Nxl67170 - Windows: Difference between revisions
(67 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
* {{blue|'''Image 2'''}} (ntfsclone) — Last backup image. Contains additional software, custom settings and virtualization. |
* {{blue|'''Image 2'''}} (ntfsclone) — Last backup image. Contains additional software, custom settings and virtualization. |
||
* {{blue|'''Image 3'''}} (vbox snapshot) — 1st virtualbox snapshot, state as on harddrive image. Content of the next backup image. Last known good version, VM is reverted to that image if ''Candidate'' image is broken |
* {{blue|'''Image 3'''}} (vbox snapshot) — 1st virtualbox snapshot, state as on harddrive image. Content of the next backup image. Last known good version, VM is reverted to that image if ''Candidate'' image is broken |
||
** Next images are named {{blue|'''Image 4'''}}, {{blue|'''Image 5'''}}... |
|||
* {{red|'''Candidate'''}} (vbox snapshot) — Last permanent image, VM is reverted to that image regularly to get SW updates, and apply last changes from ''new''. All services enabled. Merged into ''Image 3'' if proven stable. |
* {{red|'''Candidate'''}} (vbox snapshot) — Last permanent image, VM is reverted to that image regularly to get SW updates, and apply last changes from ''new''. All services enabled. Merged into ''Image 3'' if proven stable. |
||
* {{red|'''Lightweight'''}} (vbox snapshot) — Lightweight version of candidate (many serviced and AV disabled). Contains last bleeding-edge changes. VM already started. VM is reverted to that image on a daily basis. |
* {{red|'''Lightweight'''}} (vbox snapshot) — Lightweight version of candidate (many serviced and AV disabled). Contains last bleeding-edge changes. VM already started. VM is reverted to that image on a daily basis. |
||
{{red|'''Before Deleting Snapshots'''}} |
|||
* Backup Personal certificates (save them to {{file|~/Documents/archive.noidx/backup_and_log/nxl67170-latitude_e5430/certificates}}, see {{file|README.TXT}} for instructions) |
|||
* Backup Office templates (from {{file|C:\Users\beq06659\AppData\Roaming\Microsoft\Templates}} to {{file|~/Documents/archive.noidx/backup_and_log/nxl67170-latitude_e5430}}) |
|||
'''Daily process''' |
'''Daily process''' |
||
Line 20: | Line 25: | ||
* Apply last changes applied in image ''lightweight'', and download last SW update, etc. |
* Apply last changes applied in image ''lightweight'', and download last SW update, etc. |
||
* Create new ''candidate'' snapshot |
* Create new ''candidate'' snapshot |
||
* Apply non-permanent changes (lightweight), and create new ''lightweight'' snapshot. |
* Apply non-permanent changes (lightweight, see below), and create new ''lightweight'' snapshot. |
||
'''How to create a ''Lightweight'' image from a standard one''' |
|||
* Boot image using Windows recovery DVD and start {{file|regedit.exe}} |
|||
* Mount {{file|SYSTEM}} hive as <code>remote_SYSTEM</code> |
|||
* Mount {{file|SOFTWARE}} hive as <code>remote_SOFTWARE</code> |
|||
* Import registry files {{file|c:\temp\custom_config\*_On_Remote.reg}}. |
|||
* Edit {{file|hosts}} file, and add / uncomment line |
|||
127.0.0.1 wbi.nxp.com |
|||
* Restart, and run asap the file {{file|c:\temp\custom_config\Customize_config.bat}} as administrator. |
|||
* Make sure that the network interface is set to ''NAT'', and that the CD-ROM is removed before making the snapshot. |
|||
* In Outlook, disable de ''McAfee Add-in''. |
|||
'''Monthly process''' |
'''Monthly process''' |
||
Line 36: | Line 52: | ||
{| class="install_simple_log" |
{| class="install_simple_log" |
||
|- |
|- |
||
|'''Outlook 2010'''|| |
|'''Outlook 2010/2013 (Office 365)'''|| |
||
* {{green|1st}} Deleted .OST file in user profile, and boot once outlook to recreate it (but quit before send & receive) |
* {{green|1st}} Deleted .OST file in user profile, and boot once outlook to recreate it (but quit before send & receive) |
||
* {{blue|2nd}} Set value <tt>HKCU\Software\Policies\Microsoft\Office\14.0\Outlook\options\DisableIMAP</tt> to '''0''' |
* {{blue|2nd}} Set value <tt>HKCU\Software\Policies\Microsoft\Office\14.0\Outlook\options\DisableIMAP</tt> to '''0''' |
||
Line 44: | Line 60: | ||
** {{blue|2nd}} For each IMAP account, select '''Mark items for deletion but do not move them automatically''' (→ ''Folder'' menu → ''Purge'' → ''Purge Options...'') (from [http://productforums.google.com/forum/#!msg/gmail/GHOq7TKZJeY/iGZ4GJQSRgw]).<br/>This fix the error message <tt>The operation cannot be performed because the object has been deleted</tt>. |
** {{blue|2nd}} For each IMAP account, select '''Mark items for deletion but do not move them automatically''' (→ ''Folder'' menu → ''Purge'' → ''Purge Options...'') (from [http://productforums.google.com/forum/#!msg/gmail/GHOq7TKZJeY/iGZ4GJQSRgw]).<br/>This fix the error message <tt>The operation cannot be performed because the object has been deleted</tt>. |
||
* {{blue|2nd}} Add account, your name '''Michael Peeters''', e-mail address '''michael.peeters@noekeon.org''', type '''IMAP''', incoming server '''localserver''', outgoing '''localserver''', user name '''mip@noekeon.org''', password (see keepassx) — (more settings) Account '''_noekeon.org_''', incoming server '''9143''', outgoing server '''9025''', root folder path '''INBOX''' |
