Monday, December 21, 2009

VHD to WIM: from virtual machine to WIM deployment

A lot of topics discuss about the process of converting VIM files to VHD, but very few about VHD to WIM.

Virtual Hard Disk (.vhd) is the file format of virtual machines hard disk drives. Connectix and Microsoft are currently using this technology. You can check the Virtual Hard Disk Image Format Specification for more details.

Windows Imaging Master (.wim, .swm) is the file format for deploying Windows OSes since the XP version.

The goal of this post is to explain how to produce a WIM master file after having prepared a VHD master.

1/ prepare the virtual machine master
- install the OS, the program you want to use
- in case you would like to perform a unattended installation, I advise you to check the Sysprep a Windows 7 Machine - Start to finish post.
- sysprep with appropriate commands

2/ convert the virtual machine VHD to a VIM
2.1/ if you used at least 1 snapshot (avhd): (if not, go to 2.2), we have to produce a single VHD file.
When using snapshots, it creates a tree of virtual machine states. The root node (the root "-" sign) is a VHD, and each icon is a AVHD storing the differences made regarding the parent disk.

In our example, we have a total of 8+1 avhd files. (8 snapshots, and the final state).

The problem is that, on windows 7 / 2008R2, we are currently only able to mount a VHD.

If you do not want to loose your snapshots, you have to perform:
2.1.1/ Virtual machine export
2.1.2/ Virtual machine import

2.1.3/ Snapshots merging
- Click on the root snapshot: delete > snapshot subtree
- wait for the merging operation to finish
- your vhd is now ready to be mounted in your host system!

2.2/ Mount the VHD (as read only) in your host system
- start > Run > diskmgmt.msc
- Action > Attach VHD. Then:
- check Read-Only
- select the vhd we just produced and notice its assignated letter. Let us assume that it has the letter G: assigned.

As a local administrator, open a command prompt:
cd "%programfiles%\Windows AIK\Tools\amd64"
(assuming that your host system is x64 Windows OS, or cd "%programfiles%\Windows AIK\Tools\x86" if it is a x86 one).

imagex /compress maximum /flags “Ultimate” /capture G: C:\image.wim “Win. 7 Ult. x86 - Off. 2007”
- wait for the process to finish

3/ Configure the WIM server
- tip: the boot.wim is located in the sources folder which is at the root level of the iso.
- the image.wim is the one we just created before

4/ Enjoy your deployment!

The idea beyond this article is to have a virtual machine which we can freely improve, thanks to a snapshot hierarchy. And as soon as a new master is ready, simply publish it as a new Windows Deployment Services entry.

Sunday, December 20, 2009

November 2009 hacking attempts on my websites

As you probably already know, I am maintaining several websites (Hotel-Medicis, Bazar-Discount, Cordes-Aux-Voix, Athletisme-Grenoble).

Every month I check the hacking attempts on these websites at different levels:
- server
- web application

For the month of November 2009, I detected that:
- 35 unsuccessful root logins via ssh (deferred via sshguard)
- 10 unsuccessful attempts of SQL injection have been made (catched by the SQL module of my Car-Online framework)
- 78 unsuccessful attempts of exploring the files stored on the webserver by playing with URLs

I am now starting to think about all the hacks I did not detect...

Wednesday, December 9, 2009

FIM 2010 RC1 update 2

Update 2 for Forefront Identity Manager 2010 RC1 was publicly released yesterday on windowsupdate.
This patch applies to:
- the FIM synchronization service
- the FIM service

Before installing these optional updates:
- stop the FIM service
- stop the FIM synchronization service

Additionaly, you have to apply these updates in the following order:
- FIM 2010 RC1 update 2 for FIM SERVICE

Since the update 1 failed if we used a non self signed certificate, altough I was not sure it was necessary, I did the temporary certificate replacement before Forefront Identity Manager 2010 RC1 update 1 trick.

It ows the KB977312. You can check details on the Microsoft Support website.
I advise you to read this article on Jorge's blog.

How to install the FIM RC1 2010 Update 2 with a custom certificate:

1. Back up the FIM Service database.
2. Start regedit, and navigate to \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FimService. Find the value for CertificateThumbprint, and save it for later use.
3. Uninstall the FIM Service and Portal.
4. Reinstall the RC1 version of the FIM Service and Portal, with the options Re-use existing database and Use self-issued certificate. This allows the FIM Service installer create the certificate.
5. Install FIM 2010 RC1 Update 2.
6. After installation is complete, start regedit, and navigate to the registry key \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FimService. Change the value of CertificateThumbprint to the value that you saved previously.
7. Restart the FIM Service.