WinXPTalk.com

Pascal Bouchard · Guest

Can someone tell me the impacts on having the exact same image (including
same SID) on multiple targets on the same network ?

Slobodan Brcin (eMVP) · Guest

Pascal,

http://www.sysinternals.com/ntw2k/source/newsid.shtml

Regards,
Slobodan

"Pascal Bouchard" <pascal.bouchard@rfranco.ca> wrote in message news:eBJeCfA%23EHA.2032@tk2msftngp13.phx.gbl...

Pascal Bouchard · Guest

I understand the security issue but what about the following topics (all
targets with same sid) :

* Domain Registration
Is it a good presumption to think that it will never work (cause same
sid and same hostname) ?

* Active Directory
Is it only based on domain participation (if so, it will never work) ?
(otherwise, will it work?)

* SMS
Is it based on active directory ?

* DUA ?

* Computer Browsing ?

* NetBios
Is all communication other than basic Tcp/IP (e.g. time synchro, domain
credentials, wins, etc ) based on this protocol ?

* Tcp/Ip
DHCP server will be used... i suppose it is not an issue ? isn't it ?

None of my targets need to communicate with each other BUT one or some
servers will.

"Slobodan Brcin (eMVP)" <sbrcin@ptt.yu> wrote in message
news:OgbzTJB%23EHA.1084@TK2MSFTNGP15.phx.gbl...

KM · Guest

Pascal,

You seem to have confused a few things together.
SID and hostname are different things and they may cause different issues if not unique per device on the same network.

Basically, in Domain environment it operated with so called Domain SDI which is not the local computer SID that would be cloned
without fbreseal or newsid.
The SID of a user or group from a domain is always based on the SID of the domain, and uniquely identifies the user or group. While
the OS derives local user accounts and group SIDs from the computer SID.
You will need to think more about unique SIDs if your devices work in workgroup or if you clone NTFS based volume with security
attributes set for some accounts.

You may want to read more here:
http://support.microsoft.com/kb/q162001/
http://www.winntmag.com/Windows/Articles/ArticleID/3469/pg/2/2.html

For another question it may take a while to answer as you asked for a whole bunch of different technologies. I'd recommend you to do
some goggling first or search MSDN.
You will find great info on any topic from your list there.

You you really need to know what the same computer name may cause, look at MSDN for WINS information.
Or read this page: http://www.petri.co.il/registration_of_netbios_names.htm. Please note the complete NetBIOS name list and Unique
flag (Type) for each item from the list.

--
Regards,
KM, BSquare Corp.

PS. Why just not eliminate all this SID/computer name problems by using System Cloning Tools or newsid?

Pascal Bouchard · Guest

Your last question is very relevant KM; let me explain what i'm trying to
validate :

We build a RPOS system; this system was using QNX (Real-time Operating
system based on POSIX); we decided to have a new technological direction and
use XP Embedded; the initial RPOS had a 10Mb footprint onto a M-System IDE
Disk-On-Chip; onto this disk were some partitions; the first active
partition was intended to compare (checksum based) our application with a
server image; if the image was different, it was getting downloaded and
deployed.

The question i'm trying to answer now is "Can i have the exact same OS image
on all my targets and then compare it with a server image?"; intending to
update it without being booted in windows.

Basically, the needs we have are :
* Being able to, remotely, without any manual intervention, update the os
image rapidly (within an acceptable timeframe on a 56K line - In case of
emergency - Sector by Sector if possible (fast))
* Being able to update the OS and Application remotely
* Being able to Remote Assist
* Being BLINDED against viruses and bad interventions (cause on-site
intervention on 10000 RPOS are unacceptable) (rollback probably).

If you had answers or advices for me, i'd be very pleased; EWF will probably
be part of your suggestion. (PXE is available to my RPOS); we'd like to use
a USB Mass Storage Key.

"KM" <konstmor@nospam_yahoo.com> wrote in message
news:%23qw5n6C%23EHA.1084@TK2MSFTNGP15.phx.gbl...

Slobodan Brcin (eMVP) · Guest

Hi Pascal,

Emergency updates can be done trough some custom BIOS-es, there are third party companies that sell these solutions.

M-Systems has complete solution for booting XPe from USB uDOC disks.
http://www.m-systems.com/files/documentation/doc/uDiskOnChip_PB_0704.pdf
http://www.m-systems.com/content/Products/Product.asp?pid=29

They are very fast ~20 MB/sec and offer option to split them to two disks and put read only protection on first disk.
These things might interest you.

Regards,
Slobodan

"Pascal Bouchard" <pascal.bouchard@rfranco.ca> wrote in message news:udc3MGD%23EHA.3700@tk2msftngp13.phx.gbl...

