Nxl67170 - Windows: Difference between revisions

From miki
Jump to navigation Jump to search
 
(23 intermediate revisions by the same user not shown)
Line 16: Line 16:


'''Daily process'''
'''Daily process'''
:'''{{red|Always disconnect network when starting windows!}}''' Hopefully this should be enough to prevent re-enabling disabled services (ccmexec, mc afee...)
* Boot ''lightweight'' snapshot.
* Boot ''lightweight'' snapshot.
* Apply last changes during last session (marked ''new''), and update ''lightweight'' snapshot (replace previous one).
* Apply last changes during last session (marked ''new''), and update ''lightweight'' snapshot (replace previous one).
Line 26: Line 25:
* Apply last changes applied in image ''lightweight'', and download last SW update, etc.
* Apply last changes applied in image ''lightweight'', and download last SW update, etc.
* Create new ''candidate'' snapshot
* Create new ''candidate'' snapshot
* Apply non-permanent changes (lightweight), and create new ''lightweight'' snapshot.
* Apply non-permanent changes (lightweight, see below), and create new ''lightweight'' snapshot.

'''How to create a ''Lightweight'' image from a standard one'''
* Boot image using Windows recovery DVD and start {{file|regedit.exe}}
* Mount {{file|SYSTEM}} hive as <code>remote_SYSTEM</code>
* Mount {{file|SOFTWARE}} hive as <code>remote_SOFTWARE</code>
* Import registry files {{file|c:\temp\custom_config\*_On_Remote.reg}}.
* Edit {{file|hosts}} file, and add / uncomment line
127.0.0.1 wbi.nxp.com
* Restart, and run asap the file {{file|c:\temp\custom_config\Customize_config.bat}} as administrator.
* Make sure that the network interface is set to ''NAT'', and that the CD-ROM is removed before making the snapshot.
* In Outlook, disable de ''McAfee Add-in''.


'''Monthly process'''
'''Monthly process'''
Line 42: Line 52:
{| class="install_simple_log"
{| class="install_simple_log"
|-
|-
|'''Outlook 2010'''||
|'''Outlook 2010/2013 (Office 365)'''||
* {{green|1st}} Deleted .OST file in user profile, and boot once outlook to recreate it (but quit before send & receive)
* {{green|1st}} Deleted .OST file in user profile, and boot once outlook to recreate it (but quit before send & receive)
* {{blue|2nd}} Set value <tt>HKCU\Software\Policies\Microsoft\Office\14.0\Outlook\options\DisableIMAP</tt> to '''0'''
* {{blue|2nd}} Set value <tt>HKCU\Software\Policies\Microsoft\Office\14.0\Outlook\options\DisableIMAP</tt> to '''0'''
Line 50: Line 60:
** {{blue|2nd}} For each IMAP account, select '''Mark items for deletion but do not move them automatically''' (&rarr; ''Folder'' menu &rarr; ''Purge'' &rarr; ''Purge Options...'') (from [http://productforums.google.com/forum/#!msg/gmail/GHOq7TKZJeY/iGZ4GJQSRgw]).<br/>This fix the error message <tt>The operation cannot be performed because the object has been deleted</tt>.
** {{blue|2nd}} For each IMAP account, select '''Mark items for deletion but do not move them automatically''' (&rarr; ''Folder'' menu &rarr; ''Purge'' &rarr; ''Purge Options...'') (from [http://productforums.google.com/forum/#!msg/gmail/GHOq7TKZJeY/iGZ4GJQSRgw]).<br/>This fix the error message <tt>The operation cannot be performed because the object has been deleted</tt>.
* {{blue|2nd}} Add account, your name '''Michael Peeters''', e-mail address '''michael.peeters@noekeon.org''', type '''IMAP''', incoming server '''localserver''', outgoing '''localserver''', user name '''mip@noekeon.org''', password (see keepassx) &mdash; (more settings) Account '''_noekeon.org_''', incoming server '''9143''', outgoing server '''9025''', root folder path '''INBOX'''
* {{blue|2nd}} Add account, your name '''Michael Peeters''', e-mail address '''michael.peeters@noekeon.org''', type '''IMAP''', incoming server '''localserver''', outgoing '''localserver''', user name '''mip@noekeon.org''', password (see keepassx) &mdash; (more settings) Account '''_noekeon.org_''', incoming server '''9143''', outgoing server '''9025''', root folder path '''INBOX'''
* {{red|new}} Do not set root folder path (or Android / Outlook will use different ''sent'' folder).
** Setup ''Send & Receive...'', ''subscribed folders'' and ''purge'' settings.
** Setup ''Send & Receive...'', ''subscribed folders'' and ''purge'' settings.
* {{blue|2nd}} Add account, your name '''Michael Peeters''', e-mail address '''michael.peeters@immie.org''', type '''IMAP''', incoming server '''mail.gandi.net''', outgoing '''mail.gandi.net''', user name '''mpe@immie.org''', password (see keepassx) &mdash; (more settings) Account '''michael.peeters@immie.org''', Outgoing server '''requires authentication''', incoming server '''9993''' using '''SSL''', outgoing server '''9465''' using '''SSL''', root folder path '''INBOX'''
* {{blue|2nd}} Add account, your name '''Michael Peeters''', e-mail address '''michael.peeters@immie.org''', type '''IMAP''', incoming server '''mail.gandi.net''', outgoing '''mail.gandi.net''', user name '''mpe@immie.org''', password (see keepassx) &mdash; (more settings) Account '''michael.peeters@immie.org''', Outgoing server '''requires authentication''', incoming server '''9993''' using '''SSL''', outgoing server '''9465''' using '''SSL''', root folder path '''INBOX'''
* {{red|new}} Do not set root folder path (or Android / Outlook will use different ''sent'' folder).
** Setup ''Send & Receive...'', ''subscribed folders'' and ''purge'' settings.
** Setup ''Send & Receive...'', ''subscribed folders'' and ''purge'' settings.
** Use '''mail.gandi.net''' for server to avoid 'The target principal name is incorrect'. For this, add to ''hosts'' file:
** Use '''mail.gandi.net''' for server to avoid 'The target principal name is incorrect'. For this, add to ''hosts'' file:
Line 105: Line 117:
* {{blue|7th}} disable all Auto-Correct features
* {{blue|7th}} disable all Auto-Correct features
* {{blue|8th}} Fix up rules on noekeon + fixup collabnet rules
* {{blue|8th}} Fix up rules on noekeon + fixup collabnet rules
* {{blue|9th}} Migration to '''Office 365'''
* {{blue|9th}} Again, move exchange .OST file to <tt>d:/nxp/outlook</tt> (see [[Outlook#Move .pst to another location|Outlook page]]). Created new profile ''Outlook_on_d'' (set as default).
* {{red|lightweight only}} disable ''mc-afee addin''
* {{red|lightweight only}} disable ''mc-afee addin''
|-
|-
Line 120: Line 134:
* {{green|1st}} ''Display options'' &rarr; '''Name View'''
* {{green|1st}} ''Display options'' &rarr; '''Name View'''
* {{green|1st}} Migration Office 365 completed (via corporate update) + imported old contacts
* {{green|1st}} Migration Office 365 completed (via corporate update) + imported old contacts
* {{red|new}} Fix very slow typing in Lync (maybe due to update 7/7/2014):
** Either reset audio settings (see [http://social.technet.microsoft.com/Forums/windows/en-US/126c0a0e-0014-4ad9-b81b-ea0765ebef09/lync-2013-with-windows-81-unusably-slow?forum=w8itproappcompat]). Go to ''Control Panel'', then IDT Audio, and reset things everywhere, including in Windows devices.
** Installed Dell drivers [http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=C6HVR&fileId=3327984030&osCode=&productCode=latitude-6430u-ultrabook&languageCode=&categoryId=AU] {{file|3330_Audio_Driver_C6HVR_WN_1.0.6491.0_A08.EXE}} (although crashed)
|-
|-
|'''Windows Command Processor (cmd.exe)'''||
|'''Windows Command Processor (cmd.exe)'''||
Line 161: Line 178:
** {{blue|7th}} Fixed [[Word#Fixing_Bullets_in_Words|list bullet style]]
** {{blue|7th}} Fixed [[Word#Fixing_Bullets_in_Words|list bullet style]]
* {{blue|7th}} disable all Auto-Correct features
* {{blue|7th}} disable all Auto-Correct features
* {{red|new}} uncheck option ''Remove Personal Information from File Properties on Save''
* {{red|new}} Uncheck option ''Remove Personal Information from File Properties on Save''
* {{red|new}} Disable AutoFormat As You Type option''"Straight quotes" with ``smart quotes,,'' (equation editor work-around)
* {{red|new}} Update NXP TDM Templates (for user beq06659)
* {{red|to do}} Plugin [http://www.viemu.com/ ViEmu for Word & Outlook]
* {{red|to do}} Plugin [http://www.viemu.com/ ViEmu for Word & Outlook]
|-
|-
Line 274: Line 293:
|}
|}


== System Settings ==
== P2V ==


{| class="install_simple_log"
|-
|Physical-2-Virtual (P2V)||
* {{green|1st}} Got PC from IT (2013-02-19)
* {{green|1st}} Got PC from IT (2013-02-19)
* {{green|1st}} Disabled BitLocker
* {{green|1st}} Disabled BitLocker
Line 295: Line 311:
Windows Registry Editor Version 5.00
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
"InfPath"="mshdc.inf"
"InfPath"="mshdc.inf"
"InfSection"="msahci_Inst"
"InfSection"="msahci_Inst"
Line 306: Line 322:
"Migrated"=dword:00000001
"Migrated"=dword:00000001


[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\Control\PnP]
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-
"DisableCDDB"=-


[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\services\atapi]
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\atapi]
"Start"=dword:00000000
"Start"=dword:00000000


[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\services\msahci]
[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\msahci]
"Start"=dword:00000000
"Start"=dword:00000000
</source>
</source>
Line 323: Line 339:
"DisableCDDB"=-
"DisableCDDB"=-
</source>
</source>

== System Settings ==

{| class="install_simple_log"
|-
|-
|Tuning||
|Tuning||
Line 347: Line 367:
</source>
</source>
* {{blue|8th}} Update tuning scripts at {{file|C:\Temp\custom-config}}.
* {{blue|8th}} Update tuning scripts at {{file|C:\Temp\custom-config}}.
* {{blue|9th}} Update tuning scripts at {{file|C:\Temp\custom-config}}.
|-
|-
|Misc||
|Misc||
Line 378: Line 399:
</source>
</source>
* {{blue|7th}} Install ProNet certificates (see {{file|ASPEX_CA.pfx}} or mail Chris Erven, dd. 2014/2/24).
* {{blue|7th}} Install ProNet certificates (see {{file|ASPEX_CA.pfx}} or mail Chris Erven, dd. 2014/2/24).
* {{red|new}} Prevent creation of <tt>Zone.Identifier:$DATA</tt> files. Start ''gpedit.msc'', User configuration &rarr; Administrative templates &rarr; Windows component &rarr; Attachment manager &rarr; Do not preserve zone information in file attachment = Enabled [http://askubuntu.com/questions/65101/what-are-these-files-like-zone-identifierdata-and-how-to-prevent-them]

|-
|-
|Update||
|Update||
Line 386: Line 407:
* {{blue|3rd}} '''Uninstall''' Chinese (Simplified), Chinese (Tradional), Japanese, Korean (free 2.3GB)
* {{blue|3rd}} '''Uninstall''' Chinese (Simplified), Chinese (Tradional), Japanese, Korean (free 2.3GB)
* {{blue|3rd}} '''Copy''' current locale settings to startup screen
* {{blue|3rd}} '''Copy''' current locale settings to startup screen
* {{blue|9th}} Update keyboard Belgian on US keyboard (<tt>befrusgr</tt>), including {{kb|AltGr-,}} and {{kb|mu}} for {{kb|\}}.
* {{red|new}} Use '''Caps Lock''' as another '''Escape''' key (see [http://vim.wikia.com/wiki/Map_caps_lock_to_escape_in_Windows Map caps lock to escape in Windows]). Import the registry file (Win7/Win8):
<source lang=reg>
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,03,00,00,00,3a,00,46,00,01,00,3a,00,00,00,00,00
</source>
|}
|}


Line 427: Line 456:
* {{blue|5th}} {{blue|(NXP Telematics ATOP dev)}} Add filter for ''NXP Semiconductors NXP ATOP USB''
* {{blue|5th}} {{blue|(NXP Telematics ATOP dev)}} Add filter for ''NXP Semiconductors NXP ATOP USB''
;Firewall
;Firewall
* Input filter &mdash; Netword card attached to '''NAT'''
* Add at the end of {{file|/etc/ufw/before.rules}} (before <code>COMMIT</code> line)
* Output filter &mdash; Done on Linux host. Add at the end of {{file|/etc/ufw/before.rules}} (before <code>COMMIT</code> line)
<source lang=bash>
<source lang=bash>
# VIRTUALBOX - Block output connection for user vbox
# VIRTUALBOX - Block output connection for user vbox
# Don't create chains with -N, but use this syntax:
#-N vbox-output
:vbox-output - [0:0]
:vbox-output-logging-deny - [0:0]
:vbox-output-logging-deny - [0:0]
:vbox-output-logging-allow - [0:0]
:vbox-output-logging-allow - [0:0]
-A ufw-before-output -m owner --uid-owner 7000 -j vbox-output
# We accept everything going to ports DNS/Kerberos/Netbios/LDAP
# We reject all connections to intranet (with logging), but allow 92.120.124.210 (online) and 92.120.124.197, port 1025 (for Lync?)
# And by default, we allow
# 92.120.124.197 = beqleunxp1dc100.wbi.nxp.com.
# 92.120.124.197 = beqleunxp1dc100.wbi.nxp.com.
# 92.120.124.210 = online.be-leu01.nxp.com
# 92.120.124.210 = online.be-leu01.nxp.com
-A ufw-before-output -m owner --uid-owner 7000 -d 92.120.124.210 -j ACCEPT
-A vbox-output -p tcp -m multiport --dports 88,135,139,445 -j ACCEPT
-A ufw-before-output -m owner --uid-owner 7000 -p tcp -m multiport --dports 135,139,389,445 -j ACCEPT
-A vbox-output -p udp -m multiport --dports 53,137,138 -j ACCEPT
-A vbox-output -p tcp -d 92.120.124.210 -j vbox-output-logging-allow
-A ufw-before-output -m owner --uid-owner 7000 -p udp -m multiport --dports 53,137,138,389 -j ACCEPT
-A ufw-before-output -m owner --uid-owner 7000 -p tcp --dport 88 -j ACCEPT
-A vbox-output -p tcp -d 92.120.124.197 --dport 1025 -j vbox-output-logging-allow
-A ufw-before-output -m owner --uid-owner 7000 -d 92.120.0.0/16 -j vbox-output-logging-deny
-A vbox-output -d 92.120.0.0/16 -j vbox-output-logging-deny
-A ufw-before-output -m owner --uid-owner 7000 -j ACCEPT
-A vbox-output -j ACCEPT
-A vbox-output-logging-deny -j LOG --log-prefix "[UFW BLOCK] [VBOX] "
-A vbox-output-logging-deny -j LOG --log-prefix "[UFW BLOCK] [VBOX] "
-A vbox-output-logging-deny -j REJECT
-A vbox-output-logging-deny -j REJECT
# -A vbox-output-logging-allow -p tcp -m multiport --dports 135,139,389,445 -j RETURN
-A vbox-output-logging-allow -j LOG --log-prefix "[UFW ALLOW] [VBOX] "
# -A vbox-output-logging-allow -p udp -m multiport --dports 53,137,138,389 -j RETURN
-A vbox-output-logging-allow -j ACCEPT
# -A vbox-output-logging-allow -p tcp -m multiport --dports 88 -j RETURN
# -A vbox-output-logging-allow -j LOG --log-prefix "[UFW ALLOW] [VBOX] "
</source>
</source>
:*Summary on how these rules where generated:
:*Summary on how these rules where generated:
::* Boot virtual image while watching ufw log ({code>tail -f /var/log/ufw.log|grep "VBOX]"</code>)
::* Boot virtual image while watching ufw log (<code>tail -f /var/log/ufw.log|grep "\[VBOX\]"</code>)
::* Many connections to DNS / LDAP (port 53,389) and NetBIOS (135,137,138,139 and 445)
::* Many connections to DNS / LDAP (port 53,389) and NetBIOS (135,137,138,139 and 445)
::* Many Kerberos authentication requests - blocking these considerably slow down login sequence
::* Many Kerberos authentication requests - blocking these considerably slow down login sequence
Line 472: Line 505:
** This task executes a file at {{file|\\wbi\sysvol\wbi.nxp.com\Policies\{916532D9-BDF8-46FE-A77B-F84124C54878}\Machine\Scripts\Startup}}. How come it is accessible despites the firewall? offline storage / access outside intranet / using one of the allowed port?
** This task executes a file at {{file|\\wbi\sysvol\wbi.nxp.com\Policies\{916532D9-BDF8-46FE-A77B-F84124C54878}\Machine\Scripts\Startup}}. How come it is accessible despites the firewall? offline storage / access outside intranet / using one of the allowed port?
** Found reference to this script in registry at {{file|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy}} and {{file|HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy}}.
** Found reference to this script in registry at {{file|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy}} and {{file|HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy}}.
** Fixed? In lightweight image, add a command to disable the scheduled task, and purge registry from policy settings (see {{file|Customize_config.bat}})


'''{{red|To Do}}'''
'''{{red|To Do}}'''
Line 484: Line 518:


=== Done & Fixed ===
=== Done & Fixed ===
* '''{{green|Fixed}}''' Issue description<br/>Fix description
* '''{{green|Fixed}}''' &mdash; ''Office Lync 2010'''&mdash; Fix very slow typing in Lync (maybe due to update 7/7/2014):
** Either reset audio settings (see [http://social.technet.microsoft.com/Forums/windows/en-US/126c0a0e-0014-4ad9-b81b-ea0765ebef09/lync-2013-with-windows-81-unusably-slow?forum=w8itproappcompat]). Go to ''Control Panel'', then IDT Audio, and reset things everywhere, including in Windows devices.
* '''{{green|Done}}''' — Description
** Installed Dell drivers [http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=C6HVR&fileId=3327984030&osCode=&productCode=latitude-6430u-ultrabook&languageCode=&categoryId=AU] {{file|3330_Audio_Driver_C6HVR_WN_1.0.6491.0_A08.EXE}} (although crashed)

Latest revision as of 08:57, 7 July 2016

Introduction

This is the configuration page for the Windows 7 partition on NXL67170.

Available Images

  • (1st image as-of 2012-02-19 deleted)
  • Image 1 (ntfsclone) — 2013-03-20 — Native, as received from IT with some additional software (Visio, Euroglot...), but without any virtualization .
  • Image 2 (ntfsclone) — Last backup image. Contains additional software, custom settings and virtualization.
  • Image 3 (vbox snapshot) — 1st virtualbox snapshot, state as on harddrive image. Content of the next backup image. Last known good version, VM is reverted to that image if Candidate image is broken
    • Next images are named Image 4, Image 5...
  • Candidate (vbox snapshot) — Last permanent image, VM is reverted to that image regularly to get SW updates, and apply last changes from new. All services enabled. Merged into Image 3 if proven stable.
  • Lightweight (vbox snapshot) — Lightweight version of candidate (many serviced and AV disabled). Contains last bleeding-edge changes. VM already started. VM is reverted to that image on a daily basis.

Before Deleting Snapshots

  • Backup Personal certificates (save them to ~/Documents/archive.noidx/backup_and_log/nxl67170-latitude_e5430/certificates, see README.TXT for instructions)
  • Backup Office templates (from C:\Users\beq06659\AppData\Roaming\Microsoft\Templates to ~/Documents/archive.noidx/backup_and_log/nxl67170-latitude_e5430)

Daily process

  • Boot lightweight snapshot.
  • Apply last changes during last session (marked new), and update lightweight snapshot (replace previous one).
  • Enjoy

Weekly process

  • Merge candidate snapshot into image 3.
  • Boot the new image 3
  • Apply last changes applied in image lightweight, and download last SW update, etc.
  • Create new candidate snapshot
  • Apply non-permanent changes (lightweight, see below), and create new lightweight snapshot.

How to create a Lightweight image from a standard one

  • Boot image using Windows recovery DVD and start regedit.exe
  • Mount SYSTEM hive as remote_SYSTEM
  • Mount SOFTWARE hive as remote_SOFTWARE
  • Import registry files c:\temp\custom_config\*_On_Remote.reg.
  • Edit hosts file, and add / uncomment line
127.0.0.1     wbi.nxp.com
  • Restart, and run asap the file c:\temp\custom_config\Customize_config.bat as administrator.
  • Make sure that the network interface is set to NAT, and that the CD-ROM is removed before making the snapshot.
  • In Outlook, disable de McAfee Add-in.

Monthly process

  • Backup image 3

Configuration Files

All configuration files can be found here.

Installed Applications

List of applications installed in each image, by order of first appearance, and their configuration settings.

Note: 1st, 2nd, new, etc. indicate that the settings was applied in the given image, and not in the image under which the application is listed (to track settings changed after image was taken).

Installed in 1st Image

Outlook 2010/2013 (Office 365)
  • 1st Deleted .OST file in user profile, and boot once outlook to recreate it (but quit before send & receive)
  • 2nd Set value HKCU\Software\Policies\Microsoft\Office\14.0\Outlook\options\DisableIMAP to 0
  • 2nd Add account, your name Michael Peeters, e-mail address michael.peeters@nxp.com, type IMAP, incoming server localserver, outgoing localserver, user name beq06659, password (see keepassx) — (more settings) Account _archives_, root folder path INBOX
    • 2nd OptionsAdvancedSend/Receive...Edit... → select Archives, and click Download headers for subscribed folders.
    • 2nd Right click on IMAP folder account → IMAP folders... → uncheck When displaying hierarchy in Outlook, show only subscribed folders. Then right click again → Update Folder List.
    • 2nd For each IMAP account, select Mark items for deletion but do not move them automatically (→ Folder menu → PurgePurge Options...) (from [1]).
      This fix the error message The operation cannot be performed because the object has been deleted.
  • 2nd Add account, your name Michael Peeters, e-mail address michael.peeters@noekeon.org, type IMAP, incoming server localserver, outgoing localserver, user name mip@noekeon.org, password (see keepassx) — (more settings) Account _noekeon.org_, incoming server 9143, outgoing server 9025, root folder path INBOX
  • new Do not set root folder path (or Android / Outlook will use different sent folder).
    • Setup Send & Receive..., subscribed folders and purge settings.
  • 2nd Add account, your name Michael Peeters, e-mail address michael.peeters@immie.org, type IMAP, incoming server mail.gandi.net, outgoing mail.gandi.net, user name mpe@immie.org, password (see keepassx) — (more settings) Account michael.peeters@immie.org, Outgoing server requires authentication, incoming server 9993 using SSL, outgoing server 9465 using SSL, root folder path INBOX
  • new Do not set root folder path (or Android / Outlook will use different sent folder).
    • Setup Send & Receive..., subscribed folders and purge settings.
    • Use mail.gandi.net for server to avoid 'The target principal name is incorrect'. For this, add to hosts file:
10.0.2.2    mail.gandi.net
  • 2nd Add account, your name Ismael Peeters, e-mail address ismael.peeters@immie.org, type IMAP, incoming server mail.gandi.net, outgoing mail.gandi.net, user name ipe@immie.org, password (see keepassx) — (more settings) Account ismael, Outgoing server requires authentication, incoming server 9993 using SSL, outgoing server 9465 using SSL, root folder path INBOX
    • Setup Send & Receive..., subscribed folders and purge settings.
    • Use mail.gandi.net for server to avoid 'The target principal name is incorrect'. For this, add to hosts file:
10.0.2.2    mail.gandi.net
  • 2nd Select favorite folders
  • 2nd Change count from show number of unread items to show total number of items (for sent folders)
  • 2nd Refresh rules (and target folders) (see rules in text install log for nxl67002)
  • 2nd OptionsMail
    • Reading Pane...uncheck' both Mark items as read...
    • → When replying to a message → Prefix each line of the original message
  • 2nd OptionsCalendar
    • → First day of week Monday
    • Show week numbers in the month view and in the Date Navigator
  • 2nd Select an IMAP folder, then Change viewManage ViewsModify...Conditional Formatting.... Add 2 new formatting as follows:
    • To me only, color maroon, condition (advanced panel):
To    is (exactly)   Michael Peeters
To    is (exactly)   Michaël Peeters
To    is (exactly)   michael.peeters@nxp.com
To    is (exactly)   michael.peeters@noekeon.org
To    is (exactly)   michael.peeters@immie.org
To    is (exactly)   peeters-ml1@noekeon.org
    • To me, color blue, condition (advanced panel):
To    contains   Michael Peeters
To    contains   Michaël Peeters
To    contains   michael.peeters@nxp.com
To    contains   michael.peeters@noekeon.org
To    contains   michael.peeters@immie.org
To    contains   peeters-ml1@noekeon.org
  • 2nd Apply this view on all other IMAP folders
  • 2nd Install Send & Save macro, and File → Options Trust Center → Macro SettingsEnable all macros
  • 2nd Import old signatures to C:\Users\beq06659\AppData\Roaming\Microsoft\Signatures, then Options → Mail → Signatures...', select (graphic) for new messages, (short) for replies/forwards.
  • 5th Select default signatures for account _archives_ as well.
  • 3rd Update rules!
  • 3rd Repair IMAP account (delete & create again PST)!
  • 3rd Add Alias accounts (regular alias, but disable receive mail in Send & Receive settings)
  • 3rd Import mail security certificate from nxl67002.
  • 5th send one encrypted mail to enable automatic encryption/sign on forward
  • 5th move exchange .OST file to d:/nxp/outlook (see Outlook page)
  • 7th configure dialing rules (in Control PanelPhone and Modem), so that outlook accepts pluses ('+') in phone numbers.
  • 7th renew User Encryption certificate and select new certificate for email encryption (see mail PKI NXP dd 20140120)
  • 7th disable all Auto-Correct features
  • 8th Fix up rules on noekeon + fixup collabnet rules
  • 9th Migration to Office 365
  • 9th Again, move exchange .OST file to d:/nxp/outlook (see Outlook page). Created new profile Outlook_on_d (set as default).
  • lightweight only disable mc-afee addin
Windows Explorer
  • 1st Folder Options → Show hidden files, DO NOT hide extensions for known file types, DO NOT hide protected OS files
  • 1st Taskbar — Use small icons
  • 1st Pin Windows Command Processor (cmd.exe) to Start Menu
  • 1st Unpin Internet Explorer, Windows Explorer, Window Media Player
  • 1st Folder optionsAutomatically expand to current folder
  • 1st Tray — Lync 2010 → show icon and notifications for Lync 2010, Sysinternals Process Explorer
  • 2nd WallpaperPirate Mac.jpg (fill)
Office Lync 2010
  • 1st Minimize to notification area
  • 1st Display optionsName View
  • 1st Migration Office 365 completed (via corporate update) + imported old contacts
  • new Fix very slow typing in Lync (maybe due to update 7/7/2014):
    • Either reset audio settings (see [2]). Go to Control Panel, then IDT Audio, and reset things everywhere, including in Windows devices.
    • Installed Dell drivers [3] 3330_Audio_Driver_C6HVR_WN_1.0.6491.0_A08.EXE (although crashed)
Windows Command Processor (cmd.exe)
  • 1st Pin to Start Menu
  • 1st Defaults → Buffer size 500, Font Lucida Console, layout 132 x 5000 132 x 50, black on white
  • 3rd Set shortcut to run as administrator
7-zip
  • 1st v9.20, no localization files, for all users
Launchy
  • 1st v2.6 Beta 2
  • 1st Hide when it loses focus, Always on top, DO NOT auto update catalog, DO NOT check for new versions
  • 1st Plugin pathy (access apps in system path)
Sysinternals Process Explorer
  • 1st Installed in C:\Windows
  • 1st Select Replace Task Manager, Hide When Minimized, Allow Only One Instance.
  • 1st Select columns IO Read Byte, IO Write Byte, IO Other Byte, IO Delta Read Byte, IO Delta Write Byte, IO Delta Other Byte.
Sysinternals Autoruns
  • 1st Installed in C:\Windows
  • 1st v9.20, no localization files.
MS Office Visio Professional 2010 SP1 EN
  • 1st Via NXP Advertised program (requested via wbi portal)
  • 7th Install UML 2.2 stencils from softwarestencils into \data\My Shapes\Software and Database\UML 2.2 (+ edit stencils / templates path in visio).
  • 7th Enable Developer Mode
  • 7th Add styles button in ribbon
  • 7th In View ribbon → Visual Aids (small arrow) → Enable Snap to shape vertices and Glue to shape vertices
  • 7th disable all Auto-Correct features
MS Office Word 2010 SP1 EN
  • 7th New shortcut, A-S-s for apply Body text style
  • 7th Add Style combo box in Quick Access Toolbar
  • 7th Show measurements in units of point
  • 7th Style area pane width in Draft and Outline view 45pt
  • 7th Show developer tab in the ribbon
  • 7th Enable all macro (because NXP signed macros do not work!)
  • 7th Install NXP TDM templates in C:\Users\beq06659\AppData\Roaming\Microsoft\Templates\NXP TDM (as explained in How_to_use_TDM_Word_templates_v2.9.x_20110512)
    (from D:\documents\nxp\templates\nxp_customer_documentation_templates)
  • 7th disable all Auto-Correct features
  • new Uncheck option Remove Personal Information from File Properties on Save
  • new Disable AutoFormat As You Type option"Straight quotes" with ``smart quotes,, (equation editor work-around)
  • new Update NXP TDM Templates (for user beq06659)
  • to do Plugin ViEmu for Word & Outlook
Euroglot Professional 7.6.3 EN
  • 1st Via NXP Advertised program (requested via wbi portal)
Opera
  • 7th Upgrade to v17
  • 2nd Set http://nxl67170ux:8118 as proxy (all protocol)
  • 2nd Add Collabnet client-side authentication certificate
  • 2nd Recover opera profile from WinXP image (keyboard/, sessions/, skin/, styles/user.css, toolbar/, bookmarks.adr, notes.adr, search.ini, speeddial.ini, operaprefs.ini (merged))
  • 2nd Set master password, and use it to protect saved passwords
  • 3rd Remove old sessions (incl. autosave.win)
  • to do Add exceptions for proxy:
leu-phil1.be-leu01.nxp.com
leu-phil2.be-leu01.nxp.com
PDF X-Change Vewer
  • 1st v2.5.210
  • 1st NO live update, NO addins
  • to do New review styles (green highlight)
Vim
  • 1st v7.3-789 (from Cream sourceforge) (32-bit version)
  • 2nd Import basic config from Linux, but far from perfect
  • 3rd ISSUE no context menu !!! — FIXED Copy 64-bit version of gvimext.dll to C:\Program Files\vim\vim73\gvimext.dll (create directory first), and import:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{51EEE242-AD87-11d3-9C1E-0090278BBD99}]
@="Vim Shell Extension"

[HKEY_CLASSES_ROOT\CLSID\{51EEE242-AD87-11d3-9C1E-0090278BBD99}\InProcServer32]
@="C:\\Program Files\\vim\\vim73\\gvimext.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{51EEE242-AD87-11d3-9C1E-0090278BBD99}"="Vim Shell Extension"

[HKEY_LOCAL_MACHINE\SOFTWARE\Vim\Gvim]
"path"="C:\\Program Files (x86)\\vim\\vim73\\gvim.exe"

Note that we tell gvimext.dll to use 32-bit version of gvim.exe. More solutions at [4], [5], but the shellex DLL offers more flexibility.

Internet Explorer
  • 3rd Use custom proxy.pac at C:\Users\beq06659\proxy.pac
  • 7th Do NOT Automatically detect settings (Local Area Network (LAN) Settings)
Windows Update
  • 4th Update as of 2013-04-15

Installed in 2nd Image

Nokia PC Suite
  • 2nd v7.1 — Tried on native image, or on a clean VM Windows 7 Pro, works flawless
Virtualbox Additions
  • 2nd v4.2.10
  • 4th v4.2.12
  • 7th v4.10 (still no direct3d)
PrimoPDF
  • 2nd v5.1.0.2 — DO NOT install Nitro PDF Reader! try it?
  • 8th Set paper size = A4 in the default printing preference (control panel)

Installed in 3rd and upcoming Images

WinDirStat
  • 3rd installed
Flash player plugin
  • 5th flash player plugin (for opera)
Cygwin
  • 5th See #Cygwin section below
  • 7th See #Cygwin git pull origin in home folder
QPST (NXP Telematics ATOP dev)
  • 5th v2.7.399
QXDM (NXP Telematics ATOP dev)
  • 5th v. 03.14.474 — From \\beqleunxp1ms233.be-leu01.nxp.com\PRO-NXP\_Automotive\13555.Telematics_Roadtolling\QC tools & docs (also atop35_B/Tools/QXDM)
  • Check README at atop_35g/docs/Option/readme.txt.
  • Start QXDM, and close all sub windows.
  • Set option→communication→Target Port to your diagnostics port (needs to be enabled in QPST configuration), then click OK.
  • Press C-F5 (message view configuration), unselect all messages, then in log packets → discovered items, select 0x0001 (this is the J9 trace log messages).
  • Press F3 (message view). After a while you should see the J9 messages.
  • Copy ATOPDB folder to Qualcomm QXDM data directory (on win7, copy it to %PUBLIC%\Documents\Qualcomm\QXDM\Database\ATOPDB)
QC USB Drivers (NXP Telematics ATOP dev)
  • 5th atop 35G_B only — Unpack file HK11-NA430-2.zip (or check atop tree at ./Tools/USBDrivers). Plug the atop board, wait for windows pop-up, and select .\fre\XP-Vista as location for the driver. If there is no pop ud, open up device manager, and right-click on each new devices, and select update driver software....

Installed in New / Candidate Image

tbc
  • candidate tbc

Not Yet Installed

Picasa 3
  • Was installed on NXL67002

P2V

  • 1st Got PC from IT (2013-02-19)
  • 1st Disabled BitLocker
  • 1st Removed restore points, hibernat.sys, cache file, etc.
  • 1st Shrink partition (1st via DISKPART.EXE then ntfsresize)
  • 1st ntfsclone
  • 2nd Fix bad BCD (Windows Boot Manager Error) — Boot once with Windows Recovery CD, and let auto-repair run
  • 2nd Fix bad BCD (BSOD 0x0000007B) — Boot again with Windows Recovery CD, go to command prompt:
bcdedit /export C:\BCD_Backup
ren c:\boot/BCD bcd2.old
bootrec /rebuildbcd
  • 2nd Fix missing drivers (BSOD 0x0000007B) — Still within Windows Recovery CD, start regedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
"InfPath"="mshdc.inf"
"InfSection"="msahci_Inst"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7600.16385"
"MatchingDeviceId"="pci\\cc_010601"
"DriverDesc"="Standard AHCI 1.0 Serial ATA Controller"
"Migrated"=dword:00000001

[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-

[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\atapi]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\remote_SYSTEM\ControlSet001\services\msahci]
"Start"=dword:00000000
  • 2nd Boot virtual box, and ***wait*** for all devices to be detected.
  • 2nd DO NOT reboot when prompted, but instead start regedit again:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-

System Settings

Tuning
  • 1st Disable Windows Search
    via Control PanelPrograms and FeaturesTurn Windows features on or offWindows Search
  • 2nd Disable McAfee (drivers, services, start app)
    Easiest way is to attach drive to another Win7 vbox, and use autoruns to edit remote system.
  • 3rd Delete C:\Users\Administrator\AppData\Local\Temp
  • 5th Update screensaver-disable.reg on C:
  • 7th Update disable*_ and enable_* scripts on C:\Temp\Custom Config
  • lightweight only Disable McAfee services (see C:\Temp\Custom config\Disable_McAfee_On_Remote.reg)
  • lightweight only Disable various services (see C:\Temp\Custom config\Disable_Services_On_Remote.reg)
  • lightweight only Disable screensaver:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\Desktop]
"ScreenSaverIsSecure"="0"
"ScreenSaveTimeOut"="1200"
"ScreenSaveActive"="1"

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop]
"ScreenSaveActive"=-
"ScreenSaverIsSecure"=-
"ScreenSaveTimeOut"=-
  • 8th Update tuning scripts at C:\Temp\custom-config.
  • 9th Update tuning scripts at C:\Temp\custom-config.
Misc
  • 2nd Open all office apps, and check activation is ok
  • 3rd Enable VerboseStatus
  • 5th Add shortcut to C:\Users\beq06659\AppData\Local\Microsoft\Outlook on Desktop (for quick delete of .ost file)
  • 7th Move Desktop shell folders to D:\documents\desktop (via registry, see Windows 7)
  • 7th Install script remount-admin.vbs (remount mapped drives for admin)
  • 7th Set Primo PDF as default printer (to avoid long timeout when Office starts)
Fonts
Network
  • 7th Add to hosts file:
10.0.2.2		localproxy
10.0.2.2		localserver
10.0.2.2		nxl67170ux
10.0.2.2		mail.gandi.net          # To avoid 'The target principal name is incorrect' error msg in Outlook

92.120.126.14           caprica                 # Telematics QNAP Server
92.120.126.15           marmaduke               # Telematics QNAP Server
127.0.0.1               wbi.nxp.com

92.120.126.24      leu-phil1.be-leu01.nxp.com
92.120.126.25      leu-phil2.be-leu01.nxp.com
  • 7th Install ProNet certificates (see ASPEX_CA.pfx or mail Chris Erven, dd. 2014/2/24).
  • new Prevent creation of Zone.Identifier:$DATA files. Start gpedit.msc, User configuration → Administrative templates → Windows component → Attachment manager → Do not preserve zone information in file attachment = Enabled [6]
Update
  • 2nd Restore corporate env. to get latest updates (incl. Office 365 migration for Lync)
Region and Language
  • 3rd Uninstall Chinese (Simplified), Chinese (Tradional), Japanese, Korean (free 2.3GB)
  • 3rd Copy current locale settings to startup screen
  • 9th Update keyboard Belgian on US keyboard (befrusgr), including AltGr-, and mu for \.
  • new Use Caps Lock as another Escape key (see Map caps lock to escape in Windows). Import the registry file (Win7/Win8):
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,03,00,00,00,3a,00,46,00,01,00,3a,00,00,00,00,00

Cygwin

See Nxl67063 for reference configuration.

