ZAVCXL0005 - Windows: Difference between revisions
(→P2V) |
|||
(6 intermediate revisions by the same user not shown) | |||
Line 32: | Line 32: | ||
:* If VirtualBox is configured in NAT mode, we can fix the certificate warning by using real server names in Outlook account configuration ('''mail.gandi.net''', '''smtp.priorweb.be''' and '''mail.priorweb.be'''), but this assumes that (1) SSH listens to <code>0.0.0.0</code> and (2) that Windows {{file|hosts}} file contains the lines: |
:* If VirtualBox is configured in NAT mode, we can fix the certificate warning by using real server names in Outlook account configuration ('''mail.gandi.net''', '''smtp.priorweb.be''' and '''mail.priorweb.be'''), but this assumes that (1) SSH listens to <code>0.0.0.0</code> and (2) that Windows {{file|hosts}} file contains the lines: |
||
<source lang=text> |
<source lang=text> |
||
:* If VirtualBox is configured in Bridged mode, use server '''zavcxl0005'''. This assumes SSH listens to <code>0.0.0.0</code>. |
|||
10.0.2.2 mail.gandi.net |
10.0.2.2 mail.gandi.net |
||
10.0.2.2 smtp.priorweb.be |
10.0.2.2 smtp.priorweb.be |
||
10.0.2.2 mail.priorweb.be |
10.0.2.2 mail.priorweb.be |
||
</source> |
</source> |
||
, but reroute server to IP <code>10.0.2.2</code> in Windows {{file|hosts}}'''. This will fix the certificate warning in Outlook. |
|||
|- |
|- |
||
|'''Application''' (<tt>package</tt>, repo ''Repository'')|| |
|'''Application''' (<tt>package</tt>, repo ''Repository'')|| |
||
Line 145: | Line 143: | ||
cd |
cd |
||
sudo umount /media/ubuntu/OSDisk |
sudo umount /media/ubuntu/OSDisk |
||
=== Virtualbox launcher === |
|||
We create the file {{file|/home/peetersm/.local/share/applications/virtualbox-vbox.desktop}}: |
|||
<source lang="text"> |
|||
#!/usr/bin/env xdg-open |
|||
[Desktop Entry] |
|||
Version=1.0 |
|||
Type=Application |
|||
Terminal=false |
|||
Icon[en_US]=virtualbox |
|||
Name[en_US]=vbox's VirtualBox |
|||
Exec=/home/peetersm/bin/vbox.sh |
|||
Comment[en_US]=Run several virtual systems on a single host computer |
|||
Name=vbox's VirtualBox |
|||
Comment=Run several virtual systems on a single host computer |
|||
Icon=virtualbox |
|||
</source> |
|||
This will launch virtualbox as user ''vbox''. |
|||
== System Settings == |
== System Settings == |
||
Line 172: | Line 190: | ||
* '''{{red|To Do}}''' — Disable igfxCUIService Module because it crashes (see Action Center) |
* '''{{red|To Do}}''' — Disable igfxCUIService Module because it crashes (see Action Center) |
||
* '''{{red|Issue}}''' — To be completed |
* '''{{red|Issue}}''' — To be completed |
||
* '''{{red|To Do}}''' — Import '''STWLAN2''' settings on Linux host |
|||
:*Interesting blogs [http://community.arubanetworks.com/t5/Wireless-Access/Machine-authentication-on-WIN7-configuration/m-p/228737#M46967 Machine authentication on WIN7 - configuration], [http://www.networkworld.com/article/2940463/it-skills-training/machine-authentication-and-user-authentication.html Machine Authentication and User Authentication] |
|||
:*See also [[Wifi]]. |
|||
:* Wireless settings |
|||
<source lang=bash> |
|||
STWLAN2 Wireless Network Properties |
|||
----------------------------------- |
|||
Connection: |
|||
Name : STWLAN2 |
|||
SSID : STWLAN2 |
|||
Network type : Access point |
|||
Network availability: All users |
|||
[X] Connect automatically when this network is in range |
|||
Security: |
|||
Security type : [WPA2-Enterprise ] |
|||
Encryption type: [AES ] |
|||
Choose a network authentication method: |
|||
[Microsoft: Protected EAP (PEAP) ] |
|||
Protected EAP Properties |
|||
When connecting: |
|||
[X] Validate server certificate |
|||
[ ] Connect to these servers: |
|||
[ ] |
|||
Trusted Root Certification Authorities |
|||
[X] ST ROOT CA 1 |
