Re: Same SID Issue
From: KM (konstmor_at_nospam_yahoo.com)
Date: 01/12/05
- Next message: Doug Hoeffel: "Re: EWF File Persistence Corruption"
- Previous message: Jeff A.: "Re: Error 1606"
- In reply to: Pascal Bouchard: "Re: Same SID Issue"
- Next in thread: Pascal Bouchard: "Re: Same SID Issue"
- Reply: Pascal Bouchard: "Re: Same SID Issue"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 12 Jan 2005 14:36:20 -0800
Pascal,
> Intending to compare my XPe partition, i though i'd have a partition that
> boots a tiny OS that speaks TCP/IP, compute the checksum of the XPE
> partition and, with a custom protocol over TCP, asks the server for the
> current XPE partition checksum..... update... etc etc....
This sounds right. So, why don't you compare the current image checksum with the initial checksum of the same original image?
By original image I mean the one that you get after a Cloning phase. You run the image first time at the field, turn on EWF, shut it
down and capture the image checksum with your QSX custom OS.
Then if you save the checksum on the server assigning to to this particular device in the devic list you will always be able to
compare the checksums later on. Assuming, of course, you have EWF running and enabled on the client image.
If later on you wanted to update the image (EWF commit then), you would capture and update the initail checksum once again.
> Actually, i'd like to confirm that having the same SID on all my targets
> will cause me a problem implementing ADS, Domain Registration, SMS, Windows
> Network... if it causes a problem, i will stop trying to find a "partition
> checksum comparison" solution and find another architecture.
Well.. It is hard to confirm that with such broad range of different technologies listed. It all comes to much of testing.
Again, there have been no known issues in Domain environment caused by the same local SIDs.
> The best workaround i found is to have a read-only initial XPE partition and
> having EWF overlays; my problem is that if a virus infects my system and
> that it cannot boot anymore, i'm in deep s@#$!@ 10000 times; in emergency
> case, i'd like to rollback to initial version or completely remotely
> reinstall an image; your advices are welcome.
I agree with Sloboda. Make your media read-only (CD-ROM, flash with hardware read-only switch, etc.) and you won't be worring about
persistent viruses.
(while there are still some session-active viruses)
--
Regards,
KM, BSquare Corp.
> > Pascal,
> >
> > You don't want to make client images different by having them, for
> > instance, different SIDs, right?
> >
> > I have very little experience with POS systems but I thought they are
> > usually pretty big images. Although I completely understand it
> > would depends on the main POS application(s) used on the device and the
> > application requirements/dependencies. There is observing
> > some growing popularly for the port of POS applications to .Net which
> > makes most of the POS systems heaver than, say, regular
> > Minlogon image size.
> > Anyway, I think you have already evaluated XPe to meet your device
> > specifications and requirements so I am not going to tell you
> > that your future XPe image will unlike be around 10MB :-)
> > Btw, Remote Assistance will bring a bunch of components in your image.
> >
> > Regarding your device requirements.... How you are going to send the
> > checksum to the server? Do your have your own BIOS
> > implementation for PXe client and server side PXe?
> > Or are you planning to use another protocol from, say, temporary loaded OS
> > image?
> > I mean it is just not clear to me how you are going to calculate the
> > checksum and send it to the server? If it is your custom
> > protocol you can maintain a simple database on the server side (even a
> > plain text file will work) with the initial client image
> > checksums. Then whenever a client device boots up and sends the current
> > image checksum to the server, you can compare it there and
> > download a new image if available. Although this way you still need to use
> > image datetime stamp to know whether the server image is
> > newer.
> > So if you get the database then you can have different images on client
> > devices with no harm.
> >
> > Also, take a look at the IBM Rapid Recovery solution. You will have to
> > have IBM BIOS, though, but if you purchase IBM box you get
> > the software for free.
> >
> > Btw, did you have a chance to evaluate WePOS for your needs? My guess is
> > that it is too heavy for you.
> >
> > --
> > Regards,
> > KM
> >
> >> Your last question is very relevant KM; let me explain what i'm trying to
> >> validate :
> >>
> >> We build a RPOS system; this system was using QNX (Real-time Operating
> >> system based on POSIX); we decided to have a new technological direction
> >> and
> >> use XP Embedded; the initial RPOS had a 10Mb footprint onto a M-System
> >> IDE
> >> Disk-On-Chip; onto this disk were some partitions; the first active
> >> partition was intended to compare (checksum based) our application with a
> >> server image; if the image was different, it was getting downloaded and
> >> deployed.
> >>
> >> The question i'm trying to answer now is "Can i have the exact same OS
> >> image
> >> on all my targets and then compare it with a server image?"; intending to
> >> update it without being booted in windows.
