Michael Anderberg - Michael Anderberg (m)- Din Moderata röst i etern

Microsoft Diagnostic and Recovery Toolkit ( DaRT ) v.8

den 13 maj 2012, 00:29:52

Almost the proverbial Swiss Army Knife of many an Administrator, DaRT is known to be able to get one out of trouble when needed… For those who do know of it that is, all too often I get a blank stare and total non-comprehension when asking a customer if they have it and if so, do they know how to use it?

Well, since Microsoft is just about to rev. its Desktop Optimization Pack (The Microsoft Desktop Optimization Pack 2011 R2 as it is really known is currently in beta and about to be released pretty soon.), I figured I’d write a series of blog posts about its different components and I am starting with the DaRT.

Microsoft Diagnostic and Recovery Toolkit is used to diagnose and repair non-starting or malfunctioning computers and often used as a first attempt of solving a particualr problem, before resorting to re-imaging the machine; Which although fast, most likely take longer to do and thereby being less conveniant for the user. It can also be used to break into computers one has lost access too, therefore it is advisable to remember that if left laying around or installed on machines, some of the tools in it will essentially serve as potential hacking tools.

But let’s start from the beginning. DaRT is one of the tools that you get as part of the larger packade MDOP, which is an add-on product that Microsoft’s Enterprise customers with Software Assurance can add to their licensing. The DaRT itself is free to test and play with but to be used in production it needs to be properly licensed.

Microsoft DaRT is essentially really the successor to a toolkit in wide use and popular among administrators all over the world, known as ERD Commander by Winternals (Which later changed its name to SysInternals and eventually was bought all together by Microsoft on July 17, 2006.).

One important aspect of using the DaRT is that since you boot into it, your normal installation of Windows will be as it is known – offline. I.e. as your normal Windows installation is not running in itself, a root kit for example will have a harder time of cloaking itself, as it is not running. You can also remove faulty drivers, non-functioning hotfixes and other hindrances that may stop your machine from booting properly.

So, I thought that I’d take you through the tools included in DaRT and also provide you with some information regarding system requirements and limitations.

PLEASE NOTE: DaRT v.8 is intended for the upcoming Windows 8 and Windows Server 2012 releases of Windows. If you want to try it out on anything older than that, you need to use older versions of DaRT!

From an interview that Stephen L Rose did with Craig Ashley, product manager for DaRT at Microsoft, published on the Springboard Blog on March 28, 2012, we can gather that the following is new for the upcoming release:

• Create DaRT for Windows 8 and Windows Server 2012
• Generate both 32- and 64-bit images, no matter what platform it’s made on
• Support for BIOS and UEFI (Unified Extensible Firmware Interface)
• Support for GPT (GUID Partition Table) as well as MBR (Master Boot Record) partition schemes
• Windows To Go is not supported

The Tools included in DaRT v.8 are as follows:

So… what does the toolkit look like? Let’s first take a look at the installation of it. There are three ways that you can set up DaRT in your corporate network:

• Stand-alone or from bootable media
• Remote administration from an adminsitrative console
• Remote administration with an administrative machine set up for creation and administration of the entire toolkit and one or more support workstations, where for example a helpdesk engineer can remotelly analyze and troubleshoot an user workstation.

For the remote scenarios to work, both the helpee and the helper machine need to be on the same network. There is no support for address translation or other forms of network traversal.

In my example below, I have set-up a bootable media version of the toolkit, for screenshot purposes in a Hyper-V-based virtual machine (another new roll in Windows 8 client) but I always keep a bootable USB-stick with the toolkit on my keychain.

Prerequisites:

• Windows 8 Source Files
• Windows Debugging Tools
• Assessment and Deployment Kit
• Windows Driver Kit or Software Development Kit
• Stand-alone sweeper definitions (optional)
• Symbol Files (for crash debugging)

Memory requirements:

• Windows 8 Consumer Preview (64bit) – 2,5 GB RAM
• Windows 8 Consumer Preview (32bit) – 1,5 GB RAM
• Windows Server 2012 – 1 GB RAM

Network requirements:

• Wireless is NOT supported.

