.1)
start /w wusa.exe /uninstall /kb:3035583
echo Delete KB2990214 (Get Windows 10 for Win7 without sp1)
start /w wusa.exe /uninstall /kb:2990214
echo Delete KB2990214 (Get Windows 10 for Win7)
start /w wusa.exe /uninstall /kb:2990214
echo Delete KB2952664 (Get Windows 10 assistant)
start /w wusa.exe /uninstall /kb:2952664
echo Delete KB3075853 (update for “Windows Update” on Win8.1/Server 2012R2)
start /w wusa.exe /uninstall /kb:3075853
echo Delete KB3065987 (update for “Windows Update” on Win7/Server 2008R2)
start /w wusa.exe /uninstall /kb:3065987
echo Delete KB3050265 (update for “Windows Update” on Win7)
start /w wusa.exe /uninstall /kb:3050265
echo Delete KB971033 (license validation)
start /w wusa.exe /uninstall /kb:971033
echo Delete KB2902907 (description not available)
start /w wusa.exe /uninstall /kb:2902907
echo Delete KB2976987 (description not available)
start /w wusa.exe /uninstall /kb:2976987

echo Step 2: Blocking Routes…
route -p add 23.218.212.69 MASK 255.255.255.255 0.0.0.0
route -p add 65.55.108.23 MASK 255.255.255.255 0.0.0.0
route -p add 65.39.117.230 MASK 255.255.255.255 0.0.0.0
route -p add 134.170.30.202 MASK 255.255.255.255 0.0.0.0
route -p add 137.116.81.24 MASK 255.255.255.255 0.0.0.0
route -p add 204.79.197.200 MASK 255.255.255.255 0.0.0.0
route -p add 23.218.212.69 MASK 255.255.255.255 0.0.0.0

echo Step 3: Disabling tasks…
schtasks /Change /TN “\Microsoft\Windows\Application Experience\AitAgent” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Application Experience\ProgramDataUpdater” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Autochk\Proxy” /DISABLE
schtasks /Change /TN “Microsoft\Windows\Customer Experience Improvement Program\Consolidator” /DISABLE
schtasks /Change /TN “Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask” /DISABLE
schtasks /Change /TN “Microsoft\Windows\Customer Experience Improvement Program\UsbCeip” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Maintenance\WinSAT” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ActivateWindowsSearch” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ConfigureInternetTimeService” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\DispatchRecoveryTasks” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ehDRMInit” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\InstallPlayReady” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\mcupdate” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\MediaCenterRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\OCURActivate” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\OCURDiscovery” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscovery” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscoveryW1” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PBDADiscoveryW2” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PvrRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\PvrScheduleTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\RegisterSearch” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\ReindexSearchRoot” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\SqlLiteRecoveryTask” /DISABLE
schtasks /Change /TN “\Microsoft\Windows\Media Center\UpdateRecordPath” /DISABLE

echo Step 4: Killing Diagtrack-service (if it still exists)…
sc stop Diagtrack
sc delete Diagtrack

echo Final Step: Stop remoteregistry-service (if it still exists)…
sc config remoteregistry start= disabled
sc stop remoteregistry

echo Done — Reboot!
shutdown -r

Windows, creating an unattended installation disc.

A lot of instructions on the net tell you how to use the answer file to create the base image for capturing but nothing in regards to installation. Nice thing about creating the AutoUnattend.xml for capturing is that it will not create a new user profile, since you will be booting into the OS in audit mode. Audit mode allows you to go in generalize the OS install updates and software then seal it with the Out of Box Experience. I usually install the OS in a vm, enter audit mode, run all the windows updates, then use the generalize option for the OOBE experience. Then I capture the OS in WinPE.

The AutoUnattend.xml will differ slightly between the capture and install versions.

To create and unattended xml, you will need to extract the install.wim from the windows ISO. Mount the ISO with Virtual Clone Drive from SlySoft and copy “./sources/install.wim” to somewhere on your computer. If you don’t want to use the free software from SlySoft you can alternatively use 7Zip to explore the ISO archive and extract the install.wim file.

Open Windows System Image Manager, and in the Windows Image pane right click and select “Select Windows Image…” then locate the install.wim file you extracted/copied from the ISO and open it. This will prompt you with the image selection screen, select the appropriate windows distribution.