|||
[X] ST ROOT CA 2 |
|||
[X] Do not prompt user to authorize new serers or trusted certification authorities |
|||
Select Authentication Method: |
|||
Secured password (EAP-MSCHAP v2) |
|||
[X] Automatically use my Windows logon name and password (and domain if any) |
|||
[X] Enable Fast Reconnect |
|||
[ ] Enforce Network Access Protection |
|||
[ ] Disconnect if server does not present cryptobinding TLV |
|||
[ ] Enable Identity Privacy [ ] |
|||
Advanced settings |
|||
802.1X settings |
|||
[X] Specify authentication mode |
|||
[Compuer authentication ] |
|||
[ ] Delete credentials for all users |
|||
[ ] Enable single sign on for this network |
|||
802.11 settings |
|||
Fast roaming |
|||
[X] Enable Pairwise Master Key (PMK) caching |
|||
PMK time to live (minutes) [720 ] |
|||
Number of entries in PMK cache [128 ] |
|||
[ ] This network uses pre-authentication |
|||
[ ] Enable FIPS compliance for this network |
|||
</source> |
|||
<source lang=winbatch> |
|||
netsh wlan show profile STWLAN2 key=clear |
|||
</source> |
|||
<source lang=text> |
|||
Profile STWLAN2 on interface Wireless Network Connection 2: |
|||
======================================================================= |
|||
Applied: Group Policy Profile |
|||
Profile information |
|||
------------------- |
|||
Version : 1 |
|||
Type : Wireless LAN |
|||
Name : STWLAN2 |
|||
Control options : |
|||
Connection mode : Connect automatically |
|||
Network broadcast : Connect only if this network is broadcasting |
|||
AutoSwitch : Do not switch to other networks |
|||
Connectivity settings |
|||
--------------------- |
|||
Number of SSIDs : 1 |
|||
SSID name : "STWLAN2" |
|||
Network type : Infrastructure |
|||
Radio type : [ Any Radio Type ] |
|||
Vendor extension : Not present |
|||
Security settings |
|||
----------------- |
|||
Authentication : WPA2-Enterprise |
|||
Cipher : CCMP |
|||
Security key : Absent |
|||
802.1X : Enabled |
|||
EAP type : Microsoft: Protected EAP (PEAP) |
|||
802.1X auth credential : Machine credential |
|||
Cache user information : Yes |
|||
</source> |
|||
<source lang=winbatch> |
|||
netsh wlan export profile |
|||
</source> |
|||
<source lang=xml> |
|||
<?xml version="1.0"?> |
|||
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"> |
|||
<name>STWLAN2</name> |
|||
<SSIDConfig> |
|||
<SSID> |
|||
<hex>5354574C414E32</hex> |
|||
<name>STWLAN2</name> |
|||
</SSID> |
|||
</SSIDConfig> |
|||
<connectionType>ESS</connectionType> |
|||
<MSM> |
|||
<security> |
|||
<authEncryption> |
|||
<authentication>WPA2</authentication> |
|||
<encryption>AES</encryption> |
|||
<useOneX>true</useOneX> |
|||
</authEncryption> |
|||
<PMKCacheMode>enabled</PMKCacheMode> |
|||
<PMKCacheTTL>720</PMKCacheTTL> |
|||
<PMKCacheSize>128</PMKCacheSize> |
|||
<preAuthMode>disabled</preAuthMode> |
|||
<OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> |
|||
<heldPeriod>1</heldPeriod> |
|||
<authPeriod>18</authPeriod> |
|||
<startPeriod>5</startPeriod> |
|||
<maxStart>3</maxStart> |
|||
<authMode>machine</authMode> |
|||
<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames><TrustedRootCA>d6 6d 4e c1 a0 66 6e 3d 8c 49 a8 5a 2a b3 4a ca c7 73 49 d7 </TrustedRootCA><TrustedRootCA>00 91 14 ef 7e 8b 1b ae bd 77 07 ab 4f b5 ef 20 44 71 29 4b </TrustedRootCA><TrustedRootCA>eb 1d 7b 59 20 43 9c 3a d7 f8 75 8e 0e af 3a 9f 40 e2 7b 8d </TrustedRootCA></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>true</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig> |
|||
</OneX> |
|||
</security> |
|||
</MSM> |
|||
</WLANProfile> |
|||
</source> |
|||
=== Done & Fixed === |
=== Done & Fixed === |
Latest revision as of 11:51, 22 April 2022
Introduction
This is the configuration page for the Windows 7 partition on ZAVCWL0035.