Disk space requirements (important consideration for reployment scenarios for example):

• Minimum 300 MB
• Recommended 450 MB

First you need to download MDOP and install it to your machine and thereafter you can access DaRT. However as DaRT 8 is in beta still, one can download it by itself from the Microsoft Connect Site. When you launch the DaRT Recovery Image Wizard you get the following welcome screen.

Firstly, you get to choose which platform you want to build for, new for this version is that you can build for both architectures on the same physical machine. Earlier versions required bit compatibility.

Thereafter you get to choose which tools you want to include. I have choosen them all, but you don’t have to and in some cases you may not want to. For example if you decide to always deploy your DaRT-image to the recovery partition on your client machines, you most likely do not want to include Locksmith for example or it’d be a little bit like playing Russian Roulette with an automatic pistol – you’ll loose every time!

Note also that some of the choices here will require some extra bits to build, for example crash debugging which requries both the debugging tools to be available as well as the symbol files…

DaRT is built on top of Windows PE and thus one can of course choose what framworks and functionality in general one want to have available in Windows PE. Remember, the normal installtion will be offline as you boot to your USB-drive, so for some tools to work, you need to include for example the .Net Framwworks, DISM, Powershell etc. etc.

This is where you point to your debugging tools. They have to be installed on the machine where you are building your media. The debugging tools can come out of the WDK (Windows Driver Kit) or the SDK (Software Development KIt) but should be the latest available at the time of building your media.

What kinds of media do you want to build?

• WIM – bootable Windows PE image
• ISO – bootable WIndows PE image
• Powershell Script – will automatically build the same thing as you have now, at a later time.

After this the wizard will go ahead and create your files and unless you’ve specified differently above, you’ll find them in a folder on the desktop.

This is what you will see once you boot to your image. First you get to choose language settings etc. which I haven’t included a screenshot of. Then you’ll get this screen.
Here you can optionally exit the DaRT image and go ahead and boot into your regular system, or you can decide to troubleshoot. Let’s choose troubleshoot…

The next step will allow for either refreshing or reseting your machine. The difference being that the first one keeps your personal files and settings whereas a reset doesn’t. Let’s quickly look behind the Advanced Options tab to see what we find there…

Here you can revert to a System Restore point, if you have such, or apply a System Image Recovery image. You can also let DaRT try and automatically check for errors in your machine’s settings, automatically fix them and restart.

But let’s say that neither of those work either, so we hit the back arrow and then let’s click MIcrosoft Diagnostic and Recovery Toolset…

This is the gut of the tool, where all the most powerful tools are located. They can help you tremendously but please remember that it is very easy to shoot yourself in the foot with them too… so I urge you to practice on an functioning non-productive machine before you have to use the tool in action for real the first time.

Most of these tools have been covered up above in this blogpost… yet I will most likely return to these and cover them in more detail in future posts… please let me know if you’d find this useful and I’ll try to prioritize it.

Thanks! I hope you’ve found this post informative and useful. DaRT is an increadibly powerful tool and I am sure, that if you are not already a fan – you will be once you try it out!

/MIke

This post was orginally posted by michand at Michael Anderberg's Blog. Thank you for supporting the original blog and author.

WIM2VHD using a PowerShell script (plus 2 more, WIMINFO and MakeVM-Diff scripts) by Mikael Nyström

den 8 maj 2012, 08:29:37

Good morning,

I just wanted to give you a heads up about a great blog post from my friend and colleague Mikael Nyström (@mikael_nystrom) where he uses Powershell scripts as an interesting way of “deploying” Windows.

For more info, please refer to his original post: WIM2VHD using a PowerShell script (plus 2 more, WIMINFO and MakeVM-Diff scripts)

/Mike

This post was orginally posted by michand at Michael Anderberg's Blog. Thank you for supporting the original blog and author.

