The age of telemetry and online tracking.

Telemetry has been around for a while, Windows 7 had it, and I believe even Vista might have had it.

Having said this Microsoft did not previously sell this information to third parties not did it previously include personal information. When I say personal information I mean your age gender, approximate location, and online habits. Legally they can not give your name, address, and other details that would allow someone to pin point you in real life. So instead they are selling as much as they can about you without actually telling them who you really are. Mind you Micrrosoft is not the only company that uses telemetry data, recently Nvidia got caught with their hand in the cookie jar as well. Scary, right?

Windows:

Fret not where there is a will there is a way. If like me you spend a lot of time connected to the online world there should be a few applications that you need to explore.

For Windows 10 there are a couple of Telemetry applications that you can install that will kill the services and registry entries that allow Windows to send your data to big brother.

O&O Software has an Antispy-Tool for Windows 10. This is a free download. It’s called O&O ShutUp10. With this tool you can pick and choose in great detail what you want to block and what you want to allow.

03

The folks over at Safer Networking that brought us Spybot Search and Destroy have also built a similar tool. They call their Telemetry removal tool Spybot Anti-Beacon, the link can be found on their download page. This has a portable version so you can run it off a flash drive if you need to.

capture

The first time you run this it will show you what you have blocked and what is still tracking you. If you click the “Show Options” button it will show you the registry keys that will be changed. Click Immunize and restart your computer.

Besides these tools, I have also edited my hosts file and added a bunch of domain names that direct to 0.0.0.0, essentially to nowhere. Spybot also adds a couple hosts entries into the file.

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
0.0.0.0 c.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 ec.atdmt.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 msedge.net
0.0.0.0 msftncsi.com
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn.com
0.0.0.0 rad.live.com
0.0.0.0 rad.msn.com
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 secure.adnxs.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 ssw.live.com
0.0.0.0 static.2mdn.net
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 http://www.msftncsi.com
0.0.0.0 apps.skype.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 m.hotmail.com
0.0.0.0 pricelist.skype.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 s0.2mdn.net
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 ui.skype.com
0.0.0.0 view.atdmt.com
0.0.0.0 watson.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com

*Note not all of the above addresses belong to Microsoft. Most of those URLs preform some sort of tracking so probably a good idea to block them anyways.

Nvidia:

Recently it has been discovered that Nvidia included Telemetry in their driver software. Some believe it is only part of the GForce experience, but that is not the case, it is installed along side the driver.

In order to disable the Telemetry bundled with the Nvidia driver you need to download Autoruns from Sysinternals. Extract the package and run the executable as Administrator. Make sure the everything tab is selected and filter content with the keyword: nvidia. Then proceed to uncheck the following items and then just close the application, followed by a reboot.

capture2

Now Nvidia might not be tracking anything, but that is not the point. Also you will need to do this every time you reinstall the driver.

Web browser:

To hide yourself online, obviously the best technology is a VPN or a proxy server. However these can cost quite a bit of money.

My suggestion is use two of the better online extensions. Electronic Frontier Foundations Privacy badger and uBlockOrigin.

Privacy Badger can be installed right from the eff.org web page. To install uBlickOrigin go to your web browsers extension store to find plugin and install it. For Vivaldi go to the chrome store as it is based on Chromium and all chrome extensions are compatible with it.

Generate Cyclic Redundancy Check (CRC) Using CertUtil

A CRC is used to detect any changes to the original data/content, the most common reason being accidental data modification and corruption. CRCs are used to validate integrity, to ensure that the data sent is the data received.

It’s quite easy to create a CRC with tools built into the Windows operating system. Open a command prompt window, browse to the location of your file and run the following command:

CertUtil -hashfile <file_name> MD5

By default CertUtil uses SHA1 if the algorithm is not specified, for this example we’re using MD5. CertUtil supports many different algorithm types.

  • MD2
  • MD4
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512

Once the command has completed successfully CertUtil will output a sequence of numbers and characters, this is the MD5 hash. We will use this hash to validate the integrity of the file once it’s transferred. Once the file is copied we will run the same command and compare the values. If they match the file is valid, if not we know the data was altered. To simplify this process I’ve written a small script in PowerShell that you can leverage.

if ( $(CertUtil -hashfile "<file_name>" MD5) -eq "<hash_from_certutil>" ) { 
  Write-Host "CRC File Integrity Check Passed." -ForegroundColor "Green"

  Write-Host "`nPress any key to exit..."
  $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  exit 0
}
else {
  Write-Host "CRC File Integrity Check Failed." -ForegroundColor "Red"
  Write-Host "Please re-download file and re-run CRC check."

  Write-Host "`nPress any key to exit..."
  $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  exit 1
}

AD Security Filtering and Item Level Targeting, apply specific policies to specific resources.

Let’s talk Active Directory again, AD for short. In my opinion is an IT administrators best friend. It has the potential to eliminate the need for log on scripts, it can simplify software deployments to multiple computers, improve security, and eliminate malware. If you’re an IT admin in a small shop or new to the Admin game and haven’t really employed AD on your network beside the default domain policy, I suggest you have a look into it.

What does Security Filtering and Item Level Targeting do exactly? Well they allow you to apply Group Policies to individual users, computers or groups.

