Mes: May 2014

How to create a security template for hardening

Marc, , , , Deja un comentario

Hi!

To create and apply a customized security template I did the following:

Use a template based in Security Compliance Manager

http://technet.microsoft.com/en-us/library/cc677002.aspx

Deploy a temporal standalone WS 2012 R2 to do tests

Import the .inf file exported from GPO Backup (folder) option in SCM to a Security Template mmc and then modify all options you want.

Add Security Configuration and Analysis snapin, import your template .inf and then execute the analyze option, remember to use a new database.

http://technet.microsoft.com/en-us/library/bb742512.aspx#EFAA

Save configurations as inf file and it will be your security template for hardening.

Regards

Create in DHCP server option 060 for PXE

Marc, , , , , , , Deja un comentario

Hi!

When you create a WDS server out of your DHCP server the server option 60 in dhcp for PXE do not exists. To make it do the following steps:

 

Open a command prompt with elevated privileges and writte:

NETSH
NETHSH>DHCP
NETHSH>server \\NameOfDHCPServer
NETHSH>add optiondef 60 PXEClient String 0 comment=”Option added for PXE Support”
NETHSH>set optionvalue 60 STRING PXEClient
NETHSH>show optionvalue all
NETHSH>exit

next step in my case is add 066 option to say whicc is the WDS server.

I hope it help you!

Regards

Create and deploy a sysprep image from a vhdx

Marc, , , , , Deja un comentario

Hi guys,

With the below commands we can deploy a winpe image made with WADK 8.1 for WS 2012 R2

Regards

Create a WinPEMEdia

  • Install ADK 8.1
  • Start deployment and imaging tools environment as Administrator
  • copype amd64 c:\winpe_amd64
  • Copy VHD at this directory before made winpemedia
  • MakeWinPEMedia /ISO C:\WinPE_amd64 C:\WinPE_x86\WinPE_x86.iso

Create image:

  • Diskpart

o    create vdisk file=C:\temp\vhd\master.vhdx maximum=122880 type=expandable

o    select vdisk file=C:\temp\vhd\master.vhdx

o    Attach vdisk

o    create partition primary

o    assign letter=V

o    format quick label=vhd

o    Exit

  • Dism /apply-image /imagefile:E:\sources\install.wim /index:4 /applydir:V:\
  • Diskpart

o    Select vdisk file=C:\temp\vhd_cloud\master.vhdx

o    Detach vdisk

o    Exit

Install image

  • Boot host with WinPE (with vhdx) generated before.
  • Diskpart

o    Select disk 0

o    Clean

o    Create partition primary size=350

o    Format quick fs=ntfs

o    Assign letter=s

o    Active

o    Create partition primary

o    Format quick fs=ntfs

o    Assign letter=c       (maybe you need to leave C: from Winpe and reassign to another drive letter)

o    exit

  • Copy vhdx to C:

o    Diskpart

o    List volume

o    Detect volume where is vhdx and copy to c:

  • Diskpart

o    Select vdisk file=c:\master_win.vhdx

o    Attach vdisk

o    List volume

o    Select volume (press volume number for attached disk)

o    Assign letter=v

o    Exit

  • Cd v:\Windows\system32
  • Bcdboot v:\windows
  • Diskpart

o    Select vdisk file=c:\master_win.vhdx

o    Detach vdisk

o    exit

o    exit (reboot)

  • password: XXXXXX
  • Change to your System Locale – Reboot
  • Format your language and country
  • Copy Settings to default user and Welcome screen
  • Powercfg /hibernate OFF (for HyperV hosts)
  • powercfg /s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c (for HyperV hosts)
  • Eventvwr, everyone to 51200 and Overwrite as needed