* {{blue|2nd}} Add account, your name '''Michael Peeters''', e-mail address '''michael.peeters@noekeon.org''', type '''IMAP''', incoming server '''localserver''', outgoing '''localserver''', user name '''mip@noekeon.org''', password (see keepassx) — (more settings) Account '''_noekeon.org_''', incoming server '''9143''', outgoing server '''9025''', root folder path '''INBOX''' |
||
* {{red|new}} Do not set root folder path (or Android / Outlook will use different ''sent'' folder). |
|||
** Setup ''Send & Receive...'', ''subscribed folders'' and ''purge'' settings. |
** Setup ''Send & Receive...'', ''subscribed folders'' and ''purge'' settings. |
||
* {{blue|2nd}} Add account, your name '''Michael Peeters''', e-mail address '''michael.peeters@immie.org''', type '''IMAP''', incoming server '''mail.gandi.net''', outgoing '''mail.gandi.net''', user name '''mpe@immie.org''', password (see keepassx) — (more settings) Account '''michael.peeters@immie.org''', Outgoing server '''requires authentication''', incoming server '''9993''' using '''SSL''', outgoing server '''9465''' using '''SSL''', root folder path '''INBOX''' |
* {{blue|2nd}} Add account, your name '''Michael Peeters''', e-mail address '''michael.peeters@immie.org''', type '''IMAP''', incoming server '''mail.gandi.net''', outgoing '''mail.gandi.net''', user name '''mpe@immie.org''', password (see keepassx) — (more settings) Account '''michael.peeters@immie.org''', Outgoing server '''requires authentication''', incoming server '''9993''' using '''SSL''', outgoing server '''9465''' using '''SSL''', root folder path '''INBOX''' |
||
* {{red|new}} Do not set root folder path (or Android / Outlook will use different ''sent'' folder). |
|||
** Setup ''Send & Receive...'', ''subscribed folders'' and ''purge'' settings. |
** Setup ''Send & Receive...'', ''subscribed folders'' and ''purge'' settings. |
||
** Use '''mail.gandi.net''' for server to avoid 'The target principal name is incorrect'. For this, add to ''hosts'' file: |
** Use '''mail.gandi.net''' for server to avoid 'The target principal name is incorrect'. For this, add to ''hosts'' file: |
||
Line 88: | Line 106: | ||
* {{blue|2nd}} Install '''[[Outlook#Send & Save|Send & Save]]''' macro, and ''File → Options Trust Center → Macro Settings'' → '''Enable all macros''' |
* {{blue|2nd}} Install '''[[Outlook#Send & Save|Send & Save]]''' macro, and ''File → Options Trust Center → Macro Settings'' → '''Enable all macros''' |
||
* {{blue|2nd}} Import old signatures to <tt>C:\Users\beq06659\AppData\Roaming\Microsoft\Signatures</tt>, then ''Options → Mail → Signatures...''', select '''(graphic)''' for new messages, '''(short)''' for replies/forwards. |
* {{blue|2nd}} Import old signatures to <tt>C:\Users\beq06659\AppData\Roaming\Microsoft\Signatures</tt>, then ''Options → Mail → Signatures...''', select '''(graphic)''' for new messages, '''(short)''' for replies/forwards. |
||
* {{ |
* {{blue|5th}} Select default signatures for account ''_archives_'' as well. |
||
* {{blue|3rd}} Update rules! |
* {{blue|3rd}} Update rules! |
||
* {{blue|3rd}} Repair IMAP account (delete & create again PST)! |
* {{blue|3rd}} Repair IMAP account (delete & create again PST)! |
||
* {{blue|3rd}} Add Alias accounts (regular alias, but disable ''receive mail'' in ''Send & Receive'' settings) |
* {{blue|3rd}} Add Alias accounts (regular alias, but disable ''receive mail'' in ''Send & Receive'' settings) |
||
* {{blue|3rd}} '''Import''' mail security certificate from nxl67002. |
* {{blue|3rd}} '''Import''' mail security certificate from nxl67002. |
||
* {{ |
* {{blue|5th}} send one encrypted mail to enable automatic encryption/sign on forward |
||
* {{ |
* {{blue|5th}} move exchange .OST file to <tt>d:/nxp/outlook</tt> (see [[Outlook#Move .pst to another location|Outlook page]]) |
||
* {{blue|7th}} configure '''dialing rules''' (in '''Control Panel''' → '''Phone and Modem'''), so that outlook accepts pluses ('+') in phone numbers. |
|||
* {{blue|7th}} renew ''User Encryption'' certificate and select new certificate for email encryption (see mail ''PKI NXP'' dd 20140120) |
|||
* {{blue|7th}} disable all Auto-Correct features |
|||
* {{blue|8th}} Fix up rules on noekeon + fixup collabnet rules |
|||
* {{blue|9th}} Migration to '''Office 365''' |
|||
* {{blue|9th}} Again, move exchange .OST file to <tt>d:/nxp/outlook</tt> (see [[Outlook#Move .pst to another location|Outlook page]]). Created new profile ''Outlook_on_d'' (set as default). |
|||
* {{red|lightweight only}} disable ''mc-afee addin'' |
* {{red|lightweight only}} disable ''mc-afee addin'' |
||
|- |
|- |
||
Line 110: | Line 134: | ||
* {{green|1st}} ''Display options'' → '''Name View''' |
* {{green|1st}} ''Display options'' → '''Name View''' |
||
* {{green|1st}} Migration Office 365 completed (via corporate update) + imported old contacts |
* {{green|1st}} Migration Office 365 completed (via corporate update) + imported old contacts |
||
* {{red|new}} Fix very slow typing in Lync (maybe due to update 7/7/2014): |
|||
** Either reset audio settings (see [http://social.technet.microsoft.com/Forums/windows/en-US/126c0a0e-0014-4ad9-b81b-ea0765ebef09/lync-2013-with-windows-81-unusably-slow?forum=w8itproappcompat]). Go to ''Control Panel'', then IDT Audio, and reset things everywhere, including in Windows devices. |
|||