FilteringSecurity Filtering is a basic way of filtering out to which group the policy is applied to. For instance, when one creates a new Group Policy Object in Active Directory, by default the GPO applies to Authenticated Users. So any user that logs on to the domain or rather is authenticated by the domain, and exists in the OU where the GPO resides, will have said policy applied when they log in. Now, let’s say you want to limit this to a specific set of users. Perhaps someone in the Accounting department, they might have a specific drive or access to a drive that you want them to have mapped when they log on. This is easy to accomplish with Security Filtering. Please be aware that Security Filtering is not the only way to restrict or grant access to specific network resources, not at all. There are several ways to approach this, some more complicated than others, this is merely just one of those ways.

The benefit of Security Filtering is that you will omit any users, security groups, or computers that are not in this list. It also gives you a somewhat greater control, such as allowing you to set the read write permissions on each group in the policy. Security Filtering is a top level filter, during log on AD will check to see if you are part of said resource and if you are not no further checks will be performed against this policy. The draw back is that no further checks will be performed against this policy, so for for instance if you have a policy that maps various network drives to people in different departments and the drives differ per department you’d have to create new policies for each department. Note: Some people prefer to have separate policies per department, and organize theirs just like this. This method works well for large organizations that need to visually separate policies.

Insert Item level Targeting, it is a nested form of filtering within a specific Active Directory policy. This is where you can have your entire filtering done inside the policy. Perfect for your smaller offices or filtering resources per department. On my network I use Item Level targeting to target specific groups which users are members of to map special drives on their computers. ItemLevel

I don’t have that many users that I support and this is a viable solution to me. For larger scale organizations and to be more transparent with your policies use Security Filtering.

There are many ways to filter groups, users, and computer these are just a couple that are useful.

Side Note: You can also use WMI filters to filter group policies based on specific hardware resources. WMI filters need to be created in the Group Policy Management editor. WMI filters can be created and applied a GPO based on computer attributes, such as the OS, free space, brand, or model. This is perfect if you want to deploy drivers and software to specific machines on your network or range of machines without wanting to add them to a specific group.

Creating a Windows disk Image for deployment.

This information can both apply to home and business users. I want to create detailed instructions so that the most basic of users can create and deploy the image. For home users you can create a recovery image in case something goes wrong with your PC. For business users this can speed up deployment time to multiple PC on your network. Either way you can have your desktop recovered in a matter of minutes with a full suite of software, updates, and preferences. You can design the image to be very broad covering a wide range of hardware or very specific and target a specific set of hardware. The choice is yours. Specific set of hardware would be more geared for the home user. I will cover Windows 7 deployment. From here on in all references made to windows assume we are talking about windows 7.

Registry-files

The following software and hardware is necessary to create a custom image. A Windows machine with 100GB of free space, a 4GB flash drive, Windows OS disc, Windows AIK, Oracle VM VirtualBoxDISM GUI, Virtual Clone Drive, latest driver pack from DriverPack.net, hardware drivers for your specific hardware, and another flash drive or usb hard drive size will depend on your image size. You could use CDs or DVDs for booting the software but as of Windows 7 I find that flash drives are more reliable than optical media and less prone to installation errors. Having said this you will need to create a CD or DVD WinPE image so you can image the Virtual Box Operating System, as Virtual Box does not allow booting from flash drive. But we’ll get to that later.

The windows machine will be used to create the initial image for the deployment and install the supporting applications like AIK, VirtualBox, DISM GUI, Clone Drive, and slip stream all the necessary drivers for your hardware. The driver pack will be used for the WinPE image that will be created with Windows AIK. This will ensure that WinPE is compatible with most hardware out there. WinPE is used to image the actual hardware and stands for Windows Preinstallation Environment, it is small and used as a forefront for deploying the wim images. We will be creating a x86 version of WinPE as I found that the x64 version has problems with detecting some of the hardware, this also means that when downloading the mass storage drivers and network drivers from DirverPack.net download the x86 versions. Your actual OS image architecture will depend on your installation disc for your hardware.

Windows AIK is a 1.7GB download so get ready for a long wait if your internet connection is a little slower. Once you have everything downloaded you can proceed and install Virtual Clone Drive (VCD). VCD is used to mount iso files, it creates a virtual CD/DVD drive and allows you to install the iso without having to burn in onto a CD/DVD. Mount the Windows AIK to VCD, it’s easy right click the iso and select Mount (Virtual CloneDrive …). In my case VCD assigned itself to drive letter E.

mount

Open up the drive and run StartCD.exe (if autorun doesn’t kick in), then proceed with the Windows AIK Setup. Agree to the license terms, select your installation location, and let it install. It is recommended to have an up to date .NET framework installed. Once AIK install you can unmount the image. Start the Windows AIK Deployment Tools Command Prompt as Administrator.

