70-680

1. Intro to 70-680 Windows 7 versions Starter o Built for netbooks o No dvd playback or WMC o No Aero o No Internet Connection Sharing o No IIS webserver o No enterprise technologies Domain connection, Bitlocker, applocker, branch cache o Only 32bit version, max of 2G RAM

Home basic o Only on emerging markets Geographical activation restriction o Similar to Windows starter o Have X64 version supports 8G RAM/1 Physical CPU

Home premium o The consumer edition o DVD playback o Windows Aero o ICS o IIS Webserver o No enterprise technologies o X64 version supports 16G RAM and 2 physical CPU

Professional o Same as Home premium o Can connect to windows domain o Supports domain connections, remote desktop host, EFS o No Bitlocker, Applocker, branch cache o X64 version up to 192G RAM

 Ultimate o Complete functionality o X64 up to 192G RAM

Enterprise o Same as Ultimate o Cant be purchased on shelf o On Volume Licensing subscribers for big companies

2. Installation part 1 Clean install Installations methods + Boot From DVD USB o 4Gig o Move existing data o Format FAT32, Active

o o

To format the USB Need elevated permission Run> cmd [(hold shift+CTRL) then hit CR] Cmd> diskpart Diskpart> list disk Diskpart> select disk 2 Diskpart> list disk (to make sure we selected correct disk) Diskpart> clean Diskpart> create partition primary Diskpart> format fs=fat32 quick Diskpart> active Diskpart> exit Copy DVD BIOS Boot

Network o www.nu2.nu/bootdisk - BARTs boot disk o WIN PE: Windows Pre-installation Environment Useful for diagnostics The centralized windows installation media can be easily updated Get windows PE free WAIK: Windows Automation Installation Kit for Win7 Install WAIK on server WAIK Cmd> copype <cr> >Copype x86 c:windowspe-x86 Pointing the WIM file installation> copy c:\windowspe-x86\winpe.wim c:\windowspe-x86\ISO\sources\boot.wim <cr> To build iso image> oscdimg n bc:\windowspe-x86\etfsboot.com c:\windowspe-x86\ISO c:\windowspe-x86\windowspe-x86.iso

WDS: windows deploymemt services o Automated deployment o Requires W2K8 AD/DHCP/DNS Network adapter which supports Client PXE boot Or boot from discover image o Larger deployment o More efficient than network only

Multicast Updates, drivers Can be automated (WAIK)

Imaging o Norton ghost o Acronis Clean install Files for un-attended installation: Unattend.xml or Autounattend.xml Boot from install media Choose custom (advance) X86 to X64 Previous OS with existing data and concern that it may get lost, consider to upgrade the OS

Dual-boot Less important with existence of VMs Legacy software reqs Limited hardware (no xp mode) Requires 2 HD/partitions o Shrink volume if needed o VHD exception Oldest first Custom install To resize partitions on XP, we can use www.ultimatebootcd.com The100mb stored on HD as hidden is the WinRE: windows recovery environment

Bcdedit: boot configuration data store editor, edits /boot/bcd Backup and restore o Bcedit /export c:\saved-bcd o Bcedit /import c:\saved-bcd Create new entry o Bcedit /copy {current} /d new entry Other commands o Bcedit /set {current} description new entry description o Bcedit /displayorder {ntldr} /addfirst o Bcedit /default {ntldr} o Bcedit /display order {12345678-1234-1234567890-1234} /addlast

3. Installation Part 2 Upgrades & Migration Upgrading from Vista Upgrade to equivalent or higher o X86 to X86, X64 to X64 o Vista business to 7 Pro, Ent, Ult o Use upgrade advisor o Same hardware reqs 10 Gig free space o Vista machine should be SP1 or higher o Rollback is possible only prior to first logon to windows 7

MAP: Microsoft Assesment and Planning Tool Large scale assessment tool Scans the network to find computers Inventories of computers, server, VMs, different OS

Migrating to 7 From XP to 7 no upgrade, XP to Vista to 7 Migration keeps profile/Data o Side-by-side: PC1to PC2 o Wipe-&-load: PC1 to PC1 o Vista to 7, 7 to 7 Migrate w/ WET (Windows Easy Transfer Wizard) First run WET on 7, then create an installer for old windows and save it on a fileserver, then run the installer created on old windows On DVD Source: XP, Vista, 7 Migrate o User profile (admin can migrate all users) o Data o Apps settings Single, small migration scale Transfer via cable, network, external storage To run the migration wizard: locate the DVD source>support>migwiz

USMT (User State Migration Tool) Cmd line WAIK Single or multiple migrations (via script) No direct side-by-side Export w/ scanstate Import w/ loadstate

Configuration settings MigApp.xml o Migrate application settings Folder options, fonts, wallpaper settings, etc MigUser.xml o Migrate user folders, files, file types MigDocs.xml o Location of user documents Config.xml o Exclude migration features

Storing migrated data Uncomoressed o Stored in folders, view using windows explorer Compressed o Less space, can be viewed in windows explorer Hardlink o Creates links to the user Min 250MB