1

Expand the Components section. The components are used to automate the installatio2n steps during deployment, this will allow you to create a fully automatic installation ISO or flash drive installer. These are added to the Answer File passes. The answer file has 7 passes, more than likely you will not use most of them. First step will be to automate the WindowsPe pass. This will talk about the 64 bit version of tje operating system. If you are still using a 32 bit OS you are doing it wrong.

 

Capture XML

All the components you will use will be preceded by amd64_…

For the capture xml select the following packages for the respective passes.Answer file

 

Note that when selecting these you have to right click the nested option and add to Answer File, otherwise it will only select the root selection and not the nested option.

In the Unattend file we will only use pass 1, 4, and 7. Your AutoUnattend.xml should be placed on the root of a flash drive is you’re installing from a DVD, and the flash drive should be present during installation. If you want to install the OS from a flash drive then after you have copied the contents of Windows onto the flash drive also copy the AutoUnattend.xml to the root of the drive. Same applies for custom iso.

Always edit the xml file inside Windwos System Image Manager, if you try and edit the file in an xml viewer or a third party app like Notepad ++ I found that is sometimes messes with the formatting and then Windows will not pick up the xml during the installation. It somehow invalidates the file, there must be a sort of signature of specific formatting it adds to the file.

Check out the following settings for each pass and nested optiong. You can see which pass it belongs to based on the Id field in each image.

Pass 1. Here you is the Language options which is the first screen you are prompted with when installing windows. I think I should have changed my system locale to en-CA as well, oh well next time.

1

Then comes the actual nested option. For the most part the WillShowUI option will always be changed OnError. This will surpress most of the selections during installation.

2

I disable the built in firewall on corporate networks, I find that it interferes with a lot of applications and is really not that necessary.

3

4Disk 0 is generally the first disk in most computer systems and where the Operating System should reside. If that is not the case for your environment then change it to the appropriate disk id.

5

Here is where the unattend file creates the System partition, it will be the first in order, a primary partition and 200mb in size. Note the Extend option is set to false. The system partition contains the hardware-related files and the Boot folder that tell a computer where to look to start Windows.

6

Here we create the partition where the OS will be installed to. Extend option is set to true, this means that the partition will take up the rest of the disk.

7

Here we modify/format the System partition, key is setting the Active flag to true. Please omit using the Extend option in the Modify Partition property, it does not work properly.

8

Here we modify the partition where the OS will sit and be installed on.

9

Do not install to available partition, you’ll get the chance to specify where you can install it.

10

Here you can specify which OS you would like to install, this Key can be set based on the /IMAGE/NAME , /IMAGE/INDEX, and /IMAGE/DESCRIPTION, and the Value field coresponds the the Key that you have set. So if you have a captured image at index 2 you can change that here…

11

Here is where you set which disk and partition the OS is to be installed on.

12

Accept the Eula and set the Organization name if you wish.

13

This is not the spot for the Product Key, omit putting the key in here this will be done in a later spot.

14

Pass 4 the specialize section. The * in the computer name will yield in a random computer name that will be preceded with the PJLM- as seen in RegisteredOrganization and RegisteredOwner fields. Copy profile will copy the default profile that can be setup during audit mode to a user when they log in for the first time to a newly set up computer.

15

Here is where you specify which domain you would like the computer to join and which OU is should reside in. Remember that the MachineObjectOU hierarchy is backwards, so if you have an asset sitting in Computers -> Desktop ou you would start with the Desktop ou and end with the first ou in hierarchy.

16.2

Here is where you enter the credentials for the domain join. Make sure the account you are using to join the computers to the domain has valid access to do so.

17.2

Pass 7 is where we specify the Out of Box Experience (oobe) settings. This part is the one that will differ most from the capture and the installation AutoUnattend.xml. Below you can see Audit mode, in audit mode you can generalize the desktop and install any updates and/or software that you might want in your image. You are doing all of this in the default user profile, no credentials necessary when you enter into this mode. What I usually do here since I do all of this in a VM is I run all the windows updates and take snapshot of the VM. This way I can always come back to the VM snapshot and tweak it more in the future or install more windows updates or software. You can customize the task bar and other things. Also to note in this mode you will see the SysPrep window appear, if you install windows updates that require a reboot select Audit in the SysPrep windows and do not check off Generalize, just reboot. Once you finish in Audit mode select OOBE, Generalize and Shutdown.

18

If you customized your taskbar you can specify in the below component not to clean it, so if you installed a web browser and added the icon to the taskbar you can have that copied to other profiles on the computer when they get created.