Second Wednesday: The Nerd Herd Live

den 7 maj 2012, 10:50:42

Hi,

Ny plats för anmälningslänken! http://www.labcenter.se/On/LabCenter/Second_Wednesday

*NEWSFLASH* We will have a guest on the show this week! Jeremy Moskowitz from GPAnswers.com! Please make sure to submit questions for him to us ahead of time! *NEWSFLASH

This Wednesday, May 9th, The Nerd Herd will broadcast LIVE from the Second Wednesday event at LabCenter! We welcome all our listeners to come join us and share some food and drinks while you listen to and interact with the shows being broadcasted and recorded during the evening!

Quoted from the LabCenter Web:

SECOND WEDNESDAY

Den 9 – maj möts vi  igen på Second Wendsday- 2W!

The Nerd Herd

Trött på skvalradio? Du har väl inte missat den numera helt oberoende och flerfaldigt prisbelönta podcastshowen ’The Nerd Herd’? En teknisk podcast av ITProffs för ITProffs, där vi pratar om det som du brinner för i din vardag! Du kan dessutom maila oss dina frågor och på det sättet påverka innehållet i programmen till din fördel! Varje vecka flyttar vi in i din mp3-spelare eller telefon och pratar hardcore teknik på ett medryckande och glatt men ändå tekniskt korrekt sätt.

Gör som tusentals andra svenska ITProffs, låt Mikael Nyström, Michael Anderberg och Johan Persson flytta in i ditt öra och du kommer aldrig byta kanal igen! Tänk dig Dr. House, Arga Snickaren, David Letterman, Jay Leno och lite Joe Labero i en salig blandning som pratar teknik med fokus på Microsoftrelaterade teknologier; Brutalt rakt men ändå underhållande!

Du hittar oss på http://www.thenerdherd.se och där kan du även prenumerera på showen så du aldrig missar ett nytt avsnitt.
Mikael Nyström/Johan Persson/Michael Anderberg/Truesec

Varmt välkommen
Michael

Du är varmt välkommen att anmäla dig här: Anmälningslänk för maj, även om det är drop-in så uppskattar vi om du anmäler dig, så vi kan planera mat och dryck på rätt sätt!

Mvh/Micke

This post was orginally posted by michand at Michael Anderberg's Blog. Thank you for supporting the original blog and author.

Redefining working remotely with Windows To Go in Windows 8

den 6 maj 2012, 23:30:23

Much to the IT-department’s dismay, users more and more demand to be able to work from anywhere, be that their home, a remote office location or from the local Starbucks. To make things even more complicated, they in many cases want to or have to use their own non-managed PCs that are not under the control and protective umbrella of the IT-department.

With Windows 8 there is finally light at the end of the tunnel and I have been playing around quite a bit with it.

“Windows To Go” is a full installation of Windows 8 on a removable drive, most likely a USB stick or thumb drive. At boot, one can then choose to boot to either to your normal installation on the machine or to this instance sitting on the removable drive. This potentially opens up entirely new possibilities for corporate IT. Now you can create a standardized managed platform, that fulfills all of the corporate regulations, put it on a stick and give it to the user who wants to work remotely, and all of a sudden it doesn’t matter if the kids have been filling their family PC with malware or anything like that, since we’re bypassing that entirely. Instead, the user sticks in the thumb drive, boot the machine to it and then they’ll find themselves in the exact same environment that they have in the office and IT knows that they control it through policies, firewall settings, malware protection and all!

Is it hard to do? Not really!

In Windows 7 you needed Imagex.exe to apply installation files from an install.wim image (freely available from Microsoft) which is part of The Windows Automated Installation Kit (AIK) for Windows 7 it’s a rather hefty ~1.7GB download. With Powershell 3.0, however, Imagex is replaced by Dism.
You need the Windows 8 ISO file (install.wim) and a USB stick or other removable device that is at least 32GB in size. I would recommend a USB3 device for speed, but USB2 will suffice.