Working w/ WAIK

On XP/old machine cmd>point to drive with usmt files z:usmt>c: c:>z:scansatate z:\mig-data /i:z:migapp.xml /i:z:migdocs.xml /o

on 7/new machine c:>net use (to see map drives) c>y:loadstate y:\mig-data

4. Imaging Part 1 Real world imaging Build a reference computer Create an flexible and functional image Distribute the image for large scale automation

WAIK (Windows Automation installation Kit) ImageX o Create and modify WIM DISM (deployment image servicing & management) o Modify an image with updates and drivers WINPE o A minimal boot OS o CMD line o CMD prompt Windows SIM (Setup Information Manager) o Manages image distribution o Open disk-based WIM o Catalog o Answer files OSCDIMG o Command line creation of ISO images USMT o Migrates user information between OS versions WAIK can be installed on 7, Vista, server 2003 2008 Building and distributing a windows 7 image o o o o o o o Plan windows 7 installation on reference PC Build an answer file Validate and save the answer file Save Autounattended.xml to root Perform Win7 installation Use sysprep to generalize and set oobe Create bootable windows PE disk or USB Create image and store on network share Deploy the image Create

Create a reference installation o o Build the perfect configuration Use an answer file Windows system image manager Automates the process

Creating: o o o o o o Run WSIM Copy the WIM file from installation media to local storage (cdrom>sources>install.wim file) to The build answer file Open the wim file Create new answer file Validate answer file Save the answer file Autounattended.xml then save it on usb

The must have answers

Sysprep and other prep o Run audit mode (Shift-crtl-F3) Bypass reference image, load apps and drivers Tweak reference image, load apps and drives Sysprep Clear unique names Set windows welcome OOBE C:\windows\system32\sysprep\sysprep.exe //oobe /generalize /shutdown Reset the 30 day activation up to 3 times

WIM files File-based (not sector based) Can modify Hardware independent Single instance Mount w/ IMAGEX to modify Non-destructive deploy if desired

MAK (multiple activation keys) KMS (key mgt service) Reference image Usually volume licensing Updates applied Default setting Apps installed or packaged (msiexec /i office64mui.msi) Sysprep

OOBE: out of box experience SYSPREP Remove uniqueness o Hardware IDs o SID o Computer name o Domain MBR>WKGP Capture generalized image Deploy to multiple machines Cmd> cd sysprep Sysprep>sysprep /generalize /oobe /unattend:c:\sysprepanswer\default.txt

Cmd\petools>copype.cmd amd64 d:\winPE, after this find the winPE.wim file, copy it to ISO\sources then rename it to boot.wim

5. Imaging Part 2 Deploy with IMAGEX: create Steps: o o o o o WAIK winpe>copype x86 c:\winpe winpe>copy c:\program files\windows AIK\tools\x86\imagex.exe c:\winpe\iso >copy c:\winpe\iso\sources\boot.wim Oscdimg n bc:winpe\etfsboot.com c:\winpe\iso c:\winpe\winpeimagex.iso Boot w/ WINPE Create volumes Copy .wim Apply w/ IMAGEX BCDBOOT to set boot Set active

Boot to PE and create an image o o o Have a destination ready for the image Have your computer sysprepd prior to imaging Final image is WIM file File based format Doesnt include partition information Can include mane images in a single WIM file

Creating image on PE o o o o Load the PE dvd on DVDROM Locate shared drive >net use h: \\servername\temp-folder /u:servername/usernaem dvdrom>e:imagex /capture d: h:\win7ult-lab.wim windows 7 untilmate lab image /compress fast /verify

DISM

o o o o o

D:>temp-folder>dir >Imagex /info win7ult-lab.wim 1 <list the information on xml format> >dism /get-wiminfo /wimfile:win7ult-lab.wim /index:1 <the output will be simple readable file> >dir \mount >dism /mount-wim /wimfile:win7ult-lab.wim /index:1 /mountdir:\mount

o o

D:>dism /image:\mount /add-driver:drivers /recurse D:>dism /image:\mount /get-drivers /all | more To list all drivers

o o

D:>dism /image:\mount /get-packages To view all apps installed D:>dism /image:\mount /disable-feature:Hearts To disable Hearts app

o o o

o o

D:>dism /umount-wim /mountdir:\mount /commit Make sure all apps or explorer are closed to avoid error message If error message appeared even u already closed everything and run the later up cmd, should do below cmd D:>dism /get-mountedwiminfo Probably we will see the status of invalid to remove and cleaned up D:Temp-folder>dism /cleanup-wim To get rid of all stale files D:>dism /get-mountedwiminfo Should see no mount images found

Deployment options: o o o MDT 2010 WDS SMS 2003 / SCCM 2007

MDT 2010: Microsoft deployment toolkit o Manage and distribute WIMS Everything need to deploy and OS OS, drivers, apps, Uses WAIK Required to install first All automated Install, automate, capture, image

o o

Using MDT 2010 o o o o o Open deployment work bench Create new deployment share Import and create new boot image and drivers When booted the background is Microsoft/solutions center Enter credentials for shared folder