19

This isn’t really that important for the capture process, but here you can essentially skip the naming of the machine or skip the account creation process during installation. Again I wouldn’t worry about it since you enter audit mode first, then you’re sealing the OS for oobe anyways. This is more applicable to the installation xml file and not the capture one. ProtectYourPC setting is essentially the Windows Update setting during setup. 1, specifies the recommended level of protection for the computer, 2 specifies that only updates are installed, and 3 specifies that automatic protection/updates are disabled.

20

Once you finish your xml file, boot up a VM, attach your Windows 7 iso and make sure you have a USB drive with the AutoUnattend.xml on the root of the drive, the installation automatically searches for this file and uses it for the answers required during installation. Go through the installation process generalize the installation, enter OOBE and shutdown. Then use WindowsPE to capture the installation you just created.

3

Installation XML

For the installation xml file or AutoUnattend.xml select the following Components in Windows System Image Manager.

Note the difference in the windowsPE pass or Pass 1 under Windows Setup, ImageInstall and the MetaData. The KEY here refrences the /IMAGE/INDEX key that’s because I don’t use names or descriptions when capturing the image and usually in my wim there is only a single index/single image. The other major difference between this file and the one used to capture the image is the oobeSystem component in Pass 7.
20.5This is where you are prompted for the user account creation and Windows Update settings. In this step I create a local User account with a generic password which I later remove with Group Policy. Next I will only highlight the difference in Components between the file settings for the capture process and the installation process.22

As previously mentioned Pass 1 will pretty much remain the same, the only difference here will be the MetaData Key value. Instead of /IMAGE/NAME I used /IMAGE’/INDEX. The reason for this is that I captured the WIM without a name or description, so I had to use the index # which it was captured with, I used index 1.

The major difference will occur in Pass 7: oobe. The difference will be the lack of the Reseal component which allows you to enter into Audit mode. Since this file is for deployment this step is not necessary. Also note in the screen shot above that I create a local user account, this is so that the prompt for the user creation is bypassed for a true unattended installation. I tried to use a domain account however this did not seem to work, I think this was due to the lack of network support during this installation step, either way I opted to create a local account. If you wish to remove it you could do so with Group Policy when it is joined to the domain.

Once you have created the above XML I suggest you test it to make sure it is a true unattended installation of Windows. The above steps should not differ much between Windows 7 and Windows 8.

That’s pretty much it now you can create a custom ISO.

Custom ISO

To create a custom iso first you need to extract the windows 7 DVD to a directory in this example I used C:\WIN7ISO.

From a command line use; xcopy /E <source dir> <destination dir> , source will be the DVD drive letter and destination will be C:\WIN7ISO directory that was created. “xcopy /E d:\*.* c:\win7iso\”

This will take a minute to copy.

Once you have copied the contents of the DVD to your hard drive, put the AutoUnattend.xml in to the root directory of C:\WIN7ISO. Also in the sources directory where you extracted the ISO, delete the install.wim file or move it outside of the DVD structure. Then copy the custom WIM you captured in it’s place and rename it to install.wim. This will create a custom bootable media with your Win 7 OS. Applications and all.

To create a bootable Windows 7 ISO start the Deployment Tools command prompt and type in the following command, substitute your file paths accordingly. The command is similar to the one used when creating the bootable WinPE ISO.

Usage: oscdimg.exe [options] <source directory> <destination ISO>

oscdimg.exe -bC:\WIN7ISO\boot\etfsboot.com -u2 -h -m -lWIN_7_PRO C:\WIN7ISO c:\WIN7PJLM.iso

b<directory> points to the etfsboot.com file which is necessary for bootable media such as CDs and DVDs. This file will be written to the boot sector of the disk.

u2 this option is used to produce an image that has only the UDF file system on it.

-h this option will include all hidden files and directories under the source path for this image.

m specifies that the file size can be larger than the maximum size limit.

l<volume label> is the label of the media that will be created.

That’s it.

Part 1: Tunneling with Putty (SSH), a home made VPN of sorts.