Insert your USB device and then from an elevated command prompt, go ahead and create a bootable USB stick with the help of diskpart.exe. I won’t outline here how to do that, but it is easy to search for. Please observe that this will wipe the stick, so don’t have any files that you want to keep on it! Mount the Windows 8.iso so you can get to the install.wim file which is located in the /sources/ folder of the ISO. For simplicity you can copy it to where you have imagex.
In Windows 8, run Powershell as an administrator and execute the following:

Dism /apply-image /imagefile:F:\sources\install.wim /index:1 /applydir:x\

where x: is the drive letter of your USB stick and F: is the mounted Windows 8 ISO. This will essentially install Windows 8 on the stick and depending on the speed of it, this may take a while.

If you are using a Windows 7 client machine you will need to do the following to enable the use of Dism in Powershell (and your Windows Client installation must be in English):
Install .Net 4.0 (or .Net 4.5 Beta)
Install Windows Management Framework 3.0
Install Windows ADK (Where you select Deployment Tools as the feature to install 34MB)
Open Powershell as an administrator and run
set-executionpolicy unrestricted

Then run
import-module “C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM”
And
set-executionpolicy restricted

Then the only thing left is to modify the boot record on the USB stick and you do that through:

bcdboot.exe h:\windows /s x: /f ALL

where again x: is the drive letter of your USB stick. Then you can go ahead and restart your machine, choose to boot from the USB stick during BIOS startup. If you don’t get that choice, may need to enable Boot from USB in your system settings in BIOS first.

The first time it boots it will take some time as Windows configures itself, but subsequent boots will be much faster.

In next month’s newletter I will be explaining how to make this new instance of Windows look exactly like your corporate desktop and behave like it through something called User-environment virtualization.

Until then, take care and good luck!

/Mike

* With special thanks to a Star Wars loving friend, who wrote the Powershell parts of this post!

This post was orginally posted by michand at Michael Anderberg's Blog. Thank you for supporting the original blog and author.

Windows 8 file copy

den 6 maj 2012, 23:16:41

Windows 8 Consumer Preview is available for download for whomever is interested, yet instructions on how to use it or information about new features are limited at best One find new things everyday. Sometimes big things, sometimes small, sometimes they are ground breaking and yet sometimes obscure and not widely used nor easy to find. Mostly one tend to focus on the major changes in a new operating system, yet quite often there is gold to be found in the minor details. One thing that really has struck a chord with me, is the new file copy dialog!

If we start to copy a file through the Explorer, we get this dialog box:

There are hints of changes already, namely in the shape of the pause- and stop-buttons that are located just above and to the right of the status bar itself. Yes, you can cancel at any time but what is new is that you can pause a copy operation!

But let’s look at this one step at the time… let’s press “More details”…

Ah, look, a pretty insight into our progress! We get a live graph telling us what our current bandwidth is and when we can expect the file copy to be done. Frozen in time as this dialog is in this picture, you can’t see it, but the graph that at this particular moment reads 13,6 MB/s keep moving up and down, always reflecting the current speed of copy…

But wait… there’s more!

Nice, no more cluttering of your work area from having multiple file copy operations running simultaneously, no – now they are automatically grouped into one windows. Note, this is per copy operation not per file. *smile* as you can see I was just in the nick of time to capture this screenshot as the operation was almost finsihed before I had the chance of pressing CTRL-ALT-PrtScn to preserve this screens hot for the blog, so performance is stellar

But… remember the paus-button?

Yes! How many times haven’t I sworn under my breath over a file copy taking too long time, due to the simple fact that other file copy operations are running at the same time. Now you can simply pause less important copy operations to increase speed on the more important ones! Me like!

/Micke

This post was orginally posted by michand at Michael Anderberg's Blog. Thank you for supporting the original blog and author.

How-to Enable .NET Framework in Windows 8 Consumer Preview 8250

den 5 maj 2012, 18:08:13

Hi,

Here’s a how-to post about how I manually added .NET Framework 2.0 and 3.5 to my Windows 8 installation through the use of DISM, enjoy!