Deploy w/ WDS Requirements o o o o AD Domain services NTFS file system Local admin rights DHCP server for PXE

WDS is graphical/WDSUTIL is CMD WDS images o o o Boot image Boots the system via PXE Discover image If we dont have PXE to discover WDS server Install image

o To use o o o o o

Capture image

Run DWS app Add and install images Add boot image Once booting on bare metal, press F12

Import image into WDS Boot PXE client (or use discover CD) Shift F10 > diskpart Deploy

SCCM: system center & configuration management o Enterprise change & configuration manager Software deployment Software metering Inventory Remote administration Can be integrated with MDT 2010 Cmd control Software installation and updates Restart computers Partition disks Manage user state information Image computers Driver management

o o o o o o o o

Windows 7 and VHDs o o Make VHD o Using Disk Mgt Computer Mgt Using Disk Mgt to attach and detach VHD ready Ultimate and Enterprise ver

o o o Via cmd o o o o o o o o o o

Use Diskpart Create disk Ideally, VHD would be on separate disk Or different partition Apply an existing WIM with ImageX

Cmd diskpart> >create vdisk file=c:\vhd\win7lab2.vhd maximum=20000 type=fixed After success, the vhd wont still appear on >list disk >select vdisk file=c:\vhd\win7lab2vhd >attach vdisk >create primary >format fs=ntfs quick label-Win7Lab2 >assign letter=j To use imageX to apply it into vhd

6. 7. 8. Configuring Devices Run cmd for Device manager: devmgmt.msc Run cmd for Computer management: compmgmt.msc Disable automatic installation and looking to windows update by changing properties of change device installation PnP o

o o o

Automatic installation Checks driver store HKEY_LOCAL_machine/software/Microsoft/windows/current version/devicepath Can be specified so that anytime it will look into that folder [%SystemRoot%\inf; c:\drivers] Copies the driver for use C:\windows\system32\drivers New drivers must be staged Use pnputil Controlling device driver installation Managing thru Local GPO Resolving conflicts IRQs

o o

Memory address ranges Msinfo32 Hardware resources / conflicts / sharing Software environment / system drivers System information Testing drivers Driver verifier manager Command line and GUI o Verifier Signed drivers Cryptographic signature Verifies the driver publisher and file integrity Must be administrator to install unsigned drivers Sign the driver yourself to deploy for user installation o Certificate authority can be very useful Windows hardware quality labs (WHQL) Check with direct File signature verification (sigverif)

9. Managing Applications compatibility WRP: windows resource protection Application compatibility toolkit o o o o Application compatibility manager Compatibility administrator Internet explorer compatibility tool Demo /Lab o Built-in training

Application compatibility GPO o o Recover from problems or issues when they occur

10. Software restriction Using gpedit.msc Bit overlap with applocker Computer configuration\windows settings\security settings\software restriction Which policy wins: If applocker in use, applocker always wins Hash rules (most specific) o Unique identifier Cant fool the hash o Advantages Control very specific apps Down to version nos o Disadvantages Must be created for every executable Must be updated for each version Certificate rules o Control application usage by publisher o Advantages Cryptographically improbable to beat o Disadvantages One certificate rule can affect many apps from same publisher Apps must be signed Resource intensive Path rules o Control apps use base on files or folders o Advantages Can control specific areas or files o Disadvantegs Can be circumvented by moving files

Network zone rules o Control apps based on download location o Advantages Limit security risk from the outside o Disadvantages

Only limited to .msi installer files Not .exe files o Only applies to downloads from IE Default rules (most general)

11. 12. www.internetsafety.com 13. IPV4 Network T-shooting tools IPCONFOG o /release o /renew o /registerdns o /flushdns PORTQRY (to dl from miscrosoft) NETSTAT o A o O o N PING TRACERT + PATHPING

APIPA address: 169.254.0.0 /24 Causes: DHCP not working o Server not working o No DHCP relay/bootp o No Netstart dhcp client

14. IPV6

15. Wireless networking WEPCRACK CMD>arp a View wlan interfaces> netsh wlan show int View terbose information about visible wlans> netsh wlan show all Connect to wlan> netsh wlan connect name=<profile name> ssid=<ssid name> Disconnect wlan> Netsh wlan disconnect int=<interface name> Netsh wlan disconnect int=* (disconnects all)

16. Windows firewall

17. Remote administration

www.dyndns.com on remote target: cmd>winrm quickconfig technet.microsoft.com/en-us/library/dd347591.aspx

18. Resource access part 1

Copy & moving Share o Move loses sharing o Copies are not shared NTFS o Retains perms only when moved on same volume

19. Resource access part 2 www.elcomsoft.com for data recovery of deleted EFS files

20. Authentication and user account control Certmgr.msc Cipher /x name.pfx If we want to run/save an app under other account credential than we are logged in cmd> runas /user:trainer@nuggetlab.com notepad.exe enter pass for trainer@nuggetlab.com:*****

majicdisc 21. Remote access

22. Mobile computing

Tpm.msc

23. Monitoring systems

24. Configuring performance 25. Windows update 26. Backup & recovery Acronis true image home