No VPN? No problem. If you want access to your homes network and specific applications all you need is SSH or in Windows case Putty, which is an ssh client. And that is what I’ll be covering here today, how to tunnel putty to your home network, or where ever you might want access. In this part we will cover web based applications and applications in general…

You’ll need an always on machine at home. I have used my unRAID server in the past. A raspberry pi will also work. The pi is nice because it is a low power and an always on device. I have one on my home network running raspbmc. Either way you need an ssh server running at home, here is a list of servers by paltform. Pick one and set it up. Make sure your home server has a static ip, and your external or public ip is known to you. I reccommend using a Free DNS service such as http://freedns.afraid.org/. These services usually have Dynamic DNS clients which update your external if with their service if it changes. Some routers even have built in clients, which is nice.

ddns

Next you will need to port forward the ssh port on your home router. Ssh uses port 22, so you need to forward this from the external interface to the static IP where your SSH server resides. One thing that I would advise however, is that you do not use the external port 22, use something like 8782 and tunnel it to port 22. Most if not all routers can perform this function. There is reasoning behind this, and it’s Chinese hackers, or rather script kiddies. I kid you not, I’ve experienced this myself at home, my buddy experienced this, and recently I setup a server for someone and forgot to close port 22, this resulted in Chinese based IPs trying to guess the password on port 22. If you are going to to use port 22 then use an RSA key for your SSH sessions, there are plenty of tutorials out there on how to accomplish this and generate these keys. The best way to discourage these attempts at guessing the password though, is to tunnel an external port above 1024 to the internal IP and port 22, this is where your SSH server will reside.

ptfwd

If you’re trying to tunnel in from work to your home, please consider the fact that most businesses have only the common ports open and the rest are firewalled. So your external port number on your home router should match that of the open common port from where you will be connecting from. Some suggestions are 8080 (http alternate), 443 (https), have a look at this list.

Once you’ve set up the above you’re done with your home end. Now it’s time to setup your Putty client at your remote location. I’m assuming that this remote location will be running a Windows 7 OS. For those interested in tunneling in Linux, here is a quick little guide on how to do that. Install PuTTY from here. Once installed launch it.

In the Host name either type in the external IP of you your modem at home, or if you set up a DDNS service type in the address here. In the port field type in the external port on your router at home, in this example it’s 8782. and then select the SSH connection type. Type in a session name and click Save. This will save all the details of your connection for later, and the next time you open putty you can highlight the Session in the box below and click load, this way you don’t have to type in the connection details each time. This also comes in handy because typing in ports and their destination/IPs each time would be a huge pain.

session

We’re not done yet. If you created a private authentication key, you can add it under Connection -> SSH -> Auth and Authentication parameters -> Browse… button. Do not close PuTTY, but navigate back to Session and click Save to save the changes you just made.

auth

Now we set up the actual Tunnels, this option is available under Connection -> SSH -> Tunnels.

tunnelsThe Source port and Destination is what we are concerned about here. Lets say for examples sake that I want to connect to my home routers web interface. If that is the case then in the destination window I will type in the IP:Port, the IP will be the local IP of the router interface at home usually 192.168.1.1 sometimes 192.168.0.1 followed by the port number, ex. 192.168.1.1:80. The source port is the port that the request will come from use something that is currently not in use at the location you will be dialing in from, 8081 is a good one. Now click add. Go back to session and save it again.

router

 

Now if you start the PuTTY session and log in to your SSH server, head over to your web browser and type in http://127.0.0.1:8081 you should be prompted with your Router web interface log in. Nice right. There is a problem with this however, sometimes routers and servers when switching pages and clicking on links will want to substitute the 127.0.0.1 in the address for their server name or local IP. So in this case the router might want to substitute the 127.x.x.x address for it’s 192.168.1.1 address. If that is the case and you encounter this you will manually need replace the 192.x.x.x IP with 127.x.x.x IP and hit enter in the address bar. There is an alternate way but that requires setting up a loopback adapter, which will be covered in Part 2. Now if it is a server name that is trying to be substituted then you can add that to the hosts file.

The hosts file on windows is located in C:\Windows\System32\drivers\etc\. Edit it with Notepad or Notepad++.

Uncomment the following line by removing the ‘#’ character.

127.0.0.1       localhost

then add this line…

127.0.0.1       myservername

where myservername is the name of the server that injects it’s name into the address bar of the web browser when browsing the interface.

In the next part we will cover how to port forward samba shares via PuTTY in Windows 7.

Creating a Windows disk Image for deployment.

This information can both apply to home and business users. I want to create detailed instructions so that the most basic of users can create and deploy the image. For home users you can create a recovery image in case something goes wrong with your PC. For business users this can speed up deployment time to multiple PC on your network. Either way you can have your desktop recovered in a matter of minutes with a full suite of software, updates, and preferences. You can design the image to be very broad covering a wide range of hardware or very specific and target a specific set of hardware. The choice is yours. Specific set of hardware would be more geared for the home user. I will cover Windows 7 deployment. From here on in all references made to windows assume we are talking about windows 7.