** Installed Dell drivers [http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=C6HVR&fileId=3327984030&osCode=&productCode=latitude-6430u-ultrabook&languageCode=&categoryId=AU] {{file|3330_Audio_Driver_C6HVR_WN_1.0.6491.0_A08.EXE}} (although crashed) |
|||
|- |
|- |
||
|'''Windows Command Processor (cmd.exe)'''|| |
|'''Windows Command Processor (cmd.exe)'''|| |
||
Line 135: | Line 162: | ||
|'''MS Office Visio Professional 2010 SP1 EN'''|| |
|'''MS Office Visio Professional 2010 SP1 EN'''|| |
||
* {{green|1st}} Via NXP Advertised program (requested via wbi portal) |
* {{green|1st}} Via NXP Advertised program (requested via wbi portal) |
||
* {{blue|7th}} Install UML 2.2 stencils from [http://www.softwarestencils.com/index.html softwarestencils] into {{file|\data\My Shapes\Software and Database\UML 2.2}} (+ edit stencils / templates path in visio). |
|||
* {{blue|7th}} Enable ''Developer Mode'' |
|||
* {{blue|7th}} Add styles button in ribbon |
|||
* {{blue|7th}} In ''View'' ribbon → ''Visual Aids'' (small arrow) → Enable '''Snap to shape vertices''' and '''Glue to shape vertices''' |
|||
* {{blue|7th}} disable all Auto-Correct features |
|||
|- |
|- |
||
|'''MS Office Word 2010 SP1 EN'''|| |
|'''MS Office Word 2010 SP1 EN'''|| |
||
* {{ |
* {{blue|7th}} New shortcut, {{kb|A-S-s}} for ''apply Body text style'' |
||
* {{ |
* {{blue|7th}} Add ''Style combo box'' in ''Quick Access Toolbar'' |
||
* {{ |
* {{blue|7th}} Show measurements in units of ''point'' |
||
* {{ |
* {{blue|7th}} Style area pane width in Draft and Outline view ''45pt'' |
||
* {{ |
* {{blue|7th}} Show [http://msdn.microsoft.com/en-us/library/bb608625.aspx ''developer tab''] in the ribbon |
||
* {{ |
* {{blue|7th}} Enable all macro (because NXP signed macros do not work!) |
||
* {{ |
* {{blue|7th}} Install [http://nww.nxp.com/smo/tds/html/Reference/Downloads_templates.html NXP TDM templates] in <tt>C:\Users\beq06659\AppData\Roaming\Microsoft\Templates\NXP TDM</tt> (as explained in ''How_to_use_TDM_Word_templates_v2.9.x_20110512'')<br/>(from <tt>D:\documents\nxp\templates\nxp_customer_documentation_templates</tt>) |
||
** {{ |
** {{blue|7th}} Fixed [[Word#Fixing_Bullets_in_Words|list bullet style]] |
||
* {{blue|7th}} disable all Auto-Correct features |
|||
* {{red|new}} Plugin [http://www.viemu.com/ ViEmu for Word & Outlook] |
|||
* {{red|new}} Uncheck option ''Remove Personal Information from File Properties on Save'' |
|||
* {{red|new}} Disable AutoFormat As You Type option''"Straight quotes" with ``smart quotes,,'' (equation editor work-around) |
|||
* {{red|new}} Update NXP TDM Templates (for user beq06659) |
|||
* {{red|to do}} Plugin [http://www.viemu.com/ ViEmu for Word & Outlook] |
|||
|- |
|- |
||
|'''Euroglot Professional 7.6.3 EN'''|| |
|'''Euroglot Professional 7.6.3 EN'''|| |
||
Line 151: | Line 187: | ||
|- |
|- |
||
|'''Opera'''|| |
|'''Opera'''|| |
||
* {{blue|7th}} Upgrade to v17 |
|||
* {{blue|2nd}} Set <tt>http://nxl67170ux:8118</tt> as proxy (all protocol) |
* {{blue|2nd}} Set <tt>http://nxl67170ux:8118</tt> as proxy (all protocol) |
||
* {{blue|2nd}} Add Collabnet client-side authentication certificate |
* {{blue|2nd}} Add Collabnet client-side authentication certificate |
||
Line 156: | Line 193: | ||
* {{blue|2nd}} Set master password, and ''use it to protect saved passwords'' |
* {{blue|2nd}} Set master password, and ''use it to protect saved passwords'' |
||
* {{blue|3rd}} Remove old sessions (incl. <tt>autosave.win</tt>) |
* {{blue|3rd}} Remove old sessions (incl. <tt>autosave.win</tt>) |
||
* {{red| |
* {{red|to do}} Add exceptions for proxy: |
||
leu-phil1.be-leu01.nxp.com |
|||
leu-phil2.be-leu01.nxp.com |
|||
|- |
|- |
||
|'''PDF X-Change Vewer'''|| |
|'''PDF X-Change Vewer'''|| |
||
* {{green|1st}} v2.5.210 |
* {{green|1st}} v2.5.210 |
||
* {{green|1st}} '''NO''' live update, '''NO''' addins |
* {{green|1st}} '''NO''' live update, '''NO''' addins |
||
* {{red|to do}} New review styles (green highlight) |
|||
|- |
|- |
||
|'''Vim'''|| |
|'''Vim'''|| |
||
Line 183: | Line 223: | ||
</source> |
</source> |
||
Note that we tell <tt>gvimext.dll</tt> to use 32-bit version of <tt>gvim.exe</tt>. More solutions at [http://superuser.com/questions/37495/wheres-my-open-with-gvim-context-menu-option-in-windows-7], [http://davidvielmetter.com/tricks/context-menu-issues-with-gvim-in-windows-7-x64/], but the shellex DLL offers more flexibility. |
Note that we tell <tt>gvimext.dll</tt> to use 32-bit version of <tt>gvim.exe</tt>. More solutions at [http://superuser.com/questions/37495/wheres-my-open-with-gvim-context-menu-option-in-windows-7], [http://davidvielmetter.com/tricks/context-menu-issues-with-gvim-in-windows-7-x64/], but the shellex DLL offers more flexibility. |
||
* {{ |
* {{blue|5th}} Share configuration with cygwin (see [[Vim#Windows]]) |
||
|- |
|- |
||
|'''Internet Explorer'''|| |
|'''Internet Explorer'''|| |
||
* {{blue|3rd}} Use custom '''proxy.pac''' at <tt>C:\Users\beq06659\proxy.pac</tt> |
* {{blue|3rd}} Use custom '''proxy.pac''' at <tt>C:\Users\beq06659\proxy.pac</tt> |
||
* {{blue|7th}} Do '''NOT''' ''Automatically detect settings'' (Local Area Network (LAN) Settings) |
|||
|- |
|- |
||
|'''Windows Update'''|| |
|'''Windows Update'''|| |
