Educause Security Discussion mailing list archives

Re: Windows Desktop Imaging/Refresh & DOS & LanManager compatiblility & Risk

From: "Dennis Meharchand, CEO Valt.x" <dennis () VALTX COM>
Date: Mon, 20 Jun 2005 11:11:36 -0400

Valt.X is developing a new technology, The Total Firewall, which will
allow endpoint computers to be managed remotely even if the hard disk
drive is blank eliminating the need to go onsite to fix/image a computer
unless there is a hardware problem. The technology has been designed
based on input from Homeland Security, British Military, China Military
and our Higher Education sector customers and includes both Storage
Firewall and Personal Network Firewall functions. The prototype is
scheduled for October 2005 release.
The problem with initiating fixes manually from endpoint computers was
highlighted last year when 80,000 computers wiped out by a patch gone
wrong at British Public Works took about a week to recover because image
downloads had to be initiated at each computer.

Dennis Meharchand
CEO, Valt.X Technologies Inc.
tel: 416-746-6669, 1-800-361-0067
web: www.valtx.com


-----Original Message-----
From: Charlie Prothero [mailto:Charlie.Prothero () KEYSTONE EDU]
Sent: Monday, June 20, 2005 8:07 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Windows Desktop Imaging/Refresh & DOS &
LanManager compatiblility & Risk

We found ourselves in a similar situation.  Every new generation of
hardware brought new network drivers, so maintaining boot disks and/or
RIS got to be a pain.  Then one of our techs discovered Bart PE
(http://www.nu2.nu/pebuilder/).  If you haven't looked at this tool,
you're probably working too hard.  It basically makes a bootable Windows
XP CD-ROM that you can use for system maintenance, fixing disk problems,
salvaging data from non-bootable (or "password lost") NTFS volumes, etc.
With full network support, it also makes it easy to connect to a Ghost
server and load an image.  The only downside is that it takes a little
longer to boot than RIS or a floppy/DOS diskette.

- Charlie.

Charlie Prothero
IT Director
Keystone College

-----Original Message-----
From: Are Leif Garn}sjordet [mailto:a.l.garnasjordet () USIT UIO NO]
Sent: Monday, June 20, 2005 3:43 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Windows Desktop Imaging/Refresh & DOS &
LanManager compatiblility & Risk

On Fri, 17 Jun 2005, James H Moore wrote:

I naively asked when we could get rid of LANManager compatibility.

What

finally surfaced was that Altiris(tm) and Symantec Ghost(tm) both were

DOS

based, and the only password protection that can be achieved was

through

LANManager.

How are people handling this?


For awhile we used Ghostcast over PXE from a RIS server, but it was a
pain
to keep the ghostcastserver running with multiple sessions all the time.
Automating it was not fun and we never got it to work properly.  At the
moment we run RIS, Windows PE and ghost32 and it is much smoother and
with
far less driver problems. PE supports Kerberos authenticating. I
wouldn't
do this unless your internal network is 100 mbit or higher.

/ArG
USIT/CITS  Center for Information Technology Services, University of
Oslo

Current thread:

Re: Windows Desktop Imaging/Refresh & DOS & LanManager compatiblility & Risk Are Leif Garn}sjordet (Jun 20)
- <Possible follow-ups>
- Re: Windows Desktop Imaging/Refresh & DOS & LanManager compatiblility & Risk Charlie Prothero (Jun 20)
- Re: Windows Desktop Imaging/Refresh & DOS & LanManager compatiblility & Risk Chris Bues (Jun 20)
- Re: Windows Desktop Imaging/Refresh & DOS & LanManager compatiblility & Risk Dennis Meharchand, CEO Valt.x (Jun 20)
- Re: Windows Desktop Imaging/Refresh & DOS & LanManager compatiblility & Risk Lois Lehman (Jun 21)