PXE Bootable Thin Client:
Rescue OS, THIN USB
Bootable OS. Imaging Computers.
Going to Apologize as this tends to ramble a bit.
The idea of this was to develop a portable recovery OS.
This idea came to be from having to service clients that were a long distance away. I needed to be able to have them simply PXE boot to a OS that I could connect too and control. It would allow me to virus scan, re-image the computer (if needed). recover files from the PC.
Windows 7 has the ability to boot
from a WIM file. These are image files created to apply to
computers.
Simply put: Create a MINI OS - save it as a IMAGE
(WIM FILE TYPE), copy it to a safe place on the PC, Set windows to duel boot to
it.
On Boot the client should see two boot
options (Windows and "Recovery Console") or whatever you named it. They choose
the "Recovery Console" it boots from that saved WIM file to a PXE OS that loads
in memory. From there you connect with either LOGMEIN rescue or VNC from another
PC to it.
Once connected you can backup files, run offline
virus scans, reimage the PC if needed all from that PC. Simply put you can
remotely manage all aspects of the PC with the exception of hardware
replacement. This is good for both the technician and client. Recovery time is
cut down no longer waiting for the technician to show up, Backups can be
preformed, Offline virus scans/cleanup (Only effective method to removing
viruses)
Great PXE APP goto
http://winbuilder.net/ you click on a link
"Downloads" which provides with suggested "projects" sites. Which is here http://reboot.pro/files/category/4-projects/
My project of choice is nettyPE this is a Windows 7 PXE project. Remember to
build a PXE OS you must own a licensed copy of Windows 7. Download the nettyPE
project found here http://reboot.pro/files/file/68-nettype/ (Its
129mb)
Extract it to your folder of choice,
suggest in the root of your HDD as Windows UAC tends to fight it when it runs. I
found running from the root you had fewer
issues.
Customize it to your liking, I used
"ClearLock" as a option to lock the screen. Since this will give a person full
access to the PC you want to protect it from people. Set your background etc.
The program additions will come after its
built.
I ran the build using 32bit version of
Windows 7, 64 version don't allow LOGMEIN RESCUE to work from some reason. VNC
also complains. So stick with 32bit
windows.
Once the build is done grab the WIM
file that gets created, we are going to mount this and add some scripts to it. I
will include links from my SKYDRIVE.
Within the
folder I provided you copy the files to the folders named
(Within "MAKETRIM" there are three folders
CopyToProgramFiles,CopytoSystem32,desktop)
Copy
the contents to each folder in your mounted WIM. You can edit as needed or add
or remove apps to your liking.
http://sdrv.ms/VWa63a
The
install of VNC server is a little tricky. I choose TIGHTVNC or others based on
trial and error, Tight was the simplest to setup Basically once
you have your WIM setup the way you like boot to it. The WINBUILDER creates a
ISO that you can boot to using a VM machine or you can use BCDEDIT and boot to
that WIM file.
Either way boot to the WIM and install the
TIGHTVNC server, set a password to your liking and then export the registry key
created HKLM\SOFTWARE\TIGHTVNC - This contains all your settings for
TIGHTVNC server.
Exit your WIM and go back to your primary
OS where you created you WINBUILDER WIM. We will then mount the WIM file (using
GIMAGEX or any other program) From here use a remote registry editor and connect
to the WIMS registry. We are going to add the key you exported to the registry
and then update the hive. This will now contain the settings for TightVNC
server.
The files you copied into your WIM will launch bat
files on startup and get the TVNCserver running. You should now be able to
connect to it remotely. You don't have to install TIGHTVNC you can open IE and
Browse to the PC using the built in web viewer (port 5800) by default.
I recommend adding BGINFO to your WIM within winbuilder as its useful information that client can tel you or if you login you have it handy.
So will the above built you can do several things, first its a excellent offline virus scanner, backup tool etc. I include this in my images I apply for clients. I use BCDEDIT and add the WIM file to the boot options, I set the timeout=1 so the customer doesn't really see it as a boot option unless they hit a key on startup. In a case where the PC wont boot the OS/Badly infected I have them turn on the PC and start hitting the down arrow this will halt the boot of the primary OS. I name the WIM file "RECOVERY CONSOLE" have them choose this and boot. It will goto the PXE OS, it starts CLEARLOCK to lock the screen in case the user is not around there PC. Once its done loading everything the last thing it does is load BGINFO to the
desktop. I can then connect from server on site or give the client the CLEARLOCK password,
have them login and preform a rescue session (USING LOGMEIN RESCUE)
Personally I don't like giving out any passwords so I would connect form a server using VNC web connection (OPEN IE and type in the name of the PXE WIM - In building I set a static name
*TECHCOMPANY*rescue etc - you can then connect enter the password and your connected, from there (VIRUS SCANS, BACKUP USER DATA, REMIAGE the PC)
My favorite is reimaging the PC, backup the
users data to a network share (you have to RUN NET USE from command to map using windows to
browse or \\ to drive doesn't work for some reason) and apply a WIM image,
reboot the PC and reconnect once your done. All done remotely without a on site visit.
_____________________________________________________________________________________________________
SECOND
OPTION FOR PXE BOOT:
We can make this a RDS client, you can set the PXE OS to load a RDS screen, the user would then run RDS to connect to TS server. In this case you would no longer need HDD in computers, if you
have a WDS server (Windows Deployment Server) you have set all computers to boot to network. NO MORE HDD failures. Everyone working from Remote Desktop you would be preventing local infections on computers. This makes managing your network that much simpler.
Rescue OS, THIN USB
Bootable OS. Imaging Computers.
Going to Apologize as this tends to ramble a bit.
The idea of this was to develop a portable recovery OS.
This idea came to be from having to service clients that were a long distance away. I needed to be able to have them simply PXE boot to a OS that I could connect too and control. It would allow me to virus scan, re-image the computer (if needed). recover files from the PC.
Windows 7 has the ability to boot
from a WIM file. These are image files created to apply to
computers.
Simply put: Create a MINI OS - save it as a IMAGE
(WIM FILE TYPE), copy it to a safe place on the PC, Set windows to duel boot to
it.
On Boot the client should see two boot
options (Windows and "Recovery Console") or whatever you named it. They choose
the "Recovery Console" it boots from that saved WIM file to a PXE OS that loads
in memory. From there you connect with either LOGMEIN rescue or VNC from another
PC to it.
Once connected you can backup files, run offline
virus scans, reimage the PC if needed all from that PC. Simply put you can
remotely manage all aspects of the PC with the exception of hardware
replacement. This is good for both the technician and client. Recovery time is
cut down no longer waiting for the technician to show up, Backups can be
preformed, Offline virus scans/cleanup (Only effective method to removing
viruses)
Great PXE APP goto
http://winbuilder.net/ you click on a link
"Downloads" which provides with suggested "projects" sites. Which is here http://reboot.pro/files/category/4-projects/
My project of choice is nettyPE this is a Windows 7 PXE project. Remember to
build a PXE OS you must own a licensed copy of Windows 7. Download the nettyPE
project found here http://reboot.pro/files/file/68-nettype/ (Its
129mb)
Extract it to your folder of choice,
suggest in the root of your HDD as Windows UAC tends to fight it when it runs. I
found running from the root you had fewer
issues.
Customize it to your liking, I used
"ClearLock" as a option to lock the screen. Since this will give a person full
access to the PC you want to protect it from people. Set your background etc.
The program additions will come after its
built.
I ran the build using 32bit version of
Windows 7, 64 version don't allow LOGMEIN RESCUE to work from some reason. VNC
also complains. So stick with 32bit
windows.
Once the build is done grab the WIM
file that gets created, we are going to mount this and add some scripts to it. I
will include links from my SKYDRIVE.
Within the
folder I provided you copy the files to the folders named
(Within "MAKETRIM" there are three folders
CopyToProgramFiles,CopytoSystem32,desktop)
Copy
the contents to each folder in your mounted WIM. You can edit as needed or add
or remove apps to your liking.
http://sdrv.ms/VWa63a
The
install of VNC server is a little tricky. I choose TIGHTVNC or others based on
trial and error, Tight was the simplest to setup Basically once
you have your WIM setup the way you like boot to it. The WINBUILDER creates a
ISO that you can boot to using a VM machine or you can use BCDEDIT and boot to
that WIM file.
Either way boot to the WIM and install the
TIGHTVNC server, set a password to your liking and then export the registry key
created HKLM\SOFTWARE\TIGHTVNC - This contains all your settings for
TIGHTVNC server.
Exit your WIM and go back to your primary
OS where you created you WINBUILDER WIM. We will then mount the WIM file (using
GIMAGEX or any other program) From here use a remote registry editor and connect
to the WIMS registry. We are going to add the key you exported to the registry
and then update the hive. This will now contain the settings for TightVNC
server.
The files you copied into your WIM will launch bat
files on startup and get the TVNCserver running. You should now be able to
connect to it remotely. You don't have to install TIGHTVNC you can open IE and
Browse to the PC using the built in web viewer (port 5800) by default.
I recommend adding BGINFO to your WIM within winbuilder as its useful information that client can tel you or if you login you have it handy.
So will the above built you can do several things, first its a excellent offline virus scanner, backup tool etc. I include this in my images I apply for clients. I use BCDEDIT and add the WIM file to the boot options, I set the timeout=1 so the customer doesn't really see it as a boot option unless they hit a key on startup. In a case where the PC wont boot the OS/Badly infected I have them turn on the PC and start hitting the down arrow this will halt the boot of the primary OS. I name the WIM file "RECOVERY CONSOLE" have them choose this and boot. It will goto the PXE OS, it starts CLEARLOCK to lock the screen in case the user is not around there PC. Once its done loading everything the last thing it does is load BGINFO to the
desktop. I can then connect from server on site or give the client the CLEARLOCK password,
have them login and preform a rescue session (USING LOGMEIN RESCUE)
Personally I don't like giving out any passwords so I would connect form a server using VNC web connection (OPEN IE and type in the name of the PXE WIM - In building I set a static name
*TECHCOMPANY*rescue etc - you can then connect enter the password and your connected, from there (VIRUS SCANS, BACKUP USER DATA, REMIAGE the PC)
My favorite is reimaging the PC, backup the
users data to a network share (you have to RUN NET USE from command to map using windows to
browse or \\ to drive doesn't work for some reason) and apply a WIM image,
reboot the PC and reconnect once your done. All done remotely without a on site visit.
_____________________________________________________________________________________________________
SECOND
OPTION FOR PXE BOOT:
We can make this a RDS client, you can set the PXE OS to load a RDS screen, the user would then run RDS to connect to TS server. In this case you would no longer need HDD in computers, if you
have a WDS server (Windows Deployment Server) you have set all computers to boot to network. NO MORE HDD failures. Everyone working from Remote Desktop you would be preventing local infections on computers. This makes managing your network that much simpler.