AIK

WinPE Creation

Here we’ll begin to create the WinPE disc for image capture and creation. More info on creating the WinPE environment. In the command prompt type in the following command:

copype.cmd x86 c:\winpe

Where x86 is the architecture of WinPE and c:\winpe is the detination where it will be copied to. Then you run a command to copy and rename the winpe.wim file.

copy c:\winpe\winpe.wim c:\winpe\ISO\sources\boot.wim

Then you need to add imagex.exe to the WinPE image, this executable is responsible for capturing and deploying wim windows images.

copy “C:\Program Files\Windows AIK\Tools\x86\imagex.exe” c:\weinpe\ISO\

Note the quotes around the source path. These are necessary due to the space in the directory structure. Next you will need to create a bootable flash drive. Open up a new command window as administrator.

cmd

In the new command window open up Disk Partition manager by typing…

diskpart

Insert your flash drive in to a USB port. In the next few steps we will format the flash drive and make it bootable. Then copy the contents of WinPE to the flash drive.

diskpart

list disk

This command lists all the disks attached to the computer.

select disk 6

This selects the 6th disk which in this case is the flash drive

create partition primary or create part primary

Creates a primary partion.

select partition 1 or select part 1

Selects the partition you just created.

active 

This marks the partition with focus as active. This informs the basic input/output system (BIOS) or Extensible Firmware Interface (EFI) that the partition or volume is a valid system partition or system volume.

format quick fs=fat32

Quick formats the flash drive partion as fat32 file system.

assign letter= f

This command is not really necessary and you can skip it, but you’ll need to unplug and plug the flash drive back into the computer. Alternatively you can use it to assign a drive letter to the flash drive so it appears in Windows.

exit

Exits the disk partition manager. You can also use the above steps to create bootable flash drives in Windows at any point and time.

Before we copy the contents of the WinPE iso directory to the flash drive we need to slip stream the mass storage and network drivers in to the WinPE wim. Remember to pick the appropriate architecture and operating system driver pack from DriverPacks.net. The file we need to tackle is located in C:\winpe\ISO\sources it is the boot.wim file we copied earlier. Create a temporary (C:\Temp) directory. We will mount the wim file with DISM GUI there, the application mounts the contents to a directory where you can make changes and then later commit them to the wim image file. Without DISM GUI we would be doing this via command line, you can thank Mike Celone for this neat little app. One thing to note about Driver Packs, they can only be downloaded via Bit Torrent, you can use the Opera browser if you would like as it has a built in Bit Torrent client.

Launch the application with elevated permissions, as administrator. Choose the wim file located in the sources folder, and select the mount location. Once you selected the file and mount location click Mount WIM. DISM is Running… may take a few minutes it all depends on the size of the wim file. DISM Output should come back wiht “The operation completed successfully.”

dismgui

Click the “Driver Management” tab. Make sure the Force Unsigned and Recursive options are checked. Then proceed to click Add Drivers. DISM is Running. Please wait.. again depending on how many drivers there are this might take a few minutes, be patient. If you have specific hardware drivers you want to use add them here as well. Remember we’re using x86 version of WinPE so you will need to use the 32 bit drivers.

dismdriver

Once this is done click on the “Mount Control” tab and click Dismount WIM. It will ask you if you want to commit chages, click Yes. Again we play the waiting game as DISM GUI does it’s thing. Once complete you can close DISM GUI, now we need to copy the contents of the ISO folder to the flash drive. Go back to the command line window either will do. And type in the following.

xcopy C:\winpe\iso\*.* /e F:\

Where f: is the drive letter of the flash drive. Once this process completes we’re done creating the universal WinPE image. You can eject and pull the flash drive from the computer and test it by booting it in another computer. If you followed the instructions you should be good to go. While we’re here we should probably also make an iso image of the WinPE boot disk, this will be later used to capture and deploy the Windows OS image in Virtual Box. A Virtual Box instance can not be booted from a flash drive, so the iso will need to be burned to a CD or mounted in VCD and then booted in the VM. I prefer the latter. In order to create the iso in the Deployment Tools Command Prompt type in the following.

oscdimg -n -bC:\winpe\Etfsboot.com C:\winpe\ISO C:\winpe\winpe.iso

oscdimg

Oscdimg is a command-line tool for creating an image file (.iso) of a customized 32-bit or 64-bit version of Windows PE. -n option enables long file names, and the -b option specifies the location of the El Torito boot sector file. Do not use any spaces. CD-ROMs usually have their own structure of boot sectors, for IBM PC compatible systems this is subject to El Torito specifications. Here is the oscdimg Technet article if you’d like more info in it.

Windows OS image creation

Install Virtual Box on your computer. Create a Windows 7 32bit or 64bit VM, depending on your media and your OS architecture.

newvm

Go to New,  type in a name for your Virtual Machine or VM, click Next. Allocate memory to the VM, you want minimum of 512MB. I would recommend at least 2GB or 2048MB, but this all depends on the capability and resources of your host machine. My desktop has 16GB of RAM so freeing up 2GB for the VM is a non issue. But it’s all hardware dependant. I’d say if you have at least 4GB or RAM give the VM 2 of that. If you this, do not run too many applications on your host machine while running the VM. Click Next after you allocated RAM to the VM. Select Create a virtual hard drive now, click Create. For Hard drive file type, I selected VMDK. The reason I selected this is because this is the same extension as used by VM Ware, so potentially I could copy this machine to a VM server if I wanted to. Click Next after you selected the Hard Drive file type, select Dynamically allocated and click Next. If you select Fixed Size it take a while to create the Virtual Disk, this is why I selected Dynamic.For File location and size, I selected the default of 25GB, to save your VDMK in a specific location click the folder icon on the right. Click Create.

vmfilelocation

Your VM is now created, all you need to do now is install the Operating System.

Insert the Operating System disc into your CD rom drive or mount the iso in CloneDrive. To select the Virtual CloneDrive(VCD) highlight the VM in Virtual Box and click settings, Storage, and add an IDE controller, click Leave Empty. Highlight the Empty controller, and under the Attributes click the disc icon and select the drive letter that corresponds to the Virtual Disc. In my case it’s E.

