ARGH!!!
So, I’m attempting to set up the Maintex computers to work better, be more standardized, and be more secure. All of these computers came from Dell with Windows XP Home installed, and the company doesn’t see the financial incentive to upgrade to XP Pro since they aren’t doing anything on a domain, don’t have any Windows servers, etc. This should be fine. XP Home should be fine, right?
So I went through and removed all of the Dell crap, photo album software and jukeboxes and strange support programs and spyware. I also installed all of the Windows updates and patches, the various programs Maintex uses, disabled Internet Explorer scripting and such, removed Outlook Express, installed Mozilla, removed as many references to the terribly insecure Internet Explorer as possible, set up network settings, and the like. All set!
When I go in the C drive and select everything, it says that I have 2.33GB used, but for some reason the hard drive insists that I’m using 4.02 GB, the difference being two more CDs to Ghost the computer. So fine, I get it all Ghosted onto four CDs. Then discover that none of these CDs have floppy drives for a boot disk, and that, despite what the manual says, no, Ghost does not make it’s disks bootable by default.
So I burn another four disks and get Ghosting. Set up a computer in 30 minutes. Go to change the Security ID but see that I can’t do so since XP doesn’t include DOS and my boot disk is, alas, still a floppy disk. If it’s a problem, I’ll figure out how to make a boot CD later, but it doesn’t appear to be causing any problems. XP so far has not tried to “phone home” or deactivate itself, so that’s good, I’ll assume that’s because I left the Dell support partition intact.
Okay, let’s get down to the real problem here. Maintex uses TinyTERM by Century Software to do terminal emulation for it’s SCO server. (Yeah, SCO.) So Term works great when I tested it with the admin account, but apparently it won’t run on a non-admin XP account. The hell? No way am I letting everyone run an admin account. I see a tip on a web page and type control userpasswords2 into the “Run…” dialogue and it pops up a nice hidden Win2K-like user administration panel. I change the default user from a “Restricted” user to a “Standard” user, which should solve the problem.
Except, despite the program in Win XP Home allowing me to make this change, apparently XP Home does not have a “Standard” user, only “Limited” or “Administrator.” So you can do absolutely everything or absolutely nothing. “Standard” users I guess are a “feature” of XP Pro. Grr.
But that’s not all. Now that my user is a part of a non-existant group, the user just completely disappears, and I can’t get it back. Great! And now I’m sitting at a Windows “Welcome” screen with no users to select. Groovy.
I eventually figure out that Ctl-Alt-Del gets me to another login screen where I can login with the apparently hidden real “Administrator” account named, appropriately, “Administrator”. Riiight…
So yeah, the users are going to be running admin accounts. And when one gets a virus, it’s gonna be that much easier for the virus or malicious program to take over the computer completely and wreak havoc on the network.
Not my fault.
Thanks, Microsoft.
Yes, I still hate you.
If you’re going to be imaging XP or 2000 machines, you need to run sysprep on the machine before making an image of it. google sysprep. And maybe alternate terminal emulation software, like PuTTY, is a viable option?
Hmm, I guess I just assumed SysPrep would be needlessly complex, since it’s meant for OEMs and large corps, but perhaps it will work correctly with XP Home and with minimal hassle, although I don’t believe anything in Windows works with minimal hassle. Once I get everything properly configured, I’ll try it. What I don’t understand is why the Windows install with not a single accessory, extra option, or anything can still be 1.45GB. I realize that about 300MB of that is drivers and such, but still…
As for terminal emulators, I’ve tried a bunch, but the only one that reliabily emulates SCO ANSI with all of the strange display characters and such seems to be TinyTERM, as sad as that is.
1) Sysprep is key to not fucking up the SID business. E-mail/IM me and I’ll send you more stuff on it… I’ve played with Ghost/sysprep/Win2K quite a bit.
2) For the security issue, try looking at whether you can apply a few registry hacks – I’ve seen it done to make Win2K act like NT4 security-wise… not sure whether/how it’s possible with XP Home.
Kevin Grinberg:
I was attempting to take advantage of your offer but I can’t find your email address anywhere. Sorry if I’m missing it. But I’d really like to see what you have regarding sysprep/Ghost/Win2k. I’m in disk image mode here and I’m trying to absorb as much as I can about it.
Thanks,
Mark
It’s fairly easy, actually. Install a clean copy of XP, customize to taste, but don’t touch user accoutns (but feel free to mess with Default User and All Users), then make a sysprep config file and run sysprep to reseal it, put the config file and the sysprep binary in a C:\sysprep, Ghost it to CD from a floppy, and try it out. Okay, not *incredibly* simple, but simple enough, under the circumstances. The Ghost and Sysprep documentation is very important here, and not too hard to follow.