Configuration Files
All configuration files can be found here.
Installed Applications
Common applications
See Common configuration for Linux.
Essential
Outlook (package) |
10.0.2.2 mail.gandi.net
10.0.2.2 smtp.priorweb.be
10.0.2.2 mail.priorweb.be
|
Application (package, repo Repository) |
sudo apt-...
|
Application (package) |
|
Local
MSYS / MinGW (package) |
|
MSYSGit (package) |
|
Uninstalled
Application (package) | [YYYY-MM-DD] Update Additional configuration settings |
P2V
- Resize C: / /dev/sda1 partition to 60GB using gparted.
- Delete BCD partition /dev/sda2.
- Create raw partition disk:
sudo dd if=/dev/sda of=vm.mbr bs=512 count=1 sudo install-mbr -i n -p D -t 0 vm.mbr # Certainly useless since we'll repair the boot with Win rescue disk sudo vboxmanage internalcommands createrawvmdk -filename zavcwl0035-sda1-mbr.vmdk -rawdisk /dev/sda -partitions 1 -relative -mbr vm.mbr # This creates 2 files: ...-mbr.vmdk, and ...-mbr-pt.vmdk
Create VM:
- Mount zavcwl0035-sda1-mbr.vmdk
- Set hard-disk as Solid-state Drive
Boot VM with Ubuntu Live CD:
- In Gparted, delete all partitions but /dev/sda1, and set boot flag.
- This is needed to have Windows Repair Disc detect correctly the windows installation.
Boot in windows repair. Now it detects the partition. Let repair and restart. Boot again Windows repair disc. To skip automatic recovery, select restore image, then next, then cancel twice. Open a command prompt:
mountvol # Show a single volume C: (+X: and D: from the current boot) c: bcdedit /export C:\BCD_Backup ren C:\boot\BCD bcd.old bootrec /rebuildbcd
... and say Y when asked to add installation to boot list. Reboot, press F8.
Boot normally: Windows boots but we get a blue screen that quickly disappear. Go into advanced boot options by hitting F8 at boot, and choose Disable automatic restart on system failure. We see the message:
A problem has been detected ... ... Technical information: *** STOP: 0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFC0000034, ...)
When started in safe mode, several drivers are started, and stops at CLASSPNP.SYS.
Boot linux livecd, then delete all occurences of AGP440.sys and intelppm.sys.
Boot Windows repair cd, import into registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
"InfPath"="mshdc.inf"
"InfSection"="msahci_Inst"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7600.16385"
"MatchingDeviceId"="pci\\cc_010601"
"DriverDesc"="Standard AHCI 1.0 Serial ATA Controller"
"Migrated"=dword:00000001
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\atapi]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\msahci]
"Start"=dword:00000000
Reboot... it boots! Let's shutdown w/o logging... it boots again! Yeehaa!!!
To get administrator access, first install chntpw
:
- Either enable universe repository on ubuntu live cd (edit /etc/apt/sources.list
- Or copy package
Then
cd /media/ubuntu/OSDisk/Windows/System32/config chntpw -l SAM chntpw -u SysAdmin SAM cd sudo umount /media/ubuntu/OSDisk
Virtualbox launcher
We create the file /home/peetersm/.local/share/applications/virtualbox-vbox.desktop:
#!/usr/bin/env xdg-open
[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_US]=virtualbox
Name[en_US]=vbox's VirtualBox
Exec=/home/peetersm/bin/vbox.sh
Comment[en_US]=Run several virtual systems on a single host computer
Name=vbox's VirtualBox
Comment=Run several virtual systems on a single host computer
Icon=virtualbox
This will launch virtualbox as user vbox.
System Settings
1st install |
→ used space: 34.110.431.232 (31.7GB)
→ used space: 28.867.043.328 (26.8GB)
→ used space: 22.665.486.336 (21.1GB) |
Tuning |
|
To Do
Issues
- To Do — Disable Remote Assistance (System properties → Remote)?