VCD&VM

Click OK. and Start the VM. Click the VM window and start pressing F12 so you can choose the device from which to boot from. Select c for CD-ROM. Boot into the installation menu and start installing Windows in your VM. Install the operating system, all the windows updates and any other applications you would like this image to have. When creating a user during this installation, create a generic user such as User, Admin, or PC. Once you sysprep the OS you will not be able to create that specific User ID again. So if in the final deployed image you want to a User ID named Admin do not use that during the initial VM OS installation.

As a system admin I install all my software over the network using PDQ Deploy, and use Group Policy to push any other mandatory software, drive mappings, pirnters, etc. So installing software on the OS would be more geared towards a home user, or a small business. I mostly use the image to deploy windows with current updates and such.

Either way this Windows installation, and updates will probably take a while.

windowsupdates

Once you see the above and you’ve installed all the applications you desire it’s time to take a snapshot of your image. The snapshot allows you to revert the VM to a previous state. We want to do this right before running sysprep, as sysprep can only be run a limited amount of times on an operating system. To do this, in your Oracle VM VirtualBox Manager on the top right click Snapshots, this will open the snapshots pane, then click the camera button and it will take a snapshot of the operating system state. I do several snapshots just in case I screw something up during installation. I take one right after the Windws updates, a bare OS install, and one prior to running sysprep with all the custom software installed. To restore a snapshot the VM needs to be shut down.

snapshot2

A restore is handy when you want to go back and update your image. Every quarter (3 months) I go back to the image and add new updates and software revisions if necessary. This is part of my Disaster Recovery plan. This prevents me from running the lengthy process of Windows updates each time, and with multiple snapshots, I have varying restore points.

The next step is to run sysprep. Sysprep is a system preperation tool which strips the operating system of hardware specific drivers preventing compatibility issues when installing the OS on different hardware. If you’ve ever setup a desktop computer from Dell this is almost exactly what it does. Don’t worry after we create the image we will slip stream the appropriate hardware drivers into it with DISM GUI. Sysprep is located in C:\Windows\System32\sysprep\sysprep.exe. Double click on the executable file. Select Enter System Out-of-Box Experience (OOBE), check Generalize, and select Shutdown.sysprep

Click OK, this will run a cleanup and generalize phase and then shutdown your VM.

Capturing the Windows Image

Once the VM is shut down mount the winpe.iso we created earlier in Virtual CloneDrive. Also make sure that the VCD is available to the Virtual Machine, you can double check by highlighting the VM, clicking Settings and selecting Storage. Under Controller: IDE you should see Host Drive ‘E:’, where E: should reflect the drive letter corresponding to your computers VCD drive letter.

Now this is important, next you want to boot that VM you just sysprepped and shutdown. However you want to boot it to the mounted WinPE iso, CD-Rom in the VM. One thing to consider is that you will need to save the Windows image somewhere, and it can not be in the VM, so you have options you can either save it to your host machine bu mounting a shared folder in the VM in WinPE via the net use command, or attach a usb drive to the VM via Settings, USB, and clicking the add USB Device icon.vmUSBdrive

Start and focus on the VM window, keep pressing F12 while booting to bring up the boot menu. Select option c0 which is cd-rom to boot the mounted WinPE image. winpe

The above image is an indication that WinPE is loading. Once booted you’ll be greeted with a dos command prompt window, generally X:\windows\system32>. Next you’ll need to figure out which drive is where and what drive letters are assigned to them. Usually I just go through the alphabet with the command a:, b:, c:…. etc. In my instance the USB did not come up in the VM, typical, it rarely works. So we have to do this the hard way, mount a network drive in WinPE(VM) and send the image to the Host PC. This is why we slip streamed LAN and Storage drivers into the WinPE image earlier. I had 3 drives I found c:, d:, e:, and x:. C is system reserved, D is the Sysprepped OS, E is the WinPE cd-rom, and X: is the drive assigned to the current WinPE instance. Note these drives and what is on them.

First let’s make sure the VM has an IP, run the command ipconfig to confirm that it does. If you get a IPv4 address that doesn’t start with 0.x.x.x or 169.x.x.x you’re good to go. If you don’t get an IP you need to find the right LAN drivers and slip stream them into the WinPE wim, and recreate the iso. ip

Next ping your host computer IP make sure the VM can talk to the computer it is running on. Run ipconfig on your host computer to get it’s IP address and then ping that ip from your VM, for example my host pc IP was 10.50.70.104, so in the VM i ran the command

ping 10.50.70.104

and the pings were succesful. This means the two machines can talk to each other. ping

Next create a folder called IMAGE on the VM host machine in the root of c:, C:\IMAGE. Right click the folder, select properties, select the Sharing tab, and click Share. In the File Sharing window you will need type in Everyone and click Add or press enter. Under Permission Level give Everyone Read/Write permissions and click Share. If you are not able to share the folder you will need to enable File and Printer sharing in windows go here to see how it’s done. Remember, sharing is caring.sharing

Now we will mount this shared folder in the VM that is running WinPE using the net use command. Context is as follows ‘net use <drive letter> \\server\share’, in my case I used the command

net use z: \\10.50.70.104\image

With this command I mounted the shared folder image on machine with IP 10.50.70.104, to a Z drive in WinPE. In my case I was also prompted for a user name and password, the reason for this is because I’m on a domain, and my domain security settings require a valid domain user. The user id was preceeded by the domain, domain\userid, and a second prompt prompted me for a password.netuse

Time to capture the Windows image. If you’re not already switch to the X drive by typing in x:. I used the following command to capture the windows image

e:\imagex.exe /capture d:\ z:\laptopIMG.wim “Laptop Image” 

This will start the image capture process.capture

e:\imagex.exe is the location of the imagex program on the cd rom. This program is used for capturing and deploying images.