KM · Guest

Pascal,

You don't want to make client images different by having them, for instance, different SIDs, right?

I have very little experience with POS systems but I thought they are usually pretty big images. Although I completely understand it
would depends on the main POS application(s) used on the device and the application requirements/dependencies. There is observing
some growing popularly for the port of POS applications to .Net which makes most of the POS systems heaver than, say, regular
Minlogon image size.
Anyway, I think you have already evaluated XPe to meet your device specifications and requirements so I am not going to tell you
that your future XPe image will unlike be around 10MB :-)
Btw, Remote Assistance will bring a bunch of components in your image.

Regarding your device requirements.... How you are going to send the checksum to the server? Do your have your own BIOS
implementation for PXe client and server side PXe?
Or are you planning to use another protocol from, say, temporary loaded OS image?
I mean it is just not clear to me how you are going to calculate the checksum and send it to the server? If it is your custom
protocol you can maintain a simple database on the server side (even a plain text file will work) with the initial client image
checksums. Then whenever a client device boots up and sends the current image checksum to the server, you can compare it there and
download a new image if available. Although this way you still need to use image datetime stamp to know whether the server image is
newer.
So if you get the database then you can have different images on client devices with no harm.

Also, take a look at the IBM Rapid Recovery solution. You will have to have IBM BIOS, though, but if you purchase IBM box you get
the software for free.

Btw, did you have a chance to evaluate WePOS for your needs? My guess is that it is too heavy for you.

--
Regards,
KM

Pascal Bouchard · Guest

I already have in hand a M-System USB uDOC but still waiting for M-System to
supply me the software to set my device as bootable device... probably next
week.

I also have a Smart Modular Technologies device to test.

Regarding Emergency updates done by custom BIOS, do you remember the 3rd
party cie ?

What would be your best guess to have a safe remote deployment and a way to
compare images ?

"Slobodan Brcin (eMVP)" <sbrcin@ptt.yu> wrote in message
news:uBImKOD%23EHA.3708@TK2MSFTNGP14.phx.gbl...

Pascal Bouchard · Guest

Exactly, this is my reason to deploy the exact same image on multiple
targets.

My QNX image is very tiny but, my XPE his pretty large since it contains
WINLOGON and .NET Framework... it is presently 256Mb (ntfs compressed).

Intending to compare my XPe partition, i though i'd have a partition that
boots a tiny OS that speaks TCP/IP, compute the checksum of the XPE
partition and, with a custom protocol over TCP, asks the server for the
current XPE partition checksum..... update... etc etc....

Actually, i'd like to confirm that having the same SID on all my targets
will cause me a problem implementing ADS, Domain Registration, SMS, Windows
Network... if it causes a problem, i will stop trying to find a "partition
checksum comparison" solution and find another architecture.

The best workaround i found is to have a read-only initial XPE partition and
having EWF overlays; my problem is that if a virus infects my system and
that it cannot boot anymore, i'm in deep s@#$!@ 10000 times; in emergency
case, i'd like to rollback to initial version or completely remotely
reinstall an image; your advices are welcome.

"KM" <konstmor@nospam_yahoo.com> wrote in message
news:OwJ7AZD%23EHA.3260@TK2MSFTNGP14.phx.gbl...

Slobodan Brcin (eMVP) · Guest

Hi Pascal,

About comparing images some simple approach would be to divide disk on certain logical blocks like 1 MB and calculate checksums of
each block.
About custom BIOS manufacturer I do not know since I was told once but I can't remember it now since I do not use it :-(

Regards,
Slobodan

"Pascal Bouchard" <pascal.bouchard@rfranco.ca> wrote in message news:uUI367L%23EHA.2700@TK2MSFTNGP14.phx.gbl...

Slobodan Brcin (eMVP) · Guest

KM · Guest

Pascal,

Pascal Bouchard · Guest

Thank you Slobodan, using small chunks with checksum is what i intended to
do; i'm looking for a standard protocol that does the transfer but i think
that i will have to implement it by myself.

"Slobodan Brcin (eMVP)" <sbrcin@ptt.yu> wrote in message
news:ucaVDJM%23EHA.3708@TK2MSFTNGP14.phx.gbl...

Pascal Bouchard · Guest

My XPe partition will be write-protected; i will probably have an initial
partition that will override the XPe partition if necessary before botting
with it.

Thanks.

"Slobodan Brcin (eMVP)" <sbrcin@ptt.yu> wrote in message
news:uGpvZMM%23EHA.1564@TK2MSFTNGP09.phx.gbl...

Same SID Issue Goto page 1, 2 Next