Registry-files

The following software and hardware is necessary to create a custom image. A Windows machine with 100GB of free space, a 4GB flash drive, Windows OS disc, Windows AIK, Oracle VM VirtualBoxDISM GUI, Virtual Clone Drive, latest driver pack from DriverPack.net, hardware drivers for your specific hardware, and another flash drive or usb hard drive size will depend on your image size. You could use CDs or DVDs for booting the software but as of Windows 7 I find that flash drives are more reliable than optical media and less prone to installation errors. Having said this you will need to create a CD or DVD WinPE image so you can image the Virtual Box Operating System, as Virtual Box does not allow booting from flash drive. But we’ll get to that later.

The windows machine will be used to create the initial image for the deployment and install the supporting applications like AIK, VirtualBox, DISM GUI, Clone Drive, and slip stream all the necessary drivers for your hardware. The driver pack will be used for the WinPE image that will be created with Windows AIK. This will ensure that WinPE is compatible with most hardware out there. WinPE is used to image the actual hardware and stands for Windows Preinstallation Environment, it is small and used as a forefront for deploying the wim images. We will be creating a x86 version of WinPE as I found that the x64 version has problems with detecting some of the hardware, this also means that when downloading the mass storage drivers and network drivers from DirverPack.net download the x86 versions. Your actual OS image architecture will depend on your installation disc for your hardware.

Windows AIK is a 1.7GB download so get ready for a long wait if your internet connection is a little slower. Once you have everything downloaded you can proceed and install Virtual Clone Drive (VCD). VCD is used to mount iso files, it creates a virtual CD/DVD drive and allows you to install the iso without having to burn in onto a CD/DVD. Mount the Windows AIK to VCD, it’s easy right click the iso and select Mount (Virtual CloneDrive …). In my case VCD assigned itself to drive letter E.

mount

Open up the drive and run StartCD.exe (if autorun doesn’t kick in), then proceed with the Windows AIK Setup. Agree to the license terms, select your installation location, and let it install. It is recommended to have an up to date .NET framework installed. Once AIK install you can unmount the image. Start the Windows AIK Deployment Tools Command Prompt as Administrator.

AIK

WinPE Creation

Here we’ll begin to create the WinPE disc for image capture and creation. More info on creating the WinPE environment. In the command prompt type in the following command:

copype.cmd x86 c:\winpe

Where x86 is the architecture of WinPE and c:\winpe is the detination where it will be copied to. Then you run a command to copy and rename the winpe.wim file.

copy c:\winpe\winpe.wim c:\winpe\ISO\sources\boot.wim

Then you need to add imagex.exe to the WinPE image, this executable is responsible for capturing and deploying wim windows images.

copy “C:\Program Files\Windows AIK\Tools\x86\imagex.exe” c:\weinpe\ISO\

Note the quotes around the source path. These are necessary due to the space in the directory structure. Next you will need to create a bootable flash drive. Open up a new command window as administrator.

cmd

In the new command window open up Disk Partition manager by typing…

diskpart

Insert your flash drive in to a USB port. In the next few steps we will format the flash drive and make it bootable. Then copy the contents of WinPE to the flash drive.

diskpart

list disk

This command lists all the disks attached to the computer.

select disk 6

This selects the 6th disk which in this case is the flash drive

create partition primary or create part primary

Creates a primary partion.

select partition 1 or select part 1

Selects the partition you just created.

active 

This marks the partition with focus as active. This informs the basic input/output system (BIOS) or Extensible Firmware Interface (EFI) that the partition or volume is a valid system partition or system volume.

format quick fs=fat32

Quick formats the flash drive partion as fat32 file system.

assign letter= f

This command is not really necessary and you can skip it, but you’ll need to unplug and plug the flash drive back into the computer. Alternatively you can use it to assign a drive letter to the flash drive so it appears in Windows.

exit

Exits the disk partition manager. You can also use the above steps to create bootable flash drives in Windows at any point and time.

Before we copy the contents of the WinPE iso directory to the flash drive we need to slip stream the mass storage and network drivers in to the WinPE wim. Remember to pick the appropriate architecture and operating system driver pack from DriverPacks.net. The file we need to tackle is located in C:\winpe\ISO\sources it is the boot.wim file we copied earlier. Create a temporary (C:\Temp) directory. We will mount the wim file with DISM GUI there, the application mounts the contents to a directory where you can make changes and then later commit them to the wim image file. Without DISM GUI we would be doing this via command line, you can thank Mike Celone for this neat little app. One thing to note about Driver Packs, they can only be downloaded via Bit Torrent, you can use the Opera browser if you would like as it has a built in Bit Torrent client.