/capture a command line switch that tells imagex to capture an image.

d:\ this is the swtich for the source of the image. The drive which had the sysprepped windows 7 OS.

z:\laptopIMG.wim switch for the destination and name of the image file. Z: network drive we mounted earlier which points to the VM host machine.

“Laptop Image” a label switch given to the image file that will be created.capturing

That’s pretty much most of the hard work. You’re almost done. All that is left is to wait for the image to finish being captured. Once the image is captured open up up DISM GUI and mount the wim file, same as before, this time we will add the hardware specific drivers though, LAN, Sound, Mouse, Keyboard, Chipset… etc. Grab the hardware drivers from the manufacturers website. Use the instructions above. If you have various hardware setups on your network or at home grab all the drivers necessary and slip stream them all into the wim file. One thing to note is that slip streaming Video drivers will not work. I’m ok with that as they change so often it is a non issue with me. You could always place an executable in a folder of the Windows 7 image. Unmount and commit the Windows image changes in DISM GUI. Your image is complete, all that is left to do is deploy it to a machine.

Windows Image deployment

To deploy the image plug in the WinPE flash drive and the USB drive that has the windows wim file on it, into a computer. Change the boot priority on the PC so it boots from the WinPE flash drive. Once in WinPE you need to locate all the drives and distinguish them, write down which is which. Then we need to enter disk partiton manager again, we will erase the primary drive in the machine, and leave the flash drive and USB drive alone. Enter the following commands in the command prompt:

diskpart – enters partition manager

list disk – lists all the disks connected to the machine

select disk 0 – selects the primary disk

clean – wipes the information on the disk

create partition primary size=300 – creates a partition size of 300MB

select partition 1 – selects the partition you just created

format quick fs=ntfs label=”System” – quick format an NTFS drive with label “System”

assign letter=S – assign drive letter S to the System partition that was just formatted

active – sets the partition as a valid system partition

create partition primary – creates another primary partition on the drive

select partition 2 – selects the 2nd partiton

format quick fs=ntfs label=”Windows” – quick formats the 2nd partiton with NTFS file systerm and the Windows label

assign letter=C – assigns drive letter C to the 2nd partion

exit – exits the diskpart utility

Now let’s image the freshly formatted drive with your Windows image. Assuming that the WinPE flash drive is on drive F: and the USB drive with the Windows image on drive G:, run the following command.

f:\imagex.exe /apply g:\laptopIMG.wim 1 C:

f:\imagex.exe – is the image management application located on the WinPE flash drive

/apply – is the switch to tell the application to apply a wim image

g:\laptopIMG.wim – is the location of the image file in the USB drive

1 – is the index of the wim, a wim can house different version of itself

C: – is the destination that the image is to be applied to

Update: Forgot to mention an important step in deploying the image. Prior to restarting the computer after imaging, the bcd boot command needs to be ran. BCDboot is used to initialize the Boot Configuration Data (BCD) store and copy boot environment files to the system partition. For example, at a command prompt, type the following.

C:\windows\system32\bcdboot C:\windows       (for a x86 OS)

C:\windows\SysWOW64\bcdboot C:\windows       (for a x64 OS)For the 64 bit version of bcdboot the command has to be run from the SysWOW64 directory otherwise it will not work.

Wait for it to finish, power down the computer, and remove the flash and USB drive. Then boot up the computer and go through the setup process such as creating a User, setting the time zone, adding to the domain… etc.

Enjoy.

Happy Christmas and a Merry New Year.

HTPC? Go with Linux, try and avoid Windows based HTPCs.

A year and a half ago I switched my media server from Windows to Linux, this opened my eyes. A lot of people are afraid of Linux, people are afraid of what they don’t understand. I was a bit skeptical at first, but having made the switch I would never go back to a Windows based machine. Also I wanted to state that this article is not put here to start a flame war. I’m a heavy Windows user, these are just some observations of mine.

Main_logo_3DMy server serves up all the media from 7 Hard Drives totalling about 14 Terabytes of storage. I use XBMC to view all that media in my home. For those of you not familiar with XBMC, first I must ask, “Where have you been?”. XBMC is an award-winning free and open source (GPL) software media player and entertainment hub that can be installed on Linux, OSX, Windows, iOS, and Android, featuring a 10-foot user interface for use with televisions and remote controls. It allows users to play and view most videos, music, podcasts, and other digital media files from local and network storage media and the internet. That bit is straight from the horses mouth. It is probably one of the most popular media players for home theatre enthusiasts. If you have multiple televisions in your home you can point XBMC to an SQL database and sync content across rooms. If you are half way into a movie and you decide to stop it, you can continue where you left off in another room. It’s a very feature filled and rich media centre environment.