||
Line 201: | Line 242: | ||
* {{blue|2nd}} v4.2.10 |
* {{blue|2nd}} v4.2.10 |
||
* {{blue|4th}} v4.2.12 |
* {{blue|4th}} v4.2.12 |
||
* {{blue|7th}} v4.10 (still no direct3d) |
|||
|- |
|- |
||
|'''PrimoPDF'''|| |
|'''PrimoPDF'''|| |
||
* {{blue|2nd}} v5.1.0.2 — '''DO NOT''' install '''Nitro PDF Reader'''! try it? |
* {{blue|2nd}} v5.1.0.2 — '''DO NOT''' install '''Nitro PDF Reader'''! try it? |
||
* {{blue|8th}} Set paper size = '''A4''' in the default printing preference (control panel) |
|||
|} |
|} |
||
=== {{blue|Installed in 3rd |
=== {{blue|Installed in 3rd and upcoming Images}} === |
||
{| class="install_simple_log" |
{| class="install_simple_log" |
||
|- |
|- |
||
|'''WinDirStat'''|| |
|'''WinDirStat'''|| |
||
* {{blue|3rd}} installed |
* {{blue|3rd}} installed |
||
|} |
|||
=== {{red|Installed in New / Candidate Image}} === |
|||
{| class="install_simple_log" |
|||
|- |
|- |
||
|'''Flash player plugin'''|| |
|'''Flash player plugin'''|| |
||
* {{ |
* {{blue|5th}} flash player plugin (for opera) |
||
|- |
|- |
||
|'''Cygwin'''|| |
|'''Cygwin'''|| |
||
* {{ |
* {{blue|5th}} See [[#Cygwin]] section below |
||
* {{blue|7th}} See [[#Cygwin]] <code>git pull origin</code> in home folder |
|||
|- |
|- |
||
|'''QPST'''||{{blue|(NXP Telematics ATOP dev)}} |
|'''QPST'''||{{blue|(NXP Telematics ATOP dev)}} |
||
* {{ |
* {{blue|5th}} v2.7.399 |
||
|- |
|- |
||
|'''QXDM'''||{{blue|(NXP Telematics ATOP dev)}} |
|'''QXDM'''||{{blue|(NXP Telematics ATOP dev)}} |
||
* {{ |
* {{blue|5th}} v. 03.14.474 — From <tt>\\beqleunxp1ms233.be-leu01.nxp.com\PRO-NXP\_Automotive\13555.Telematics_Roadtolling\QC tools & docs</tt> (also <tt>atop35_B/Tools/QXDM</tt>) |
||
* Check README at <tt>atop_35g/docs/Option/readme.txt</tt>. |
* Check README at <tt>atop_35g/docs/Option/readme.txt</tt>. |
||
* '''Start''' QXDM, and close all sub windows. |
* '''Start''' QXDM, and close all sub windows. |
||
Line 236: | Line 275: | ||
|- |
|- |
||
|'''QC USB Drivers'''||{{blue|(NXP Telematics ATOP dev)}} |
|'''QC USB Drivers'''||{{blue|(NXP Telematics ATOP dev)}} |
||
* {{ |
* {{blue|5th}} {{green|''atop 35G_B only''}} — Unpack file HK11-NA430-2.zip (or check atop tree at <tt>./Tools/USBDrivers</tt>). Plug the atop board, wait for windows pop-up, and select <tt>.\fre\XP-Vista</tt> as location for the driver. If there is no pop ud, open up ''device manager'', and right-click on each new devices, and select ''update driver software...''. |
||
|} |
|||
=== {{red|Installed in New / Candidate Image}} === |
|||
{| class="install_simple_log" |
|||
|- |
|||
|'''tbc'''|| |
|||
* {{red|candidate}} tbc |
|||
|} |
|} |
||
Line 246: | Line 293: | ||
|} |
|} |
||
== P2V == |
|||
== Detailed System Settings == |
|||
{| class="install_simple_log" |
|||
|- |
|||
|Physical-2-Virtual (P2V)|| |
|||
* {{green|1st}} Got PC from IT (2013-02-19) |
* {{green|1st}} Got PC from IT (2013-02-19) |
||
* {{green|1st}} Disabled BitLocker |
* {{green|1st}} Disabled BitLocker |
||
Line 267: | Line 311: | ||
Windows Registry Editor Version 5.00 |
Windows Registry Editor Version 5.00 |
||
[HKEY_LOCAL_MACHINE\ |
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000] |
||
"InfPath"="mshdc.inf" |
"InfPath"="mshdc.inf" |
||
"InfSection"="msahci_Inst" |
"InfSection"="msahci_Inst" |
||
Line 278: | Line 322: | ||
"Migrated"=dword:00000001 |
"Migrated"=dword:00000001 |
||
[HKEY_LOCAL_MACHINE\ |
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\PnP] |
||
"DisableCDDB"=- |
"DisableCDDB"=- |
||
[HKEY_LOCAL_MACHINE\ |
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\atapi] |
||
"Start"=dword:00000000 |
"Start"=dword:00000000 |
||
[HKEY_LOCAL_MACHINE\ |
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\msahci] |
||
"Start"=dword:00000000 |
"Start"=dword:00000000 |
||
</source> |
</source> |
||
Line 295: | Line 339: | ||
"DisableCDDB"=- |
"DisableCDDB"=- |
||
</source> |
</source> |
||
== System Settings == |
|||
{| class="install_simple_log" |
|||
|- |
|- |
||
|Tuning|| |
|Tuning|| |
||
Line 300: | Line 348: | ||
* {{blue|2nd}} Disable '''McAfee''' (drivers, services, start app)<br/>Easiest way is to attach drive to another Win7 vbox, and use '''autoruns''' to edit remote system. |
* {{blue|2nd}} Disable '''McAfee''' (drivers, services, start app)<br/>Easiest way is to attach drive to another Win7 vbox, and use '''autoruns''' to edit remote system. |
||
* {{blue|3rd}} '''Delete''' C:\Users\Administrator\AppData\Local\Temp |
* {{blue|3rd}} '''Delete''' C:\Users\Administrator\AppData\Local\Temp |
||
* {{ |
* {{blue|5th}} Update <tt>screensaver-disable.reg</tt> on C: |
||
* {{ |
* {{blue|7th}} Update disable*_ and enable_* scripts on C:\Temp\Custom Config |
||
* {{red|lightweight only}} '''Disable''' McAfee services (see <tt>C:\Temp\Custom config\Disable_McAfee_On_Remote.reg</tt>) |
* {{red|lightweight only}} '''Disable''' McAfee services (see <tt>C:\Temp\Custom config\Disable_McAfee_On_Remote.reg</tt>) |
||
* {{red|lightweight only}} '''Disable''' various services (see <tt>C:\Temp\Custom config\Disable_Services_On_Remote.reg</tt>) |
* {{red|lightweight only}} '''Disable''' various services (see <tt>C:\Temp\Custom config\Disable_Services_On_Remote.reg</tt>) |
||
Line 318: | Line 366: | ||
"ScreenSaveTimeOut"=- |
"ScreenSaveTimeOut"=- |
||
</source> |
</source> |