Many of you reading this are probably playing around with the consumer preview-build of Windows 8 now, just like I am? Windows Server 2012 or w2k12 for short feels to me almost like ship quality already, almost ready to be run in production, although of course that is not something either I nor Microsoft endorse or recommend that you do…

The client on the other hand still acts a bit funny from time to time and many a times have I been wrestling with some obscure problem, that of course will be solved by RTM, but that nevertheless can haunt you now. One such example is that Windows 8 will install with .Net Framework v.4 pre-installed, however it is not backwards compatible with .Net Framework 3.5 and 2.0 – so, quite a few legacy or at least pre-Win 8 applications will complain about only being able to install and run with those earlier frameworks in place or otherwise you are plain out of luck.

So you go to the Programs and Features dialog in Control Panel….

Click “Turn Windows Features On or Off” and check the .Net Framwork.

What will happen is that it starts installing those and then you get a pop-up telling you that it has failed and that Windows happily volunteers to fetch them from Windows Update for you. Swell… if it would only work. In reality it won’t be able to connect, throws and error and we’re back where we started.

Thinking this through one more time, one then proceed to try and downlod it manually from downloads.microsoft.com – alas no, Windows will try and outsmart you. Realizing what you are trying to do it will throw up the Programs & Features Windows with “Turn Windows Features On or Off”, where you’ve already failed the first time and yes, it will fail this time as well.

What to do?

One turns to DISM! Or Deployment Image Servicing and Management Tool as it is really called, to solve this dilemma. With DISM one can add or remove Windows features to both offline- as well as online-images of Windows. Online in this case means that you manipulate the instance that you are running right now and are logged into. Offline is if you mount an image to your file system. DISM is not new, yet many if not most Windows admins are only vaguely aware of its existance, or how to use it. As the entire Windows installation is packed as one single wim-file it can be manipulated through DISM with a few simple commands. And so I did here;

So, the command to add the .Net Framework 2.0 and 3.5 (in the following example we’re manipulation the current installation, i.e. online-mode and you have mounted a Windows 8 Client ISO as F:\ or have the DVD:n as the drive letter F:\) ser ut så här:

dism.exe /online /enable-feature /featurename:NetFX3 /Source:F:\sources\sxs

If you encounter an error now as well and the command is correctly entered, it can be because your image is corrupted. It has been known to happen that files are linked wrongly inside the image, but that too can be solved through the use of DISM:

DISM.exe /Online /Cleanup-image /Scanhealth

and then

DISM.exe /Online /Cleanup-image /Restorehealth

This solved this particular problem for me – I hope it will help you too!

/Micke

This post was orginally posted by michand at Michael Anderberg's Blog. Thank you for supporting the original blog and author.

Välkommen till min nya blog!

den 4 maj 2012, 09:10:26

Hej på er,

Här kommer ni framöver hitta mitt bloggande om primärt allting Windowsrelaterat i Sverige och utlomlands men också saker som mobilitet, säkerhet och geekiness i allmänhet…

Mvh/Micke

This post was orginally posted by michand at Michael Anderberg's Blog. Thank you for supporting the original blog and author.

Welcome to my new blog!

den 4 maj 2012, 09:09:22

Here I will primarily post about all things Windows, especially Windows 8 for the time being. But also about mobility and geekiness in general…

/Mike

This post was orginally posted by michand at Michael Anderberg's Blog. Thank you for supporting the original blog and author.

An Introduction to the Metro Start screen in Windows 8 Consumer Preview

den 27 mars 2012, 23:27:10

by Michael Anderberg, MCT

When Microsoft unveiled the new user interface in the upcoming Windows 8, it was received by somewhat hesitation – “Eeh what?” “I don’t get it?” “Are they for real?” “I don’t like it!” “Now, this may all be good – but where can I find the real start menu?”.

Yet, every change that Microsoft has done to the start menu, since it first appeared back in Windows 95, has received that sort of comments initially. So what is it really and how does Microsoft intend it to work?