In my main living room where I have my home theatre setup, I’ve been running XBMC on top of a Windows machine for quite some time now. It has been very unstable, and more often than not if I brought the PC out of suspended mode XBMC would crash to desktop. My main reason for running this on top of Windows was that I also wanted to browse the web while in the living room. Finally I got annoyed at all the crashes and hangups with Windows. I could have ran in on top of Ubuntu, but instead I opted for an embedded XBMC solution. I had a choice either XBMCbuntu or OpenElec. I decided to go with OpenElec, to me it seemed like to more logical choice of the two. OpenElec is XBMC built from the ground up, on top of a Linux kernel. It is designed for light and small embedded media players. XBMCbuntu is an XBMC distro built on top of the Ubuntu kernel. I wanted the one with less bloatware. OpenElec stands for open embedded Linux entertainment center.

openelec_logoOnce I installed OpenElec and setup all my sources in XBMC I moved on to the testing phase. I wanted to test a couple movies. I ran a test on a movie i recently watched on my Windows based XBMC. Same hardware but different software. I played the movie and immediately I noticed the sound was a little louder, so i dropped the volume a couple notches, and continued watching. Meanwhile this is all playing through a 5.1 surround sound setup, and DTS is being decoded on the receiver. While listening I noticed something nice but not that surprising. The dynamic ranges in the movie were clearer and being reproduced a little better. The new XBMC Frodo (v12) Audio Engine (AE) and the linux audio stack was handling the audio a lot better than the Windows equivalent. Then I immediately recalled an article I read about 6 months ago where an audio engineer discusses the merits and accuracy of the Linux audio stack over the competition such as Windows. I wish I could link to the article, it was an interesting read. I also recalled that Windows audio stack or API as of the Vista version was no longer controlled by the hardware manufacturers but by the kernel of the OS. Some say that since Vista you don’t have true hardware DirectSound, instead you have software WASAPI which does mandatory resampling and frequency cutoff, and doesn’t allow any hardware effects such as CMSS-3D. This lead to some back lash from a lot of people back then, both hardware manufacturers and end users. In the end the audio experience is just as important to me as the video experience. I still buy Blue Rays because of the uncompressed video and audio quality, after all a movie should be an audio visual experience.

linux-wallpaperIn the end I’m glad I switched the HTPC to Linux. There is a noticeable performance increase on the audio side and just a general performance increase due to the smaller OS overhead from Linux and OpenElec. As for the web browsing part on my HTPC that I mentioned earlier, I found a third party Opera Browser plugin for OpenElec. Also as a side note, if you’re using a Raspberry Pi for XBMC, there is a huge performance increase with OpenElec over Raspbmc.

Here is a little clarification of the Windows audio subsystem taken from the XBMC Wiki:

Since Vista SP1, Windows has two primary audio interfaces, DirectSound and Wasapi (Windows Audio Session Application Programming Interface). The latter was a replacement for XP’s Kernal Streaming mode.

DirectSound acts as a program-friendly middle layer between the program and the audio driver, which in turn speaks to the audio hardware. With DS, Windows controls the sample rate, channel layout and other details of the audio stream. Every program using sound passes it’s data to DS, which then resamples as required so it can mix audio streams from any program together with system sounds.

The advantages are that programs don’t need resampling code or other complexities, and any program can play sounds at the same time as others, or the same time as system sounds, because they are all mixed to one format.

The disadvantages are that other programs can play at the same time, and that a program’s output gets mixed to whatever the system’s settings are. This means the program cannnot control the sampling rate, channel count, format, etc. Even more important for this thread is that you cannot pass through encoded formats, as DS will not decode them and it would otherwise bit-mangle them, and there is a loss of sonic quality involved in the mixing and resampling.

Partly to allow for cleaner, uncompromised or encoded audio, and for low-latency requirements like mixing and recording, MS re-vamped their Kernal Streaming mode from XP and came up with WASAPI.

WASAPI itself has two modes, shared and exclusive. Shared mode is in many ways similar to DS, so I won’t cover it here.

WASAPI exclusive mode bypasses the mixing/resampling layers of DS, and allows the application to negotiate directly with the audio driver what format it wishes to present the data in. This often involves some back-and-forth depending on the format specified and the device’s capabilities. Once a format is agreed upon, the application decides how it will present the data stream.

The normal manner is in push mode – a buffer is created which the audio device draws from, and the application pushes as much data in as it can to keep that buffer full. To do this it must constantly monitor the levels in the buffer, with short “sleeps” in between to allow other threads to run.

WASAPI, and most modern sound devices, also support a “pull” or “event-driven” mode. In this mode two buffers are used. The application gives the audio driver a call-back address or function, fills one buffer and starts playback, then goes off to do other processing. It can forget about the data stream for a while. Whenever one of the two buffers is empty, the audio driver “calls you back”, and gives you the address of the empty buffer. You fill this and go your way again. Between the two buffers there is a ping-pong action: one is in use and draining, the other is full and ready. As soon as the first is emptied the buffers are switched, and you are called upon to fill the empty one. So audio data is being “pulled” from the application by the audio driver, as opposed to “pushed” by the application.

WASAPI data is passed-through as-is, which is why you must negotiate capabilities with the audio driver (i.e. it must be compatible with the format you want to send it as there is no DS between to convert it), and why encoded formats like DTS can reach the receiver unchanged for decoding there.

Because WASAPI performs no mixing or resampling, it is best used in the exclusive mode, and as a result the application gets the exclusive rights to the audio buffers, to the exclusion of all other sounds or players. WASAPI shared mode does allow this, but that’s not a common mode and not what we want for an HTPC. I myself have a dislike of Window’s cutesy system sounds happening at 110db

Hope some of you found today’s primer of use. Please pick up a scorecard from the desk and drop it in the big round “collection box” on your way out

Cheers, Damian

Windows 8.1, there is a light at the end of the tunnel.