||
* {{blue|8th}} Update tuning scripts at {{file|C:\Temp\custom-config}}. |
|||
* {{blue|9th}} Update tuning scripts at {{file|C:\Temp\custom-config}}. |
|||
|- |
|- |
||
|Misc|| |
|Misc|| |
||
* {{blue|2nd}} Open all ''office apps, and check activation is ok |
* {{blue|2nd}} Open all ''office apps, and check activation is ok |
||
* {{blue|3rd}} Enable '''[[Windows Administration#Enable Login Verbose Status|VerboseStatus]]''' |
* {{blue|3rd}} Enable '''[[Windows Administration#Enable Login Verbose Status|VerboseStatus]]''' |
||
* {{ |
* {{blue|5th}} Add shortcut to <tt>C:\Users\beq06659\AppData\Local\Microsoft\Outlook</tt> on Desktop (for quick delete of .ost file) |
||
* {{blue|7th}} Move ''Desktop'' shell folders to <tt>D:\documents\desktop</tt> (via registry, see [[Windows 7]]) |
|||
* {{blue|7th}} Install script [[Windows 7|<tt>remount-admin.vbs</tt>]] (remount mapped drives for admin) |
|||
* {{blue|7th}} Set ''Primo PDF'' as default printer (to avoid long timeout when Office starts) |
|||
|- |
|- |
||
|Fonts|| |
|Fonts|| |
||
* {{blue|2nd}} {{blue|2nd}} Installed '''Bitstream Vera''', '''Fontin''', '''Diavlo''', '''Signika''' fonts |
* {{blue|2nd}} {{blue|2nd}} Installed '''Bitstream Vera''', '''Fontin''', '''Diavlo''', '''Signika''' fonts |
||
* {{red|to do}} Installed '''jsMath fonts''' ([http://www.math.union.edu/~dpvc/jsMath/download/TeX-fonts-20.zip Windows-darkness 20 file], see [http://www.math.union.edu/~dpvc/jsMath/download/jsMath-fonts.html here]) |
|||
* {{red|to do}} Added all '''jsMath extra fonts''' ([http://www.math.union.edu/~dpvc/jsmath/download/extra-fonts/welcome.html dark version from this page]) |
|||
|- |
|- |
||
|Network|| |
|Network|| |
||
* {{blue| |
* {{blue|7th}} Add to <tt>hosts</tt> file: |
||
<source lang=text> |
<source lang=text> |
||
10.0.2.2 |
10.0.2.2 localproxy |
||
10.0.2.2 |
10.0.2.2 localserver |
||
10.0.2.2 |
10.0.2.2 nxl67170ux |
||
10.0.2.2 |
10.0.2.2 mail.gandi.net # To avoid 'The target principal name is incorrect' error msg in Outlook |
||
92.120.126.14 caprica # Telematics QNAP Server |
|||
92.120.126.15 marmaduke # Telematics QNAP Server |
|||
127.0.0.1 wbi.nxp.com |
|||
92.120.126.24 leu-phil1.be-leu01.nxp.com |
|||
92.120.126.25 leu-phil2.be-leu01.nxp.com |
|||
</source> |
</source> |
||
* {{blue|7th}} Install ProNet certificates (see {{file|ASPEX_CA.pfx}} or mail Chris Erven, dd. 2014/2/24). |
|||
* {{red|new}} Prevent creation of <tt>Zone.Identifier:$DATA</tt> files. Start ''gpedit.msc'', User configuration → Administrative templates → Windows component → Attachment manager → Do not preserve zone information in file attachment = Enabled [http://askubuntu.com/questions/65101/what-are-these-files-like-zone-identifierdata-and-how-to-prevent-them] |
|||
|- |
|- |
||
|Update|| |
|Update|| |
||
Line 342: | Line 407: | ||
* {{blue|3rd}} '''Uninstall''' Chinese (Simplified), Chinese (Tradional), Japanese, Korean (free 2.3GB) |
* {{blue|3rd}} '''Uninstall''' Chinese (Simplified), Chinese (Tradional), Japanese, Korean (free 2.3GB) |
||
* {{blue|3rd}} '''Copy''' current locale settings to startup screen |
* {{blue|3rd}} '''Copy''' current locale settings to startup screen |
||
* {{blue|9th}} Update keyboard Belgian on US keyboard (<tt>befrusgr</tt>), including {{kb|AltGr-,}} and {{kb|mu}} for {{kb|\}}. |
|||
* {{red|new}} Use '''Caps Lock''' as another '''Escape''' key (see [http://vim.wikia.com/wiki/Map_caps_lock_to_escape_in_Windows Map caps lock to escape in Windows]). Import the registry file (Win7/Win8): |
|||
<source lang=reg> |
|||
Windows Registry Editor Version 5.00 |
|||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout] |
|||
"Scancode Map"=hex:00,00,00,00,00,00,00,00,03,00,00,00,3a,00,46,00,01,00,3a,00,00,00,00,00 |
|||
</source> |
|||
|} |
|} |
||
Line 350: | Line 423: | ||
|- |
|- |
||
|'''Base system''' (<tt>vim</tt>)|| |
|'''Base system''' (<tt>vim</tt>)|| |
||
* {{ |
* {{blue|5th}} Cygwin 1.7.20-1 |
||
* {{ |
* {{blue|5th}} Set group and passwd: |
||
<source lang="bash"> |
<source lang="bash"> |
||
mkgroup -l > /etc/group |
mkgroup -l > /etc/group |
||
Line 358: | Line 431: | ||
mkpasswd -d -u beq06659 >> /etc/passwd |
mkpasswd -d -u beq06659 >> /etc/passwd |
||
</source> |
</source> |
||
* {{ |
* {{blue|5th}} Define environment variable in system properties |
||
* {{ |
* {{blue|5th}} Import home configuration with git |
||
* {{ |
* {{blue|5th}} Create symlinks to drives (we do not use the fstab or --change-cygdrive-prefix trick because there is no way for scripts to get the cygdrive prefix. Moreover even if it was possible, there is a big chance that scripts would still hardcode ''<tt>/cygdrive</tt>'' as the default prefix. A better and more portable solution is to leave the default prefix to ''<tt>/cygdrive</tt>'', and create symbolic links in root dir) |
||
<source lang="bash"> |
<source lang="bash"> |
||
for i in c d h; do ln -sf /cygdrive/$i /$i; done |
for i in c d h; do ln -sf /cygdrive/$i /$i; done |
||
Line 367: | Line 440: | ||
|- |
|- |
||
|'''Git''' (<tt>git git-svn git-completion</tt>)|| |
|'''Git''' (<tt>git git-svn git-completion</tt>)|| |
||
* {{ |
* {{blue|5th}} |
||
|- |
|- |
||
|'''SSH''' (<tt>openssh</tt>)|| |
|'''SSH''' (<tt>openssh</tt>)|| |
||
* {{ |
* {{blue|5th}} |
||
|- |
|- |
||