> >>
> >> Basically, the needs we have are :
> >> * Being able to, remotely, without any manual intervention, update the os
> >> image rapidly (within an acceptable timeframe on a 56K line - In case of
> >> emergency - Sector by Sector if possible (fast))
> >> * Being able to update the OS and Application remotely
> >> * Being able to Remote Assist
> >> * Being BLINDED against viruses and bad interventions (cause on-site
> >> intervention on 10000 RPOS are unacceptable) (rollback probably).
> >>
> >> If you had answers or advices for me, i'd be very pleased; EWF will
> >> probably
> >> be part of your suggestion. (PXE is available to my RPOS); we'd like to
> >> use
> >> a USB Mass Storage Key.
> >>
> >>
> >> "KM" <konstmor@nospam_yahoo.com> wrote in message
> >> news:%23qw5n6C%23EHA.1084@TK2MSFTNGP15.phx.gbl...
> >> > Pascal,
> >> >
> >> > You seem to have confused a few things together.
> >> > SID and hostname are different things and they may cause different
> >> > issues
> >> > if not unique per device on the same network.
> >> >
> >> >
> >> > Basically, in Domain environment it operated with so called Domain SDI
> >> > which is not the local computer SID that would be cloned
> >> > without fbreseal or newsid.
> >> > The SID of a user or group from a domain is always based on the SID of
> >> > the
> >> > domain, and uniquely identifies the user or group. While
> >> > the OS derives local user accounts and group SIDs from the computer
> >> > SID.
> >> > You will need to think more about unique SIDs if your devices work in
> >> > workgroup or if you clone NTFS based volume with security
> >> > attributes set for some accounts.
> >> >
> >> > You may want to read more here:
> >> > http://support.microsoft.com/kb/q162001/
> >> > http://www.winntmag.com/Windows/Articles/ArticleID/3469/pg/2/2.html
> >> >
> >> > For another question it may take a while to answer as you asked for a
> >> > whole bunch of different technologies. I'd recommend you to do
> >> > some goggling first or search MSDN.
> >> > You will find great info on any topic from your list there.
> >> >
> >> > You you really need to know what the same computer name may cause, look
> >> > at
> >> > MSDN for WINS information.
> >> > Or read this page:
> >> > http://www.petri.co.il/registration_of_netbios_names.htm. Please note
> >> > the
> >> > complete NetBIOS name list and Unique
> >> > flag (Type) for each item from the list.
> >> >
> >> > --
> >> > Regards,
> >> > KM, BSquare Corp.
> >> >
> >> > PS. Why just not eliminate all this SID/computer name problems by using
> >> > System Cloning Tools or newsid?
> >> >
> >> >
> >> >> I understand the security issue but what about the following topics
> >> >> (all
> >> >> targets with same sid) :
> >> >>
> >> >> * Domain Registration
> >> >> Is it a good presumption to think that it will never work (cause
> >> >> same
> >> >> sid and same hostname) ?
> >> >>
> >> >> * Active Directory
> >> >> Is it only based on domain participation (if so, it will never
> >> >> work)
> >> >> ?
> >> >> (otherwise, will it work?)
> >> >>
> >> >> * SMS
> >> >> Is it based on active directory ?
> >> >>
> >> >> * DUA ?
> >> >>
> >> >> * Computer Browsing ?
> >> >>
> >> >> * NetBios
> >> >> Is all communication other than basic Tcp/IP (e.g. time synchro,
> >> >> domain
> >> >> credentials, wins, etc ) based on this
> >> >> protocol ?
> >> >>
> >> >> * Tcp/Ip
> >> >> DHCP server will be used... i suppose it is not an issue ? isn't
> >> >> it ?
> >> >>
> >> >> None of my targets need to communicate with each other BUT one or some
> >> >> servers will.
> >> >>
> >> >> "Slobodan Brcin (eMVP)" <sbrcin@ptt.yu> wrote in message
> >> >> news:OgbzTJB%23EHA.1084@TK2MSFTNGP15.phx.gbl...
> >> >> > Pascal,
> >> >> >
> >> >> > http://www.sysinternals.com/ntw2k/source/newsid.shtml
> >> >> >
> >> >> > Regards,
> >> >> > Slobodan
> >> >> >
> >> >> > "Pascal Bouchard" <pascal.bouchard@rfranco.ca> wrote in message
> >> >> > news:eBJeCfA%23EHA.2032@tk2msftngp13.phx.gbl...
> >> >> >> Can someone tell me the impacts on having the exact same image
> >> >> >> (including
> >> >> >> same SID) on multiple targets on the same network ?
> >> >
> >> >
> >>
> >>
> >
> >
>
>
- Next message: Doug Hoeffel: "Re: EWF File Persistence Corruption"
- Previous message: Jeff A.: "Re: Error 1606"
- In reply to: Pascal Bouchard: "Re: Same SID Issue"
- Next in thread: Pascal Bouchard: "Re: Same SID Issue"
- Reply: Pascal Bouchard: "Re: Same SID Issue"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
