If anyone can help us I would be very grateful!
Every week we have multiple pc's to distribute to new clients. The machines have to be heavily customised with quite a few specifics:
Removal of most extra "spam" apps - Dell, Asus, Acer add icons we don't want.
Change desktop background
Add 2 specific user accounts, one of which is named according to machine name.
Set 2 specific passwords on the new accounts - site specific
Set Custom icons for each login
The machines are never setup for a domain, so Active Directory technologies can't be easily applied.
The volume and budget is such that the machines are not usually business class devices and we are not setup for any of the technologies used by much larger IT companies like group policy driven MSI updates etc.
Our current process is Donkey powered. On windows 7, deploying a new machine, fully installed with our software will take up to an hour if SQL Server is put on it or 55 mins if not. This is a totally manual endeavour that I'm itching to reform. As the machine make/model changes month on month, I can't rely on what will be installed.
I've looked at Ghost, but it won't work as each machine has it's own specific license key-rather than volumne license.
This process has been bugging me for a long time but it's not been my own department to sort out; however, having worked in schools where I could deploy software packages en masse, I can't believe my colleagues when they say this is the only way to do this job.
Can anyone help? We've done the google dance quite a lot with Windows 7 to solve this and now with Windows 8 but nothing quite fits what we do.
If this is NOT the place for this question, apologies-I did look for a Stack site thats more OS specific but didn't see one! :).
Thanks for any advice offered!
This is not an easy task. I can only give you a high level overview.
Look for the Microsoft tool SYSPREP - with it you can reset a machine you have previously installed with all the software and drivers you require to a state where it boots running a "mini-setup" including driver discovery.
Example:
Sysprep /oobe /generalize /shutdown
The programs remain installed. Shutdown the PC after sysprep ran and take an image using Ghost or any other imaging tool of your choice.
Note:
All essential hardware drivers such as chipset, harddisk, cpu etc. for the target hardware need to be registered using PNPUTIL before you are using SYSPREP, otherwise the prepared and applied image boots into a bluescreen on the target PC. Registering more drivers than you need does not harm as Windows detects the hardware and only installs the drivers it needs.
Simply put all driver packages in C:\drivers, then run the following command in a command window to register them for plug and play (note that using -a -i installs them, but here you need just -a, which advertises them). It will run recursively through all directories where *.inf files are contained:
for /f "tokens=*" %i in ('dir /b /s "C:\drivers\*.inf"') do pnputil -a %i
Hint: If you put this command in a batch file, you need to use %%i instead of %i.
You have to activate windows after the "mini-setup" ran if the firmware does not contain a windows key installed by the vendor. Regarding Windows activation, I found at least some information, however not in too much detail here.
This is how hardware vendors are preparing their PCs.
You can find a lot of information about it at Microsofts TechNet sites,
check this out: Deliver and deploy Windows 8
I hope this helps.
Related
This is probably a pretty easy question to answer for someone that is experienced with FS minifilters. I am trying to script the removal of a filter driver and device.
Some background... this driver is running on Windows 8/10 x64. The vendor that created the driver has not been helpful in fulfilling my request for a removal tool. Unfortunately their MSI uninstall is buggy and only works about half the time you run it... They want us to upgrade to their newest version that doesn't have the bug we are encountering during uninstallation. We aren't interested in continuing use of this software so a paid upgrade seems frivolous... Their only suggestion has been to reimage the computers without the software that includes the FS minifilter device... That's out of the questions because it is on 1000+ computers...
Basically, their official uninstaller does an API callback to one of their servers and verifies the machines eligibility to uninstall:
Does the MAC address of the primary network adapter exist in their
database?
Does the password you entered for uninstallation match
what is set in their database?
If you are eligible, it runs an MSI uninstallation and disables the FS filter, removes the driver file, service files, configuration, and restarts... The bug that is keeping us from doing a normal bulk removal (their way) is that the MSI freezes during the removal process (after checking eligibility) and requires us to restart a client computer up to 3 times to finish the uninstall.
I have been able to successfully remove the software and device/driver by externally mounting the Windows file system and manually removing the driver file under System32/Drivers and also removing all of the actual program files/services. I have not been able to do this booted onto the same partition where the minifilter is loaded. The minifilter driver that is running is protecting those program files, a registry key, and the actual .sys file under System32...
I've done some basic reverse engineering of their MSI... They are using custom actions to perform the removal... First step is the removal of the service, second step is the removal of the minifilter. Both actions are done via an executable that is packaged in the MSI... I've extracted that and attempted to use it by running the same commands that they do during the MSI... I haven't had any luck. The minifilter just doesn't want to die.
They have some other custom actions that are loaded via DLL. Initial investigation makes me think its all of their custom uninstall eligibility craziness.
It looks like their minifilter doesn't have an unload routine built in. Using FLTMC I get this error attempting to detach and/or unload:
0x801f0010 Do not detach the filter from the volume at this time.
0x801f0014 Do not detach the filter from the volume at this time.
Does anyone know of a good way to unload a minifilter that is throwing those errors?