|'''Midnight commander''' (<tt>mc</tt>)|| |
|'''Midnight commander''' (<tt>mc</tt>)|| |
||
* {{ |
* {{blue|5th}} |
||
|} |
|} |
||
Line 379: | Line 452: | ||
;Shared folders |
;Shared folders |
||
* {{green|1st}} <tt>/home/beq06659</tt>, auto-mount, read-only |
* {{green|1st}} <tt>/home/beq06659</tt>, auto-mount, read-only |
||
* {{green|1st}} <tt>/data/d</tt>, auto-mount, full |
* {{green|1st}} <tt>/data/d</tt>, '''NO''' auto-mount (auto by windows), full |
||
;USB Device Filters |
;USB Device Filters |
||
* {{ |
* {{blue|5th}} {{blue|(NXP Telematics ATOP dev)}} Add filter for ''NXP Semiconductors NXP ATOP USB'' |
||
;Firewall |
|||
* Input filter — Netword card attached to '''NAT''' |
|||
* Output filter — Done on Linux host. Add at the end of {{file|/etc/ufw/before.rules}} (before <code>COMMIT</code> line) |
|||
<source lang=bash> |
|||
# VIRTUALBOX - Block output connection for user vbox |
|||
# Don't create chains with -N, but use this syntax: |
|||
:vbox-output - [0:0] |
|||
:vbox-output-logging-deny - [0:0] |
|||
:vbox-output-logging-allow - [0:0] |
|||
-A ufw-before-output -m owner --uid-owner 7000 -j vbox-output |
|||
# We accept everything going to ports DNS/Kerberos/Netbios/LDAP |
|||
# We reject all connections to intranet (with logging), but allow 92.120.124.210 (online) and 92.120.124.197, port 1025 (for Lync?) |
|||
# And by default, we allow |
|||
# 92.120.124.197 = beqleunxp1dc100.wbi.nxp.com. |
|||
# 92.120.124.210 = online.be-leu01.nxp.com |
|||
-A vbox-output -p tcp -m multiport --dports 88,135,139,445 -j ACCEPT |
|||
-A vbox-output -p udp -m multiport --dports 53,137,138 -j ACCEPT |
|||
-A vbox-output -p tcp -d 92.120.124.210 -j vbox-output-logging-allow |
|||
-A vbox-output -p tcp -d 92.120.124.197 --dport 1025 -j vbox-output-logging-allow |
|||
-A vbox-output -d 92.120.0.0/16 -j vbox-output-logging-deny |
|||
-A vbox-output -j ACCEPT |
|||
-A vbox-output-logging-deny -j LOG --log-prefix "[UFW BLOCK] [VBOX] " |
|||
-A vbox-output-logging-deny -j REJECT |
|||
-A vbox-output-logging-allow -j LOG --log-prefix "[UFW ALLOW] [VBOX] " |
|||
-A vbox-output-logging-allow -j ACCEPT |
|||
</source> |
|||
:*Summary on how these rules where generated: |
|||
::* Boot virtual image while watching ufw log (<code>tail -f /var/log/ufw.log|grep "\[VBOX\]"</code>) |
|||
::* Many connections to DNS / LDAP (port 53,389) and NetBIOS (135,137,138,139 and 445) |
|||
::* Many Kerberos authentication requests - blocking these considerably slow down login sequence |
|||
::* For now, we are just blocking intranet (92.120.*.*), except some sites. |
|||
== Remarks == |
== Remarks == |
||
Line 394: | Line 498: | ||
* '''{{red|Issue}}''' — Opera does not work with custom proxy.pac file. |
* '''{{red|Issue}}''' — Opera does not work with custom proxy.pac file. |
||
* '''{{red|Issue}}''' — '''Nokia PC Suite''', only detect & connect if I detach then reattach USB BCM20702A0 |
* '''{{red|Issue}}''' — '''Nokia PC Suite''', only detect & connect if I detach then reattach USB BCM20702A0 |
||
* '''{{ |
* '''{{red|Issue}}''' — ''HOMEDRIVE'' and ''HOMEPATH'' always pointing at network share, causing lags when disconnected. |
||
:See [http://superuser.com/questions/255776/overriding-homedrive-and-homepath-as-a-windows-7-user] for potential workarounds |
:See [http://superuser.com/questions/255776/overriding-homedrive-and-homepath-as-a-windows-7-user] for potential workarounds |
||
* '''{{red|Issue}}''' — Tuning settings reverted every 10 min or so (like ''CcmExec'' or ''wuauserv'' re-enabled) |
|||
** Add firewall rules to filter vbox output connection - to no avail so far |
|||
** Check process {{file|taskeng.exe}} and {{file|wscript.exe}} |
|||
** This task executes a file at {{file|\\wbi\sysvol\wbi.nxp.com\Policies\{916532D9-BDF8-46FE-A77B-F84124C54878}\Machine\Scripts\Startup}}. How come it is accessible despites the firewall? offline storage / access outside intranet / using one of the allowed port? |
|||
** Found reference to this script in registry at {{file|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy}} and {{file|HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy}}. |
|||
** Fixed? In lightweight image, add a command to disable the scheduled task, and purge registry from policy settings (see {{file|Customize_config.bat}}) |
|||
'''{{red|To Do}}''' |
'''{{red|To Do}}''' |
||
Line 408: | Line 518: | ||
=== Done & Fixed === |
=== Done & Fixed === |
||
* '''{{green|Fixed}}''' |
* '''{{green|Fixed}}''' — ''Office Lync 2010'''— Fix very slow typing in Lync (maybe due to update 7/7/2014): |
||
** Either reset audio settings (see [http://social.technet.microsoft.com/Forums/windows/en-US/126c0a0e-0014-4ad9-b81b-ea0765ebef09/lync-2013-with-windows-81-unusably-slow?forum=w8itproappcompat]). Go to ''Control Panel'', then IDT Audio, and reset things everywhere, including in Windows devices. |
|||
* '''{{green|Done}}''' — Description |
|||
** Installed Dell drivers [http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=C6HVR&fileId=3327984030&osCode=&productCode=latitude-6430u-ultrabook&languageCode=&categoryId=AU] {{file|3330_Audio_Driver_C6HVR_WN_1.0.6491.0_A08.EXE}} (although crashed) |
Latest revision as of 08:57, 7 July 2016
Introduction
This is the configuration page for the Windows 7 partition on NXL67170.