Launch the application with elevated permissions, as administrator. Choose the wim file located in the sources folder, and select the mount location. Once you selected the file and mount location click Mount WIM. DISM is Running… may take a few minutes it all depends on the size of the wim file. DISM Output should come back wiht “The operation completed successfully.”

dismgui

Click the “Driver Management” tab. Make sure the Force Unsigned and Recursive options are checked. Then proceed to click Add Drivers. DISM is Running. Please wait.. again depending on how many drivers there are this might take a few minutes, be patient. If you have specific hardware drivers you want to use add them here as well. Remember we’re using x86 version of WinPE so you will need to use the 32 bit drivers.

dismdriver

Once this is done click on the “Mount Control” tab and click Dismount WIM. It will ask you if you want to commit chages, click Yes. Again we play the waiting game as DISM GUI does it’s thing. Once complete you can close DISM GUI, now we need to copy the contents of the ISO folder to the flash drive. Go back to the command line window either will do. And type in the following.

xcopy C:\winpe\iso\*.* /e F:\

Where f: is the drive letter of the flash drive. Once this process completes we’re done creating the universal WinPE image. You can eject and pull the flash drive from the computer and test it by booting it in another computer. If you followed the instructions you should be good to go. While we’re here we should probably also make an iso image of the WinPE boot disk, this will be later used to capture and deploy the Windows OS image in Virtual Box. A Virtual Box instance can not be booted from a flash drive, so the iso will need to be burned to a CD or mounted in VCD and then booted in the VM. I prefer the latter. In order to create the iso in the Deployment Tools Command Prompt type in the following.

oscdimg -n -bC:\winpe\Etfsboot.com C:\winpe\ISO C:\winpe\winpe.iso

oscdimg

Oscdimg is a command-line tool for creating an image file (.iso) of a customized 32-bit or 64-bit version of Windows PE. -n option enables long file names, and the -b option specifies the location of the El Torito boot sector file. Do not use any spaces. CD-ROMs usually have their own structure of boot sectors, for IBM PC compatible systems this is subject to El Torito specifications. Here is the oscdimg Technet article if you’d like more info in it.

Windows OS image creation

Install Virtual Box on your computer. Create a Windows 7 32bit or 64bit VM, depending on your media and your OS architecture.

newvm

Go to New,  type in a name for your Virtual Machine or VM, click Next. Allocate memory to the VM, you want minimum of 512MB. I would recommend at least 2GB or 2048MB, but this all depends on the capability and resources of your host machine. My desktop has 16GB of RAM so freeing up 2GB for the VM is a non issue. But it’s all hardware dependant. I’d say if you have at least 4GB or RAM give the VM 2 of that. If you this, do not run too many applications on your host machine while running the VM. Click Next after you allocated RAM to the VM. Select Create a virtual hard drive now, click Create. For Hard drive file type, I selected VMDK. The reason I selected this is because this is the same extension as used by VM Ware, so potentially I could copy this machine to a VM server if I wanted to. Click Next after you selected the Hard Drive file type, select Dynamically allocated and click Next. If you select Fixed Size it take a while to create the Virtual Disk, this is why I selected Dynamic.For File location and size, I selected the default of 25GB, to save your VDMK in a specific location click the folder icon on the right. Click Create.

vmfilelocation

Your VM is now created, all you need to do now is install the Operating System.

Insert the Operating System disc into your CD rom drive or mount the iso in CloneDrive. To select the Virtual CloneDrive(VCD) highlight the VM in Virtual Box and click settings, Storage, and add an IDE controller, click Leave Empty. Highlight the Empty controller, and under the Attributes click the disc icon and select the drive letter that corresponds to the Virtual Disc. In my case it’s E.

VCD&VM

Click OK. and Start the VM. Click the VM window and start pressing F12 so you can choose the device from which to boot from. Select c for CD-ROM. Boot into the installation menu and start installing Windows in your VM. Install the operating system, all the windows updates and any other applications you would like this image to have. When creating a user during this installation, create a generic user such as User, Admin, or PC. Once you sysprep the OS you will not be able to create that specific User ID again. So if in the final deployed image you want to a User ID named Admin do not use that during the initial VM OS installation.