Try to kick out FltMgr.sys of the kernel by:
Renaming %SystemRoot%\sytem32\drivers\FltMgr.sys
Or changing HKLM\SYSTEM\CurrentControlSet\Services\FltMgr\Type to 0x4 (Disabled)
Reboot
Minifilters can't work without Filter Manager.
If you are desperate enough, look into Windows PE, available as part of the Windows Assessment and Deployment Kit.
A Windows PE image can be remotely installed onto a machine's hard disk and configured to perform whatever task you need done and then automatically reboot back into the original operating system. Doing it this way gives you the same access as externally mounting the infected file system, but can be automated. I've used this approach in the past to automate offline maintenance tasks on several hundred machines (e.g., changing a registry setting that Symantec Endpoint Protection was "protecting") and while getting it working is fiddly, once it is working it works well.
My email address is in my profile, you're welcome to contact me if you decide on this approach and have questions about implementing it.
Alternatively, depending on your jurisdiction and circumstances, you might want to consider threatening the vendor with a lawsuit if they refuse to provide a proper solution. They broke your computers, it should be their job to fix it. From the sounds of it, they wouldn't even need to do any work, just let you have the upgraded version for a few weeks free of charge.
I am new in windows logo test . I heard this process from my friend . I created a application which consist of some drivers . so I need to sign from Microsoft for trusted installations of my software . I heard the windows logo process for sign my driver through some test conducted by me and need to send this report back to windows . So I have some doubt to setup this process .
How to setup this process ? (how many system needed ? and which OS I should install for testing) and what are the requirements ?
I think there is a server and client machine (So 2 system is needed ?) . How to setup this system ? can you provide step by step tutorials ?
Your understanding is correct. The testing goes by a few names, WHQL, hardware certification, logo test, etc. Just to give a few more keys words to google.
Microsoft outlines the steps that you need to take https://msdn.microsoft.com/en-us/windows/hardware/hh833792. Honestly, the process is not that bad all things considered:
Buy a code signing certificate. Microsoft lists who they support and there are plenty of discussions on the OSR forums that discuss signing requirements in great detail. We use Digitcert and have no issue. I recommend reading up on this article to make your life easier: http://www.davidegrayson.com/signing/. The whole cross-certificate detail is glossed over in the Microsoft docs.
Setup your company in the hardware dashboard. Pretty straightforward here; just follow the directions for uploading your code cert. Sign all the legal stuff and setup any other developers on your team if they need access.
Install the HCK. We bought the MSDN OS pack ($800 USD) just for the WHQL and it has been awesome. I used Server 2012 to run as the HCK server and installed it as a virtual machine on a pretty beefy PC. Runs great, no problems installing it, and configuration is intuitive. More details are here: https://msdn.microsoft.com/en-us/windows/hardware/jj123537.aspx
Configure your test PCs. I used a mix of VMs and physical PCs for this part. Going through the provisioning process is automated for the most part. I recommend taking VM snapshots once completed in case something goes south during testing.
The HCK server walks you through the tests you need to perform depending on the type of driver you are testing. For example, we are working on a printer so all of our testing involved printing.
We tested against XP SP3 all the way through Windows 8.1, both 32 and 64 bit though your needs may differ. We needed the driver in Windows update, not necessarily the hardware logo. Once completed we simply uploaded the passing report through the hardware dashboard and that was that.
It seems like a huge task but it is not the worst thing in the world so keep at it you will get it done!
I have a freeware software, which i want to install on a network share. The reason is, if the software is installed on a network share, all users which has access to this network share folder should be able to use the program.
Now, I run the setup.exe on my machine and choose on the step "destination installation" my network share \sharename\TestFolder.
The software was installaing on this sharefolder and after the installation it was possible to run the program on my computer without any errors and use it..
After that I try to start the program on other client but there is always an error message, that it starts with a false operator.
Now my question is, is there a software, which can observe on which files the program want to access when I make double click on the (program.EXE).
Thank you, I hope you can help me.
Yes, there are several tools that can monitor or observe system changes performed by a setup.exe.
Many of these tools are quite old and may not operate correctly in new versions of Windows. The most recent one I found that looks acceptable was EMCO MSI Package Builder. I never tested the monitor feature, but it is at least an updated capture product.
In my experience these monitor tools capture way too much low-level system stuff, and you will need to spend quite a bit of time to sort out what is really needed for the software to operate. If you have experience with software development you may get just as much information from using a System Internals tool such as RegMon, FileMon or ProcMon. See Microsoft site: http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx . These tools are exceptionally useful and known for their small size and great feature set. You can run a ProcMon on the launch of the application executable.
It is also possible that the setup.exe is a wrapper for an MSI file. These files can be viewed with free tools such as Orca and EMCO MSI Package Builder and you can basically see what registration settings are needed for the application to operate. Try opening a command prompt and write setup.exe /a and see if it offers to create an "administrative installation point" - or similar.
