funsec mailing list archives
Re: Infecting OEM Images
From: Dude VanWinkle <dudevanwinkle () gmail com>
Date: Thu, 19 Jan 2006 20:25:46 -0500
On 1/19/06, Willy, Andrew <AWilly () esmil net> wrote:
That restore partition rather than CD caught us by suprise in a Ghost deployment fiasco. I won't bore you with details but will summarize the conversation. Guy A: "Hrm. I guess this image ain't gonna work on these workstations." Guy B: "Better start over." Guy A: "Yep. Let me have the ever handy, really useful, incredibly reliable restore CD." Guy B: "I thought you had it?"
All you need is their drivers, dump the (dell, hp, compaq, toshiba, ibm, etc) image and create your own, slipstream the patches (http://unattended.msfn.org) and put your apps in the run_once reg entries with a reboot set for every one that _requires_ it. For those apps that dont have command line switches for their installers, you can use that handy ghost cd to get the best thing off it: AI Snapshot and AI Builder. It make take two weeks to have your own winnt.sif file and standard apps, but it is well worth it, plus you can put it on a NIS and then just type newpatch.exe /integrate:\\path_to_NIS_install_files every patch tuesday and viola! All the standard images have so much fluff, and a lot if that fluff is or will be a security flaw, not to mention a waste of space and cycles. Plus with an automated install, you dont have to worry about driver conflicts. -JP "Integrate the SATA drivers last ;-)" -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Infecting OEM Images Todd Towles (Jan 19)
- <Possible follow-ups>
- RE: Infecting OEM Images Willy, Andrew (Jan 19)
- Re: Infecting OEM Images Dude VanWinkle (Jan 19)
- Re: Infecting OEM Images Xyberpix (Jan 20)