You might have read my previous post about Microsoft not understanding it’s customers, and might be confused about the above title. My opinion still stands, but there is hope for Windows  8 and 8.1, if you want to know how and why just read on.

desktop

Recently I have had a chance to get my hands on the Windows 8.1’Blue’. I finally understand why they called it blue, it will leave you blue as soon as you find out that the Start Menu hasn’t changed one bit. A few new customization options in the start button have been added, but for the most part the Start menu is still full screen and very intrusive. This is the biggest gripe that most people have with the OS. Yes, you can boot directly to the desktop, but modern Metro apps and the Start menu are still full screen. I think MS misunderstood the cries of the masses, when they cried bring the Start button back. The Start button is an easy and quick way to access your system with just one click. As a power user everyone knows that there are many shortcuts to applications and menus when you right click certain links in the start menu, for instance right click My Computer and you can map a network drive, get to Computer Management, or bring up the System menu. You get the picture and as a System Admin these are very handy shortcuts.

Don’t get me wrong the Windows 8 UI works for mobile computing, I’ve tested it on a tablet, and it really shines in this space. It is great for a touch interface, but it falls really short when it comes to desktop computing. In my humble opinion, the user should have a choice when installing the OS on their device. You pull the device out of the box and the image asks you if you’d like the Mobile or Desktop experience. But I digress…

I’ve been waiting on 8.1 since the rumours of the Start menu coming back surfaced. I was even excited, then disappointed when I got to try it. But I was also aware of a fix, a fix that even Samsung opted in on some of their Windows 8 consumer laptops. That fix is Start8 and ModernMix by Stardock. This is the light at the end of the tunnel for both Windows 8 and 8.1.

One can purchase Start8 for $4.99 and ModernMix for $4.99 from Stardock, or bundle these two together for $7.99, and voila Windows is back to it old self. For companies you can buy a volume license, but you will need to contact Stardock directly.

So what do these applications actually do you may ask. Well, Start8 essentially brings back the old trusted Start Menu, you can still access the new one but for the most part Start8 replaces it. With this software you can also disable the hot corners and change certain windows defaults that are normally not adjustable. Have a look at the gallery for all the available options in Start8.

This slideshow requires JavaScript.

ModernMix on the other hand “windows” the metro apps, normally they occupy the entire screen. This also gives you the ability to close these windowed Metro Apps by pressing the X at the top right of the window, and a few extra options for the MetroApp become available at the top right corner as well. You can exit or enter full screen mode for these apps, and you can open the charms menu.

This slideshow requires JavaScript.

These two applications really saved the Windows 8 experience for me, and for the price of a Pint of beer I really didn’t mind paying for the software, not even an afterthought. I am fully switched from Windows 7 to Windows 8 now, running the same applications i was in Windows 7. There are very few compatibility issues that I have noticed,  actually I have noticed none yet, it seems that all the applications I was running in 7 I can run in 8. I’ve been running 8 with both these application for a couple weeks now, and it is a solid and refined experience.

Also the Windows 8 is a little snappier than 7. Here is why the experience is snappier, I will explain to you as the Microsoft Engineer did to me last year at a Dell event. With Windows 7 prior to loading the desktop it loads everything, drivers, software, dlls, dependencies weather it needs it or not. With Windows 8 it loads things on demand, hence the quicker load times.

Like it or not Windows 8 is here to stay, but at least you don’t have to suffer through the most intrusive desktop experience ever developed someone out there has got your back.

Update: I ran into an instance where Bing Maps would randomly open up, on computer boot, and then while I was already in windows browsing or doing anything at all. Now with these Metro Apps there is no uninstall option. So what one has to do is use PowerShell to uninstall the Metro App.

Open PowerShell and type in the following to list all the metro application installed on your computer… listpckg

This will list several pages of text, scroll and find the package you wish to uninstall. Note the PackageFullName line, you can copy it by highlighting it with your mouse and right clicking it.

Next we will uninstall the package, in this example I will uninstall the BingFinance package. Type in “remove-appxpackage ” then right click into the PowerShell window and it will paste the package name you copied earlier, hit enter…uinstpckgPowerShell will progress to the next line, the cursor will change and show the loading circle beside it. Now if you look for Bing Finance it will be removed from your Win 8/8.1 machine.

Here are the Microsoft KBs associated with uninstalling the Metro Apps.

http://technet.microsoft.com/en-us/library/hh856045.aspx

KBtalKing v1.1 PRO Mechanical Wireless Keyboard.

I’ve been looking for a wireless gaming keyboard for a while. Specifically a mechanical wireless gaming keyboard. To tell you the truth, there aren’t many out there. Actually I think there are only a couple of companies in the wireless mechanical keyboard business.

After some digging I was able to find a product by KBtalKing. The only thing I was worried about is the fact that it uses Bluetooth as a method of communicating. It uses Bluetooth (BT) 3.0, but in general BT communication is a bit laggy and slow. It is not ideal for gaming where milliseconds matter and can mean the difference between fragging or being fragged. I decided to take the plunge and purchase it anyways. This keyboard can connect up to 10 BT devices including PS3, Android, and iOS devices. Or be connected via a USB cable to a PC.

