Re: ADS with SP1 and IMGMOUNT.exe
- From: "Tim Net" <google@xxxxxxxxxxxxx>
- Date: Thu, 7 Apr 2005 07:03:07 -0400
Ankit,
Yes, I can mount images with /W but I use MD5 and encryption to make sure
that an Image IS an Image.
Does the file change?
I created a new directory named E:\ADSTest and copied a small 49 MB image
named ADSVolume_Copy1.img.
I then copied it again to the same dir and renamed it to ADSVolume_Copy2.img
Here's what the directory looks like:
E:\ADSTest>dir
Volume in drive E is Data
Volume Serial Number is 285A-23CF
Directory of E:\ADSTest
04/07/2005 06:42 AM <DIR> .
04/07/2005 06:42 AM <DIR> ..
03/08/2005 08:19 AM 49,677,239 ADSVolume_Copy1.img
03/08/2005 08:19 AM 49,677,239 ADSVolume_Copy2.img
2 File(s) 99,354,478 bytes
I checked the MD5 on each file to be exact:
E:\ADSTest>md5sum E:\ADSTest\ADSVolume_Copy1.img
\7ecc08487155024fb5221634e1a1c627 *E:\\ADSTest\\ADSVolume_Copy1.img
E:\ADSTest>md5sum E:\ADSTest\ADSVolume_Copy2.img
\7ecc08487155024fb5221634e1a1c627 *E:\\ADSTest\\ADSVolume_Copy2.img
In one statement, I mounted and unmounted the image:
E:\ADSTest>imgmount /m /d:p /w ADSVolume_Copy1.img & imgmount /u p:
Image file mounted as driver letter [P:]
Image is now unmounted
Now checking the MD5 on Copy1 yields a new value:
E:\ADSTest>md5sum E:\ADSTest\ADSVolume_Copy1.img
\96e66c3dfed8692a8f6ba40442946a5c *E:\\ADSTest\\ADSVolume_Copy1.img
The file size has changed also:
E:\ADSTest>dir
Volume in drive E is Data
Volume Serial Number is 285A-23CF
Directory of E:\ADSTest
04/07/2005 06:35 AM <DIR> .
04/07/2005 06:35 AM <DIR> ..
04/07/2005 06:39 AM 51,774,391 ADSVolume_Copy1.img
03/08/2005 08:19 AM 49,677,239 ADSVolume_Copy2.img
2 File(s) 101,451,630 bytes
Conclusion:
Simply mounting '/W' an image WILL irreversibly alter the image.
Pagefile.sys:
Another side note for those who may try to delete a pagefile.sys in order to
make an image smaller. Deleting a file does not remove it from the image,
only marks it as not to be deployed. So, write mounting (/W) an image,
deleting the pagefile.sys will actually make the image slightly larger. The
right way to accomplish this is to have a local security policy that clears
the pagefile on shutdown: Secpol.msc:Security Settings-->Local
Policy-->Security Options-->Shutdown:Clear virtual memory pagefile=Enabled.
Domain policy may override this.
LM hash:
I would also recommend disabling the LM hash storage before taking your
image as to thwart offline password cracking of the weak LM hash encryption
with l0pht or BeatLM. Secpol.msc:Security Settings-->Local
Policy-->Security Options-->Network Security:Do not store LAN Manager hash
value on next password change=Enabled. The change will not remove the LM
hash from your SAM until you reset the password on a particular account.
Domain policy may override this.
HTH.
"Ankit Oberoi [MSFT]" <ankito@xxxxxxxxxxxxx> wrote in message
news:O3e5X1wOFHA.2144@xxxxxxxxxxxxxxxxxxxxxxx
> Tim,
>
> Ads 1.1 is in beta right now and will be publicly available in 4th
> quarter. We will have a KB on this soon.
>
> Unless you change the image file, I do not think the size changes. Yes,
> you are correct while mounted, one cannot copy the file to make a backup
> before un mounting image.
>
>
> Are you able to mount an image with Imagemount /m /w imagename.img ?
>
>
> Thanks,
> Ankit Oberoi [Msft]
>
.
- References:
- ADS with SP1 and IMGMOUNT.exe
- From: Tim Net
- Re: ADS with SP1 and IMGMOUNT.exe
- From: Ankit Oberoi [MSFT]
- Re: ADS with SP1 and IMGMOUNT.exe
- From: Tim Net
- Re: ADS with SP1 and IMGMOUNT.exe
- From: Ankit Oberoi [MSFT]
- ADS with SP1 and IMGMOUNT.exe
- Prev by Date: RE: Unattended: TcpAllowedPorts is a global- or adapter-specific setting?
- Next by Date: Set Idle time out for VPN users
- Previous by thread: Re: ADS with SP1 and IMGMOUNT.exe
- Next by thread: Software Mirror
- Index(es):
Relevant Pages
|