As a system admin I install all my software over the network using PDQ Deploy, and use Group Policy to push any other mandatory software, drive mappings, pirnters, etc. So installing software on the OS would be more geared towards a home user, or a small business. I mostly use the image to deploy windows with current updates and such.

Either way this Windows installation, and updates will probably take a while.

windowsupdates

Once you see the above and you’ve installed all the applications you desire it’s time to take a snapshot of your image. The snapshot allows you to revert the VM to a previous state. We want to do this right before running sysprep, as sysprep can only be run a limited amount of times on an operating system. To do this, in your Oracle VM VirtualBox Manager on the top right click Snapshots, this will open the snapshots pane, then click the camera button and it will take a snapshot of the operating system state. I do several snapshots just in case I screw something up during installation. I take one right after the Windws updates, a bare OS install, and one prior to running sysprep with all the custom software installed. To restore a snapshot the VM needs to be shut down.

snapshot2

A restore is handy when you want to go back and update your image. Every quarter (3 months) I go back to the image and add new updates and software revisions if necessary. This is part of my Disaster Recovery plan. This prevents me from running the lengthy process of Windows updates each time, and with multiple snapshots, I have varying restore points.

The next step is to run sysprep. Sysprep is a system preperation tool which strips the operating system of hardware specific drivers preventing compatibility issues when installing the OS on different hardware. If you’ve ever setup a desktop computer from Dell this is almost exactly what it does. Don’t worry after we create the image we will slip stream the appropriate hardware drivers into it with DISM GUI. Sysprep is located in C:\Windows\System32\sysprep\sysprep.exe. Double click on the executable file. Select Enter System Out-of-Box Experience (OOBE), check Generalize, and select Shutdown.sysprep

Click OK, this will run a cleanup and generalize phase and then shutdown your VM.

Capturing the Windows Image

Once the VM is shut down mount the winpe.iso we created earlier in Virtual CloneDrive. Also make sure that the VCD is available to the Virtual Machine, you can double check by highlighting the VM, clicking Settings and selecting Storage. Under Controller: IDE you should see Host Drive ‘E:’, where E: should reflect the drive letter corresponding to your computers VCD drive letter.

Now this is important, next you want to boot that VM you just sysprepped and shutdown. However you want to boot it to the mounted WinPE iso, CD-Rom in the VM. One thing to consider is that you will need to save the Windows image somewhere, and it can not be in the VM, so you have options you can either save it to your host machine bu mounting a shared folder in the VM in WinPE via the net use command, or attach a usb drive to the VM via Settings, USB, and clicking the add USB Device icon.vmUSBdrive

Start and focus on the VM window, keep pressing F12 while booting to bring up the boot menu. Select option c0 which is cd-rom to boot the mounted WinPE image. winpe

The above image is an indication that WinPE is loading. Once booted you’ll be greeted with a dos command prompt window, generally X:\windows\system32>. Next you’ll need to figure out which drive is where and what drive letters are assigned to them. Usually I just go through the alphabet with the command a:, b:, c:…. etc. In my instance the USB did not come up in the VM, typical, it rarely works. So we have to do this the hard way, mount a network drive in WinPE(VM) and send the image to the Host PC. This is why we slip streamed LAN and Storage drivers into the WinPE image earlier. I had 3 drives I found c:, d:, e:, and x:. C is system reserved, D is the Sysprepped OS, E is the WinPE cd-rom, and X: is the drive assigned to the current WinPE instance. Note these drives and what is on them.

First let’s make sure the VM has an IP, run the command ipconfig to confirm that it does. If you get a IPv4 address that doesn’t start with 0.x.x.x or 169.x.x.x you’re good to go. If you don’t get an IP you need to find the right LAN drivers and slip stream them into the WinPE wim, and recreate the iso. ip

Next ping your host computer IP make sure the VM can talk to the computer it is running on. Run ipconfig on your host computer to get it’s IP address and then ping that ip from your VM, for example my host pc IP was 10.50.70.104, so in the VM i ran the command

ping 10.50.70.104

and the pings were succesful. This means the two machines can talk to each other. ping

Next create a folder called IMAGE on the VM host machine in the root of c:, C:\IMAGE. Right click the folder, select properties, select the Sharing tab, and click Share. In the File Sharing window you will need type in Everyone and click Add or press enter. Under Permission Level give Everyone Read/Write permissions and click Share. If you are not able to share the folder you will need to enable File and Printer sharing in windows go here to see how it’s done. Remember, sharing is caring.sharing