Available Images
- (1st image as-of 2012-02-19 deleted)
- Image 1 (ntfsclone) — 2013-03-20 — Native, as received from IT with some additional software (Visio, Euroglot...), but without any virtualization .
- Image 2 (ntfsclone) — Last backup image. Contains additional software, custom settings and virtualization.
- Image 3 (vbox snapshot) — 1st virtualbox snapshot, state as on harddrive image. Content of the next backup image. Last known good version, VM is reverted to that image if Candidate image is broken
- Next images are named Image 4, Image 5...
- Candidate (vbox snapshot) — Last permanent image, VM is reverted to that image regularly to get SW updates, and apply last changes from new. All services enabled. Merged into Image 3 if proven stable.
- Lightweight (vbox snapshot) — Lightweight version of candidate (many serviced and AV disabled). Contains last bleeding-edge changes. VM already started. VM is reverted to that image on a daily basis.
Before Deleting Snapshots
- Backup Personal certificates (save them to ~/Documents/archive.noidx/backup_and_log/nxl67170-latitude_e5430/certificates, see README.TXT for instructions)
- Backup Office templates (from C:\Users\beq06659\AppData\Roaming\Microsoft\Templates to ~/Documents/archive.noidx/backup_and_log/nxl67170-latitude_e5430)
Daily process
- Boot lightweight snapshot.
- Apply last changes during last session (marked new), and update lightweight snapshot (replace previous one).
- Enjoy
Weekly process
- Merge candidate snapshot into image 3.
- Boot the new image 3
- Apply last changes applied in image lightweight, and download last SW update, etc.
- Create new candidate snapshot
- Apply non-permanent changes (lightweight, see below), and create new lightweight snapshot.
How to create a Lightweight image from a standard one
- Boot image using Windows recovery DVD and start regedit.exe
- Mount SYSTEM hive as
remote_SYSTEM
- Mount SOFTWARE hive as
remote_SOFTWARE
- Import registry files c:\temp\custom_config\*_On_Remote.reg.
- Edit hosts file, and add / uncomment line
127.0.0.1 wbi.nxp.com
- Restart, and run asap the file c:\temp\custom_config\Customize_config.bat as administrator.
- Make sure that the network interface is set to NAT, and that the CD-ROM is removed before making the snapshot.
- In Outlook, disable de McAfee Add-in.
Monthly process
- Backup image 3
Configuration Files
All configuration files can be found here.
Installed Applications
List of applications installed in each image, by order of first appearance, and their configuration settings.
Note: 1st, 2nd, new, etc. indicate that the settings was applied in the given image, and not in the image under which the application is listed (to track settings changed after image was taken).
Installed in 1st Image
Outlook 2010/2013 (Office 365) |
10.0.2.2 mail.gandi.net
10.0.2.2 mail.gandi.net
To is (exactly) Michael Peeters
To is (exactly) Michaël Peeters
To is (exactly) michael.peeters@nxp.com
To is (exactly) michael.peeters@noekeon.org
To is (exactly) michael.peeters@immie.org
To is (exactly) peeters-ml1@noekeon.org
To contains Michael Peeters
To contains Michaël Peeters
To contains michael.peeters@nxp.com
To contains michael.peeters@noekeon.org
To contains michael.peeters@immie.org
To contains peeters-ml1@noekeon.org
|
Windows Explorer |
|
Office Lync 2010 |
|
Windows Command Processor (cmd.exe) |
|
7-zip |
|
Launchy |
|
Sysinternals Process Explorer |
|
Sysinternals Autoruns |
|
MS Office Visio Professional 2010 SP1 EN |
|
MS Office Word 2010 SP1 EN |
|
Euroglot Professional 7.6.3 EN |
|
Opera |
leu-phil1.be-leu01.nxp.com leu-phil2.be-leu01.nxp.com |
PDF X-Change Vewer |
|
Vim |
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{51EEE242-AD87-11d3-9C1E-0090278BBD99}]
@="Vim Shell Extension"
[HKEY_CLASSES_ROOT\CLSID\{51EEE242-AD87-11d3-9C1E-0090278BBD99}\InProcServer32]
@="C:\\Program Files\\vim\\vim73\\gvimext.dll"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{51EEE242-AD87-11d3-9C1E-0090278BBD99}"="Vim Shell Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Vim\Gvim]
"path"="C:\\Program Files (x86)\\vim\\vim73\\gvim.exe"
Note that we tell gvimext.dll to use 32-bit version of gvim.exe. More solutions at [4], [5], but the shellex DLL offers more flexibility.
|
Internet Explorer |
|
Windows Update |
|
Installed in 2nd Image
Nokia PC Suite |
|
Virtualbox Additions |
|
PrimoPDF |
|
Installed in 3rd and upcoming Images
WinDirStat |
|
Flash player plugin |
|
Cygwin | |
QPST | (NXP Telematics ATOP dev)
|
QXDM | (NXP Telematics ATOP dev)
|
QC USB Drivers | (NXP Telematics ATOP dev)
|
Installed in New / Candidate Image
tbc |
|
Not Yet Installed
Picasa 3 |
|
P2V
- 1st Got PC from IT (2013-02-19)
- 1st Disabled BitLocker
- 1st Removed restore points, hibernat.sys, cache file, etc.