- To Do — Uninstall McAfee Endpoint Encryption
- To Do — Install MS symbols for Process Explorer [1]
- To Do — Disable igfxCUIService Module because it crashes (see Action Center)
- Issue — To be completed
- To Do — Import STWLAN2 settings on Linux host
- Interesting blogs Machine authentication on WIN7 - configuration, Machine Authentication and User Authentication
- See also Wifi.
- Wireless settings
STWLAN2 Wireless Network Properties
-----------------------------------
Connection:
Name : STWLAN2
SSID : STWLAN2
Network type : Access point
Network availability: All users
[X] Connect automatically when this network is in range
Security:
Security type : [WPA2-Enterprise ]
Encryption type: [AES ]
Choose a network authentication method:
[Microsoft: Protected EAP (PEAP) ]
Protected EAP Properties
When connecting:
[X] Validate server certificate
[ ] Connect to these servers:
[ ]
Trusted Root Certification Authorities
[X] ST ROOT CA 1
[X] ST ROOT CA 2
[X] Do not prompt user to authorize new serers or trusted certification authorities
Select Authentication Method:
Secured password (EAP-MSCHAP v2)
[X] Automatically use my Windows logon name and password (and domain if any)
[X] Enable Fast Reconnect
[ ] Enforce Network Access Protection
[ ] Disconnect if server does not present cryptobinding TLV
[ ] Enable Identity Privacy [ ]
Advanced settings
802.1X settings
[X] Specify authentication mode
[Compuer authentication ]
[ ] Delete credentials for all users
[ ] Enable single sign on for this network
802.11 settings
Fast roaming
[X] Enable Pairwise Master Key (PMK) caching
PMK time to live (minutes) [720 ]
Number of entries in PMK cache [128 ]
[ ] This network uses pre-authentication
[ ] Enable FIPS compliance for this network
netsh wlan show profile STWLAN2 key=clear
Profile STWLAN2 on interface Wireless Network Connection 2:
=======================================================================
Applied: Group Policy Profile
Profile information
-------------------
Version : 1
Type : Wireless LAN
Name : STWLAN2
Control options :
Connection mode : Connect automatically
Network broadcast : Connect only if this network is broadcasting
AutoSwitch : Do not switch to other networks
Connectivity settings
---------------------
Number of SSIDs : 1
SSID name : "STWLAN2"
Network type : Infrastructure
Radio type : [ Any Radio Type ]
Vendor extension : Not present
Security settings
-----------------
Authentication : WPA2-Enterprise
Cipher : CCMP
Security key : Absent
802.1X : Enabled
EAP type : Microsoft: Protected EAP (PEAP)
802.1X auth credential : Machine credential
Cache user information : Yes
netsh wlan export profile
<?xml version="1.0"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
<name>STWLAN2</name>
<SSIDConfig>
<SSID>
<hex>5354574C414E32</hex>
<name>STWLAN2</name>
</SSID>
</SSIDConfig>
<connectionType>ESS</connectionType>
<MSM>
<security>
<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>
<PMKCacheMode>enabled</PMKCacheMode>
<PMKCacheTTL>720</PMKCacheTTL>
<PMKCacheSize>128</PMKCacheSize>
<preAuthMode>disabled</preAuthMode>
<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
<heldPeriod>1</heldPeriod>
<authPeriod>18</authPeriod>
<startPeriod>5</startPeriod>
<maxStart>3</maxStart>
<authMode>machine</authMode>
<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames><TrustedRootCA>d6 6d 4e c1 a0 66 6e 3d 8c 49 a8 5a 2a b3 4a ca c7 73 49 d7 </TrustedRootCA><TrustedRootCA>00 91 14 ef 7e 8b 1b ae bd 77 07 ab 4f b5 ef 20 44 71 29 4b </TrustedRootCA><TrustedRootCA>eb 1d 7b 59 20 43 9c 3a d7 f8 75 8e 0e af 3a 9f 40 e2 7b 8d </TrustedRootCA></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>true</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig>
</OneX>
</security>
</MSM>
</WLANProfile>
Done & Fixed
- Fixed — Issue description
Fix description - Done — Description