Sunday, February 3, 2008

Creating a customized system restore disk

I was going to do another writeup on BackTrack, but I decided to do it on an often overlooked portion of network security: backup and restore.

It is inevitable that even your best defense will fail you, and the data center or workstations will need to be restored to their original state. Because attempting to do this with normal installation CDs would make a new career field, several methods have been devised for making streamlined install CDs and network installations.

I will not talk about restoring servers in this entry, but focus on workstations for smaller companies.

There are two main options for creating these restore CDs. The first is Bart, the second is nLite. After reviewing both of the programs (which are free and available for download), I decided to use nLite because of its greater simplicity. However, it will not allow me to 3rd party programs, only drivers, themes, service packs, and updates can be integrated. Bart also has the advantage of booting in live mode. However, nLite is much easier to setup and run, and requires no interaction from the user.

So, to start with, download all the drivers you want to install on your system. You will want the binaries if possible. If not, you will need to unpackage them. A program called Universal Extractor is good for doing this, but does not work with 100% of the drivers available.

Now you will need to download updates, either from Microsoft, or as a lump download from RyanMV. Put them into a folder as well.

After this, head to Microsoft and download service pack 2 for IT pros. This will allow you to install service pack 2 if your CD does not include it already. Also, you can download service pack 3 when it is ready.

After doing this, you will need to copy your windows XP cd to another folder. When it is completed, download and install nLite. Run it, and you will begin at this screen:

Its pretty straight forward. Next is this screen:

Here you must navigate to the file you copied your Windows XP cd to and load it.

This screen will allow you to import a previous session. Each session requires you to make a fresh copy of Windows XP. However, it will also allow you to modify previous ISO's without completely rebuilding them. Assuming you have no past sessions, simply click next.

Here is where you will choose what to streamline. For this exercise, I chose all of them:

And then selected service pack 2 for integration:

Be patient, it takes a little bit of time:

Once this is finished, navigate to the hot fixes and patches you wish to add to your installation:

Click next and you will be at the add drivers screen. Add the drivers you desire and click next.

After the drivers are finished integrating, you will need to select options you wish to keep. Don't worry, they won't remove any vital system options, they will only prevent you from removing a service that you wish to keep by accident. Think of this stage as a filter stage. You are asked what you wish to to do, and choices are narrowed down based on your more broad answers.

I have a webcam, needed DHCP functionality for networking, media center codecs, printers, windows activation (never turn this off unless you have a corporate edition disk) and I like to run automatic updates.

This is the important part. You can remove programs and drivers from being installed on your system. There is a plethora of features which the average user or office worker does not need. Everything from games, to messenger, down to different languages and ancient drivers.

As you can see, there is something in almost every category that can be removed. Keep in mind that most drivers do not use the generic windows pre-load drivers, but their own proprietary applications.

Now the fun part. You can fully automate the disk by entering the product key and selecting a fully automated unattended mode. I turned off system restore because I back up my files on a different drive, and like keeping the extra space (2% of 160 gigs is still a lot).

For safety concerns, I disabled the default administrator account, and gave my own account those permissions. Brute force attacks are run against Administrator and Admin accounts most frequently. You can also add additional users if you require.

This area allows you to configure your network. If you have a domain controller, enter the domain name, user name, and password, as well as the organization. The computer name will have to be changed after installation if this is the case, however.

Because I preloaded my nVidia video card drivers, I set the screen resolution and refresh rate to the optimal setting. WARNING!!! If you exceed your monitor or video card's maximum refresh rate or resolution, you can damage them! If you aren't sure what the threshold is, leave them at default and change it later.

I strongly advise turning automatic updates on, include minor updates, and elevate non-admins if there are non-admin accounts.

When you are finished reviewing and selecting your options, click next and double check the options screen. This will allow you to tweak a few additional options, especially in the boot process.

This screen allows you to tweak your startup an registry options. There are a few things that basic users can do, such as adding an administrative tools menu to the start menu (its a feature I really like from Server 2003).

After clicking next, nLite will begin to construct the files it will use to generate the ISO. Be patient, this takes some time. There may be errors in your updates. nLite can usually work around them and generate the files regardless.

Success!!! The total installation was reduced by 172.4 megabytes, even though I added 45.67 megabytes of additional drivers. This is a very slim installation, and will lead to a less bloated registry and windows folder.

Now just generate the ISO image. Once this image is created, you can put a writable disk into the CD drive, and double click the ISO. It will then create your installation CD. You can also use other ISO recording applications as well.

Remember to BE CAUTIOUS with these CDs. Unlike a Bart CD that installs from a server on the domain, these CDs can be swiped and used on any other computers. This is not good if you have a corporate license. I would advise that you make only a limited number of copies, secure the ISO file, and regulate the distribution of the CDs.

I will try to post a writeup using Bart CDs, though I cannot promise it will be using a domain for remote installation.

No comments: