[funsec] Infecting OEM Images
Dude VanWinkle
dudevanwinkle at gmail.com
Thu Jan 19 19:25:46 CST 2006
On 1/19/06, Willy, Andrew <AWilly at esmil.net> wrote:
> That restore partition rather than CD caught us by suprise in a Ghost
> deployment fiasco. I won't bore you with details but will summarize the
> conversation.
>
> Guy A: "Hrm. I guess this image ain't gonna work on these workstations."
>
> Guy B: "Better start over."
>
> Guy A: "Yep. Let me have the ever handy, really useful, incredibly reliable
> restore CD."
>
> Guy B: "I thought you had it?"
All you need is their drivers, dump the (dell, hp, compaq, toshiba,
ibm, etc) image and create your own, slipstream the patches
(http://unattended.msfn.org) and put your apps in the run_once reg
entries with a reboot set for every one that _requires_ it.
For those apps that dont have command line switches for their
installers, you can use that handy ghost cd to get the best thing off
it: AI Snapshot and AI Builder. It make take two weeks to have your
own winnt.sif file and standard apps, but it is well worth it, plus
you can put it on a NIS and then just type newpatch.exe
/integrate:\\path_to_NIS_install_files every patch tuesday and viola!
All the standard images have so much fluff, and a lot if that fluff is
or will be a security flaw, not to mention a waste of space and
cycles. Plus with an automated install, you dont have to worry about
driver conflicts.
-JP
"Integrate the SATA drivers last ;-)"
-JP
More information about the funsec
mailing list