Well first of all, it’s not one thing. The goal of the Metro Start screen is multi-faceted and I will herein try to explain it as best I can. It is, not surprisingly there to aid in navigating applications and launching them from any kind of touch enabled device, be it a cell phone, slate class machine or desktop monitor. As anyone whom has ever tried navigating the present start menu with his or her fingers via a Remote Desktop session on a mobile device today can testify to, the present interface does not lend itself to a very easy way of interaction by touch. Hence, the Metro Start screen with its larger tiles is much more suitable in this regard. In fact some of the new parts of the interface like the Charms menu, which slides in from the right when one swipes from the right edge inwards on the screen, makes much more sense with a touch interface, than by mouse and keyboard although of course it exists in both environments.

Secondly, the Metro Start screen is the starting point of all of the so called Metro-style Apps, which are HTML5 based apps of the sort that we’ve come to know through our mobile devices of today. They launch seamlessly out of the interface, they always run full screen (although two at the time can be snapped beside each other) and when exited or “alt-tabbed” away from – they don’t really exit as a traditional app, but rather much more in the style of leaving a web page. There’s no save functionality in these apps, instead they auto-save every so often. What about your traditional apps you may ask? Microsoft always totes the fact that this is their main advantage over for example the iPad – that they can run your old legacy apps as well. This is true, but the older apps that are not Metro-style do not run inside of the Metro Start screen as such, instead you’ll see that Windows swaps over to the underlying desktop and there it will launch the application just as it does today on Windows 7 or Windows Server 2008 R2.

Which brings me to the other intended improvements with the Metro-style interface; In for example Windows 7 today, the start menu is of the, by now familiar, two-column style where the left part consists of your latest launched applications plus pinned dittos and the right part of some system short-cuts plus your My Documents etc. This is all very well but Microsoft has found through their telemetry that neither pinning nor custom sorting of items on the start menu is something in widespread use. Also users generally find it somewhat confusing that once they discover that the application they need is not in the list of latest launched – they need to click ‘All Programs’ and thereafter scroll up and down an usually quite long and often somewhat confusing list of application names and folders in an apparent random order. This makes every user needing to scroll up and down and strain to find the application they are looking for, loosing time every time they do so.
In Windows 8 with the Metro start screen, Microsoft can achieve two things at once, a start screen that can grow indefinitely to the right, sorted according to the user’s own choice plus having application icons that can actually change to show underlying information, for example the Outlook-icon can show the number of un-read messages without the user having to launch Outlook first, the Weather App can show a representation of the current weather at the user’s present location, a stock ticker app can show values and trends of stock, bonds and indexes of particular interest to the user etc. This makes for a livelier experience and saved time at the same time as it hopefully will be clearer to the user what to expect and where to find it.

In Windows Vista and even further so in Windows 7, Microsoft tried to introduce the users to using search rather than scrolling and clicking to find not only applications but also documents, pictures and various other files in Windows no matter to their respective location on the physical disk or network. So for example, to mention but a few of the many combinations there are, in this case related to searching for files and/or launching them; <WINKEY> + F – Will display the File Search pane, <WINKEY> + Q – Will let you search (within) Apps using the new Search pane. <WINKEY> + R – just as before, switches to the (classic) Windows desktop and display the Run box. <WINKEY> + W – now this one here takes you to the display Settings Search pane where you can search for settings rather than files. There are many more of these combinations and rest assured that if you are using a mouse and keyboard with Windows 8, in time these will become second nature to you and not require a moment’s thought.

In my humble opinion after spending quite some time with Windows 8 Consumer Preview – in time all users will accept the Metro Start screen in total acquiescence and the fuss will die down but at the moment it takes some getting used to.

This post was orginally posted by michand at Michael Anderberg's Blog. Thank you for supporting the original blog and author.

Happy Birthday Windows 7

den 22 oktober 2009, 09:28:00

Hi,

Even though Windows 7 actually RTMed in July and many of you who are reading this, most probably are running it already… today is the official launch day of Windows 7 and that is a cause for celebration here at TrueSec as well!

LabCenter’s and TrueSec’s official Windows 7 launch cake and yes – it was just as tasty as it looks!

/Micke

This post was orginally posted by michand at Michael Anderberg's Blog. Thank you for supporting the original blog and author.