Both wireless receivers for the mouse and keyboard were connected to a powered USB hub, which is connected to a 85 foot USB 2.0 cable that runs from my living room to my bedroom where my gaming rig is located. Both the keyboard and mouse were about 7-10 feet away from the wireless receivers. The keyboard is rated for bluetooth 3.0 and was connected to a Broadcom bluetooth 4 dongle. The manufacturer recommends Broadcom bluetooth devices as they find they work best with their hardware.

As for the keyboard itself it is Black on Black keycaps with MX cherry red mechanical switches. It comes with extra key caps to replace the windows or command button, and a key cap puller. The red mechanical switches are very sensitive, especially for my big heavy hands. Resting my fingers on the keys of this keyboard is not an option, the slightest touch and the key press is reproduced on screen. It took me a couple days to get used to the sensitivity of the mx cherry reds, but now this is a non issue. I like the key cap remover, I use it all the time to remove the console key for BF3, the #5 key, and the ‘f’ key. I have a very big problem pressing the console key in BF3, where I press it and then I’m stuck not being able to move with the keyboard. This generally happens when I try to select weapon slot 1. With the key cap remover it takes me 2 seconds to pull the key, this way I don’t accidentally press it.

These are plate mounted switches so they can be swapped out if one should so desire.

After setting my TV to GAME mode to minimize input lag I set out to test the wireless keyboard performance, the session was accompanied by a Logitech G700 wireless mouse.

By default I was expecting some lag, the reason being is that my Gaming PC is in my bedroom and I have it connected to my HT in the living room via a HDBaseT device and a 85’ long USB 2.0 cable. With all the cabling running this long distance I expected input lag, and a game like Battlefield 3 to be unplayable.

However to my surprise this was not the case. Not only was the keyboard responsive, the game was playable, very playable. I gamed for several hours with this keyboard in my living room. Not only that, the keyboard was so responsive my game was taken up a notch. I found that it responded very well to my key presses, it was livelier, and a day and night comparison to my G510 rubber dome keyboard. With 6 key rollover, being mechanical and bluetooth 3.0 this keyboard did not miss a beat. In fact it performed well over my expectations.

I even tested the keyboard distance with the Bluetooth dongle I had bought, I got about 12 feet before the signal started breaking up, to the keyboards defence it was through a couple walls.

I’ve never been a fan of wireless keyboards and mice due to the input lag from wireless technologies. Well this is no longer the case, KBtalKing PRO in wireless mode performed very well, gaming grade well. They sell what they advertise. I had a nerdgasm using this keyboard, which was well worth the price that I paid.

I was playing last night and the Health fitness timer went off, which means I was in the middle of a BF3 gun fight and I lost the ability to move. I do not recall setting this and it took me a minute to realize what had happened. It’s a little weak on the indicator for these functions.

Also the keyboard came with a silly calendar which one assembles out of the instruction manual. Totally random.

Keyboard Specifications:

Number of Keys: US 108 Keys (ANSI)

Keyboard Color: Black

Keyboard Type: Mechanical – Using top quality Cherry MX Red keyswitches. Cherry MX Blue (clickier/louder) also available. Cherry MX switches are tested at more than 50 million strike life cycle.

Keycaps:

  • Standard – Laser Etched White Characters on Black ABS Plastic (UV Coated)
  • Black on Black – Laser Engraved Black Characters on Black ABS Plastic (UV Coated)All keyboards come with Mac compatible keycaps (4 pcs – command x2, alt/option x2).

Hotkeys: 27 (See full list of explanations on proprietary hotkeys and functions)

Anti-ghosting/N-Key Rollover: 6-key simultaneous input without ANY conflict/interference (Tested in both USB & Bluetooth mode Any key combinations).

Wired Interface: USB (Detachable cord)

Wireless Interface: Bluetooth 3.0 (Pairs and saves up to 10 devices)

Exclusive Technology: Multi-Pairing Bluetooth (10 devices) with switchable USB connection

Compatible Bluetooth Devices: Google Android 3/4 devices, and Apple iOS 4/5/6 (iPhones, iPads, etc.), Playstation 3

Compatible Computers: Windows XP / Vista   / Win7  / Win 8 / MAC OS 10 or higher

Batteries: AA x 2 pcs (not included)

Battery life: Approximately 1000+ hours. (3 hours/day x 365 days)

Accessories Included:   User Manual, USB Cable, Mobile device stand, keycaps for Mac (4pcs), keycap puller

This manufacturer tutorial page has all the details about the device and the OS specific function keys. Check it out… http://kbtalkingusa.com/kbtalking-pro-tutorial/

In conclusion, this is a gaming grade mechanical keyboard with wireless features able to connect up to 10 wireless devices and one wired device via USB. It kept up with my gaming needs with great wireless Bluetooth 3.0 performance.

As a side Note, I had a problem with Windows 7 and using the keyboard. Pressing the Capslock button would kick a game out of full screen mode. I tracked the problem down to BTTray.exe (the Bluetooth dongle), the on screen indicator for the keys being engaged and disengaged would kick the game out of full screen as it would render a visual notification on the desktop. This feature can be disabled via a registry edit.

HKEY_LOCAL_MACHINE > SOFTWARE > Widcomm > BTConfig > General > KeyIndication

Change the value of “KeyIndication” from “1″ to “0″

Reboot..

Problem fixed. This will only be an issue if there is a BT device connected to the PC. I use both wired and wireless on my PC.

Thanks for reading.