- 1st Shrink partition (1st via DISKPART.EXE then ntfsresize)
- 1st ntfsclone
- 2nd Fix bad BCD (Windows Boot Manager Error) — Boot once with Windows Recovery CD, and let auto-repair run
- 2nd Fix bad BCD (BSOD 0x0000007B) — Boot again with Windows Recovery CD, go to command prompt:
bcdedit /export C:\BCD_Backup
ren c:\boot/BCD bcd2.old
bootrec /rebuildbcd
- 2nd Fix missing drivers (BSOD 0x0000007B) — Still within Windows Recovery CD, start regedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
"InfPath"="mshdc.inf"
"InfSection"="msahci_Inst"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7600.16385"
"MatchingDeviceId"="pci\\cc_010601"
"DriverDesc"="Standard AHCI 1.0 Serial ATA Controller"
"Migrated"=dword:00000001
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\atapi]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\msahci]
"Start"=dword:00000000
- 2nd Boot virtual box, and ***wait*** for all devices to be detected.
- 2nd DO NOT reboot when prompted, but instead start regedit again:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-
System Settings
Tuning |
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"
"ScreenSaveTimeOut"="1200"
"ScreenSaveActive"="1"
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop]
"ScreenSaveActive"=-
"ScreenSaverIsSecure"=-
"ScreenSaveTimeOut"=-
|
Misc |
|
Fonts |
|
Network |
10.0.2.2 localproxy
10.0.2.2 localserver
10.0.2.2 nxl67170ux
10.0.2.2 mail.gandi.net # To avoid 'The target principal name is incorrect' error msg in Outlook
92.120.126.14 caprica # Telematics QNAP Server
92.120.126.15 marmaduke # Telematics QNAP Server
127.0.0.1 wbi.nxp.com
92.120.126.24 leu-phil1.be-leu01.nxp.com
92.120.126.25 leu-phil2.be-leu01.nxp.com
|
Update |
|
Region and Language |
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,03,00,00,00,3a,00,46,00,01,00,3a,00,00,00,00,00
|
Cygwin
See Nxl67063 for reference configuration.
Base system (vim) |
mkgroup -l > /etc/group
mkgroup -d -g "Domain Users" >> /etc/group
mkpasswd -l > /etc/passwd
mkpasswd -d -u beq06659 >> /etc/passwd
for i in c d h; do ln -sf /cygdrive/$i /$i; done
|
Git (git git-svn git-completion) |
|
SSH (openssh) |
|
Midnight commander (mc) |
|
VirtualBox settings
- Shared folders
- 1st /home/beq06659, auto-mount, read-only
- 1st /data/d, NO auto-mount (auto by windows), full
- USB Device Filters
- 5th (NXP Telematics ATOP dev) Add filter for NXP Semiconductors NXP ATOP USB
- Firewall
- Input filter — Netword card attached to NAT
- Output filter — Done on Linux host. Add at the end of /etc/ufw/before.rules (before
COMMIT
line)
# VIRTUALBOX - Block output connection for user vbox
# Don't create chains with -N, but use this syntax:
:vbox-output - [0:0]
:vbox-output-logging-deny - [0:0]
:vbox-output-logging-allow - [0:0]
-A ufw-before-output -m owner --uid-owner 7000 -j vbox-output
# We accept everything going to ports DNS/Kerberos/Netbios/LDAP
# We reject all connections to intranet (with logging), but allow 92.120.124.210 (online) and 92.120.124.197, port 1025 (for Lync?)
# And by default, we allow
# 92.120.124.197 = beqleunxp1dc100.wbi.nxp.com.
# 92.120.124.210 = online.be-leu01.nxp.com
-A vbox-output -p tcp -m multiport --dports 88,135,139,445 -j ACCEPT
-A vbox-output -p udp -m multiport --dports 53,137,138 -j ACCEPT
-A vbox-output -p tcp -d 92.120.124.210 -j vbox-output-logging-allow
-A vbox-output -p tcp -d 92.120.124.197 --dport 1025 -j vbox-output-logging-allow
-A vbox-output -d 92.120.0.0/16 -j vbox-output-logging-deny
-A vbox-output -j ACCEPT
-A vbox-output-logging-deny -j LOG --log-prefix "[UFW BLOCK] [VBOX] "
-A vbox-output-logging-deny -j REJECT
-A vbox-output-logging-allow -j LOG --log-prefix "[UFW ALLOW] [VBOX] "
-A vbox-output-logging-allow -j ACCEPT
- Summary on how these rules where generated:
- Boot virtual image while watching ufw log (
tail -f /var/log/ufw.log|grep "\[VBOX\]"
) - Many connections to DNS / LDAP (port 53,389) and NetBIOS (135,137,138,139 and 445)
- Many Kerberos authentication requests - blocking these considerably slow down login sequence
- For now, we are just blocking intranet (92.120.*.*), except some sites.
- Boot virtual image while watching ufw log (
Remarks
- Install advertised program
This works even if policy deleted (winlogon was running though), network interface set to NAT, and with most service disabled (but smshost and ccmexec services must be running).
To Do
Issues
- Issue — virtualbox shared folder \\vboxsrv\d is not visible from Administrator account. Very annoying when copying files to system32 for instance (because source won't be visible anymore).
Temp. workaround, launch cmd as administrator:
net use D: \\vboxsrv\d
- Issue — Opera does not work with custom proxy.pac file.
- Issue — Nokia PC Suite, only detect & connect if I detach then reattach USB BCM20702A0
- Issue — HOMEDRIVE and HOMEPATH always pointing at network share, causing lags when disconnected.
- See [7] for potential workarounds
- Issue — Tuning settings reverted every 10 min or so (like CcmExec or wuauserv re-enabled)
- Add firewall rules to filter vbox output connection - to no avail so far
- Check process taskeng.exe and wscript.exe
- This task executes a file at \\wbi\sysvol\wbi.nxp.com\Policies\{916532D9-BDF8-46FE-A77B-F84124C54878}\Machine\Scripts\Startup. How come it is accessible despites the firewall? offline storage / access outside intranet / using one of the allowed port?
- Found reference to this script in registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy.
- Fixed? In lightweight image, add a command to disable the scheduled task, and purge registry from policy settings (see Customize_config.bat)
To Do
Questions
- Outlook — macro always enabled. Any better solution?
- Outlook — move .ost to d: drive (or find a solution that outlook always complaining .ost is old)
- Outlook — find a rss reader that can save into IMAP (check rss2email or feed2imap)
- System — Enable page file?
- Merge history from file win7_P2V_links.txt, and written notes.
- Recover application settings from old profile
Done & Fixed
- Fixed' — Office Lync 2010— Fix very slow typing in Lync (maybe due to update 7/7/2014):