If I were to guess I'd say that the software needs to have COM servers registered locally, registry keys added to each local computer and possibly you need to install a couple of runtimes on each system - for example Microsoft C runtime of a particular version. This is just a wild guess. What is the name of the software? If it is a .NET application you may need assemblies installed to the Global Assembly Cache GAC.
I have an application written in Delphi 2006 that was working fine in Windows XP. I packed the application using Inno Setup, using Program Files as the default folder. A few users migrated to Windows Vista and Windows 7. The issue here is that the application creates some files inside its installation folder by its own. This was working in XP but in Windows Vista the users were having problems with the created files (they don't appear and so on). After investigating the users' reports I discovered KB 927387: "Common file and registry virtualization issues in Windows Vista or in Windows 7."
Running the application with administrator rights just solves the problem, but that is (I think) an awful workaround. I would like to know if there are any directives or tips for making the application compatible with Vista and 7, because more users will migrate to these OS soon.
You need to re-write your application to store its files in the proper locations, even in XP, but especially in Vista onwards, particularly if UAC is enabled. This is becoming more and more important to get right as Microsoft keeps locking down and enforcing its security models with each new OS version. The rules for how to properly manage application- and user-related files is documented on MSDN, for example: "Application Specification for Microsoft Windows 2000 for Desktop Applications, Chapter 4: Data and Settings Management" and "Application Specification for Microsoft Windows 2000 for Desktop Applications Appendix A: Best Practices" (yes, they are old, but are still quite relevant). Look at SHGetSpecialFolderLocation(), SHGetFolderPath(), SHGetKnownFolderPath() and other related functions to help you.
For Vista/Win7, your app can't put the files in a subfolder of Program Files / Programs unless UAC is turned off or the app is running as elevated. Note that "elevated" does not necessarily mean "logged in as Administrator." Non-administrator users can elevate, and Administrator isn't necessarily elevated.
If the app does attempt to write to Program Files but is not elevated, the OS will either block the app or "virtualize" the write (put the files somewhere else), depending upon how UAC is configured. Neither one helps the app succeed at what it was trying to od.
So it needs to put them somewhere else. Where depends on why the files are being created, and you haven't told us that. You can read this article to learn about the options. Note that in addition to the user's AppData and Roaming folders, there is also an "All Users" (shared) profile.
You should probably look at this article and screencast, which discusses UAC in depth from a Delphi point of view.
Files you create for use by your application other than at installation time should go into the ProgramData directory if its global to the workstation, or into the users ApplicationData directory if its specific to the user.
For cases where you absolutely must place a file in the program files directory, you can use com to request elevation. This is discussed in great detail, and delphi specific bits are also available. One example that I have used this is in patching my users installation base. They are warned by UAC that the system needs to make changes, so if your doing this as an automated task, you might need to rethink the logic to be more user driven.
Here is another article, by Zarko Gajic, which shows how to get different system directories. Also have a look at this related question.
I had a similar enquiry here (Stack Overflow).
In the end I realised that I needed to put my application into Program Files at install time (requiring UAC/elevation) and then store my app's data in the user's App Data folder. I had to change the way my program generated 'default' configuration settings and also where I was saving this stuff, but it was worth the effort in the end - we ended up with something that installs and runs fine on XP, Vista and Windows 7.
The only UAC hit we get is at installation time, which makes sense to me (and you get a similar hit at install-time on the Mac too). We didn't have any data that would be common to all users in this particular case but I would have looked at the Program Data special folder if that had been the case.
The installer software we use (Setup Factory) made this fairly straightforward (we just wrote a small bit of code to detect XP versus Vista/Win7 and choose the right special folder accordingly). It would be easy to do this in Inno Setup too, from what limited experience I have of it.
I have an application for Windows XP. This application is deployed with the hardware. The application is the only application that ever runs on these machines. These machines are never connected to the internet. I'm interested in instant-on (or quick-on) options that bypass the Windows XP startup for these machines.
This is similar to Windows XP "hibernation", but not exactly. With hibernation, the memory state is only read from disk once - the very next time the system is turned on. I want a memory state permanently stored to disk, so the system always starts from that same spot every time, regardless of how it was shut down. How can I achieve this?
Sounds like you're looking for the Hibernate Once, Resume Many feature of Windows Embedded.
If you like "hibernation", you may use VMWare.
Install a ArchLinux and VMWare on the host machines.
Prepare your Windows XP as the guest OS.
Customize startup process of the host, let it run VMWare and restore Windows to the snapshot.
Hmmm, the short answer is "not easily!", but one way could be to try playing around with replacing the windows shell with your own application / script that launches your own custom interface / state instead of Explorer as the default. Basically it's done using this reg key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
Info on this actually seems to be reasonably scarce after doing a quick Google search, but this link below provides a little more detail:
http://www.trap17.com/index.php/how-change-windows-xp-shell_t20367.html
I think if you do a Google Groups search on "Windows XP shell replacement" you might get some more informative results.
You could try installing TweakUI on them, and having them autologin. Once you do that, just add your application to the Start Up menu (or in the registry, under:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Jeff Atwood has a post on this very thing.