Base system (vim)
  • 5th Cygwin 1.7.20-1
  • 5th Set group and passwd:
mkgroup -l > /etc/group
mkgroup -d -g "Domain Users" >> /etc/group
mkpasswd -l > /etc/passwd
mkpasswd -d -u beq06659 >> /etc/passwd
  • 5th Define environment variable in system properties
  • 5th Import home configuration with git
  • 5th Create symlinks to drives (we do not use the fstab or --change-cygdrive-prefix trick because there is no way for scripts to get the cygdrive prefix. Moreover even if it was possible, there is a big chance that scripts would still hardcode /cygdrive as the default prefix. A better and more portable solution is to leave the default prefix to /cygdrive, and create symbolic links in root dir)
for i in c d h; do ln -sf /cygdrive/$i /$i; done
Git (git git-svn git-completion)
  • 5th
SSH (openssh)
  • 5th
Midnight commander (mc)
  • 5th

VirtualBox settings

Shared folders
  • 1st /home/beq06659, auto-mount, read-only
  • 1st /data/d, NO auto-mount (auto by windows), full
USB Device Filters
  • 5th (NXP Telematics ATOP dev) Add filter for NXP Semiconductors NXP ATOP USB
Firewall
  • Input filter — Netword card attached to NAT
  • Output filter — Done on Linux host. Add at the end of /etc/ufw/before.rules (before COMMIT line)
# VIRTUALBOX - Block output connection for user vbox
# Don't create chains with -N, but use this syntax:
:vbox-output - [0:0]
:vbox-output-logging-deny - [0:0]
:vbox-output-logging-allow - [0:0]
-A ufw-before-output -m owner --uid-owner 7000 -j vbox-output
# We accept everything going to ports DNS/Kerberos/Netbios/LDAP
# We reject all connections to intranet (with logging), but allow 92.120.124.210 (online) and 92.120.124.197, port 1025 (for Lync?)
# And by default, we allow
# 92.120.124.197 = beqleunxp1dc100.wbi.nxp.com.
# 92.120.124.210 = online.be-leu01.nxp.com
-A vbox-output -p tcp -m multiport --dports 88,135,139,445 -j ACCEPT
-A vbox-output -p udp -m multiport --dports 53,137,138 -j ACCEPT
-A vbox-output -p tcp -d 92.120.124.210 -j vbox-output-logging-allow
-A vbox-output -p tcp -d 92.120.124.197 --dport 1025 -j vbox-output-logging-allow
-A vbox-output -d 92.120.0.0/16 -j vbox-output-logging-deny
-A vbox-output -j ACCEPT
-A vbox-output-logging-deny -j LOG --log-prefix "[UFW BLOCK] [VBOX] "
-A vbox-output-logging-deny -j REJECT
-A vbox-output-logging-allow -j LOG --log-prefix "[UFW ALLOW] [VBOX] "
-A vbox-output-logging-allow -j ACCEPT
  • Summary on how these rules where generated:
  • Boot virtual image while watching ufw log (tail -f /var/log/ufw.log|grep "\[VBOX\]")
  • Many connections to DNS / LDAP (port 53,389) and NetBIOS (135,137,138,139 and 445)
  • Many Kerberos authentication requests - blocking these considerably slow down login sequence
  • For now, we are just blocking intranet (92.120.*.*), except some sites.

Remarks

  • Install advertised program
    This works even if policy deleted (winlogon was running though), network interface set to NAT, and with most service disabled (but smshost and ccmexec services must be running).

To Do

Issues

  • Issue — virtualbox shared folder \\vboxsrv\d is not visible from Administrator account. Very annoying when copying files to system32 for instance (because source won't be visible anymore).
    Temp. workaround, launch cmd as administrator:
net use D: \\vboxsrv\d
  • Issue — Opera does not work with custom proxy.pac file.
  • IssueNokia PC Suite, only detect & connect if I detach then reattach USB BCM20702A0
  • IssueHOMEDRIVE and HOMEPATH always pointing at network share, causing lags when disconnected.
See [7] for potential workarounds
  • Issue — Tuning settings reverted every 10 min or so (like CcmExec or wuauserv re-enabled)
    • Add firewall rules to filter vbox output connection - to no avail so far
    • Check process taskeng.exe and wscript.exe
    • This task executes a file at \\wbi\sysvol\wbi.nxp.com\Policies\{916532D9-BDF8-46FE-A77B-F84124C54878}\Machine\Scripts\Startup. How come it is accessible despites the firewall? offline storage / access outside intranet / using one of the allowed port?
    • Found reference to this script in registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy.
    • Fixed? In lightweight image, add a command to disable the scheduled task, and purge registry from policy settings (see Customize_config.bat)

To Do

Questions

  • Outlook — macro always enabled. Any better solution?
  • Outlook — move .ost to d: drive (or find a solution that outlook always complaining .ost is old)
  • Outlook — find a rss reader that can save into IMAP (check rss2email or feed2imap)
  • System — Enable page file?
  • Merge history from file win7_P2V_links.txt, and written notes.
  • Recover application settings from old profile

Done & Fixed

  • Fixed'Office Lync 2010— Fix very slow typing in Lync (maybe due to update 7/7/2014):
    • Either reset audio settings (see [8]). Go to Control Panel, then IDT Audio, and reset things everywhere, including in Windows devices.
    • Installed Dell drivers [9] 3330_Audio_Driver_C6HVR_WN_1.0.6491.0_A08.EXE (although crashed)