Now we will mount this shared folder in the VM that is running WinPE using the net use command. Context is as follows ‘net use <drive letter> \\server\share’, in my case I used the command

net use z: \\10.50.70.104\image

With this command I mounted the shared folder image on machine with IP 10.50.70.104, to a Z drive in WinPE. In my case I was also prompted for a user name and password, the reason for this is because I’m on a domain, and my domain security settings require a valid domain user. The user id was preceeded by the domain, domain\userid, and a second prompt prompted me for a password.netuse

Time to capture the Windows image. If you’re not already switch to the X drive by typing in x:. I used the following command to capture the windows image

e:\imagex.exe /capture d:\ z:\laptopIMG.wim “Laptop Image” 

This will start the image capture process.capture

e:\imagex.exe is the location of the imagex program on the cd rom. This program is used for capturing and deploying images.

/capture a command line switch that tells imagex to capture an image.

d:\ this is the swtich for the source of the image. The drive which had the sysprepped windows 7 OS.

z:\laptopIMG.wim switch for the destination and name of the image file. Z: network drive we mounted earlier which points to the VM host machine.

“Laptop Image” a label switch given to the image file that will be created.capturing

That’s pretty much most of the hard work. You’re almost done. All that is left is to wait for the image to finish being captured. Once the image is captured open up up DISM GUI and mount the wim file, same as before, this time we will add the hardware specific drivers though, LAN, Sound, Mouse, Keyboard, Chipset… etc. Grab the hardware drivers from the manufacturers website. Use the instructions above. If you have various hardware setups on your network or at home grab all the drivers necessary and slip stream them all into the wim file. One thing to note is that slip streaming Video drivers will not work. I’m ok with that as they change so often it is a non issue with me. You could always place an executable in a folder of the Windows 7 image. Unmount and commit the Windows image changes in DISM GUI. Your image is complete, all that is left to do is deploy it to a machine.

Windows Image deployment

To deploy the image plug in the WinPE flash drive and the USB drive that has the windows wim file on it, into a computer. Change the boot priority on the PC so it boots from the WinPE flash drive. Once in WinPE you need to locate all the drives and distinguish them, write down which is which. Then we need to enter disk partiton manager again, we will erase the primary drive in the machine, and leave the flash drive and USB drive alone. Enter the following commands in the command prompt:

diskpart – enters partition manager

list disk – lists all the disks connected to the machine

select disk 0 – selects the primary disk

clean – wipes the information on the disk

create partition primary size=300 – creates a partition size of 300MB

select partition 1 – selects the partition you just created

format quick fs=ntfs label=”System” – quick format an NTFS drive with label “System”

assign letter=S – assign drive letter S to the System partition that was just formatted

active – sets the partition as a valid system partition

create partition primary – creates another primary partition on the drive

select partition 2 – selects the 2nd partiton

format quick fs=ntfs label=”Windows” – quick formats the 2nd partiton with NTFS file systerm and the Windows label

assign letter=C – assigns drive letter C to the 2nd partion

exit – exits the diskpart utility

Now let’s image the freshly formatted drive with your Windows image. Assuming that the WinPE flash drive is on drive F: and the USB drive with the Windows image on drive G:, run the following command.

f:\imagex.exe /apply g:\laptopIMG.wim 1 C:

f:\imagex.exe – is the image management application located on the WinPE flash drive

/apply – is the switch to tell the application to apply a wim image

g:\laptopIMG.wim – is the location of the image file in the USB drive

1 – is the index of the wim, a wim can house different version of itself

C: – is the destination that the image is to be applied to

Update: Forgot to mention an important step in deploying the image. Prior to restarting the computer after imaging, the bcd boot command needs to be ran. BCDboot is used to initialize the Boot Configuration Data (BCD) store and copy boot environment files to the system partition. For example, at a command prompt, type the following.

C:\windows\system32\bcdboot C:\windows       (for a x86 OS)

C:\windows\SysWOW64\bcdboot C:\windows       (for a x64 OS)For the 64 bit version of bcdboot the command has to be run from the SysWOW64 directory otherwise it will not work.

Wait for it to finish, power down the computer, and remove the flash and USB drive. Then boot up the computer and go through the setup process such as creating a User, setting the time zone, adding to the domain… etc.

Enjoy.

Happy Christmas and a Merry New Year.