Focus on Microsoft
Re: How to /password policy on Windows 2003 Aug 21 2009 12:14PM
pent 5971 (pent5971 gmail com) (5 replies)
RE: How to /password policy on Windows 2003 Aug 26 2009 05:21PM
Kurt Dillard (kurtdillard msn com) (1 replies)
Vista Complete PC Backup coolness Aug 28 2009 07:49PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
RE: Vista Complete PC Backup coolness Sep 02 2009 10:50PM
James D. Stallard (james leafgrove com) (1 replies)
Hey Thor

There's no real reason why a VHD backup should not be mountable as a VM,
after all, we all do P2V. Indeed, an automated P2V is an excellent way of
creating a warm-standby DR environment or a "real" live test bed. Mounting a
VHD as a VM would seem to be a common sense feature to me - especially as it
also raises the possibility of V2P. MS have missed a trick IMHO.

Also, we have another backup nasty on Windows 7 that also hits Windows
Server 2008 R2.

On default installations, both OSs create a 100Mb partition on the boot
drive, presumably for recovery (not bothered doing the reading on that yet).
It would seem that taking backups of the system state requires a VSS
snapshot to be created for that drive, and the drive is too small for VSS to
be happy about doing it. The result, some commercial backup software (my
test was BackupExec 12.5 SP2 fully patched) fails. You can do some VSSADMIN
jiggery-pokery to move the snapshot to another drive, but that requires a
drive letter to be assigned to the 100Mb partition and is a messy solution
at best.

Using DISKPART to setup your own partitions during installation (either OS)
does not create the 100Mb partition and so doesn't create the problem.

Kinda wandered of topic a bit, but I hope it's useful



James D. Stallard MBCS CITP MIoD
Enterprise Architect
Email: james (at) leafgrove (dot) com [email concealed]
Mobile: +44 (0) 7979 49 8880
Skype: JamesDStallard

Think before you print. Please don't print this email unless you really need

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Thor (Hammer of God)
Sent: 28 August 2009 20:49
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Vista Complete PC Backup coolness

So, before I upgraded to Win7 on my production rig, I took the opportunity
to try out the "Full PC Backup" for giggles just in case things went tits
up. Aside from the restore not working (it said it had a disk problem) and
the fact that you can only restore to a partition the same size as the one
you backed up from (it's supposed to be =>, but it didn't work out that
way), I did find out some cool things about the Complete backup that you
might find interesting...

First off, while you have to be admin to perform a Complete PC Backup, you
no longer get the option of requiring a password to "protect" the backup.
That was cool when you were concerned with people with physical access
getting to your data. The directory created (based on HOSTNAME of unit
backed up) will have local Administrators group Full, and local Backup
Operators Full, but all you have to do (obviously) is pop the usb drive into
a different machine that you have local admin access to and you immediately
get full access. You don't even have to change permissions... I don't
consider that a big deal, and is actually easier, since if you are admin on
the box, it doesn't matter what drives you put in from an OS permissions
standpoint (not EFS, obviously).

The "cool" part is that the Complete PC Backup is actually a .VHD disk file.
Sure, there is catalog information accompanying the backup, but if you need
data off of the backup, you can just stick the USB source in a drive
somewhere and mount the VHD to access it like a drive letter, again without
worrying about file permissions. You can do this in VPC or VMWare, or even
easier, use something like WinImage to just mount the thing and grab your
data. /mosh

It would have been very cool for MSFT to have built in the functionality of
actually BOOTING the vhd in VPC (or VMWare) but alas, that dog does not
hunt. While not ideal, it would require substantial driver reloading (and
reactivation) anyway, but it still would be nice to be able to boot into
your Complete Backup. Just as well that you can just attach the .vhd
directly in VMWare/VPC and go from there though.

That's it.. just thought I'd post up the bits about not expecting any
security on your backups, and how you can now just directly mount the vhd
backup file to get data without worrying about permissions. I'm sure some
with think that is a bad thing, but I've always treated backups like any
other "physical access" asset, which is, if I have my hands on it, it's mine
anyway (so encrypt, etc).

Have a good one!


Timothy (Thor) Mullen, Ph.D.
thor (at) hammerofgod (dot) com [email concealed]

[ reply ]
RE: Vista Complete PC Backup coolness Sep 05 2009 06:50AM
Ken Schaefer (Ken adOpenStatic com)
Re: How to /password policy on Windows 2003 Aug 25 2009 07:03PM
Gerardo Castillo Alvarado (gecastillo edelca com ve)
Re: How to /password policy on Windows 2003 Aug 25 2009 07:01PM
Wim Remes (wremes gmail com)
RE: How to /password policy on Windows 2003 Aug 25 2009 05:50PM
Rivest, Philippe (PRivest transforce ca) (1 replies)
Re: How to /password policy on Windows 2003 Aug 26 2009 04:47AM
Kevin (rot_betruger sbcglobal net) (1 replies)
Re: How to /password policy on Windows 2003 Aug 26 2009 10:00PM
Ben Scott (mailvortex gmail com)
RE: How to /password policy on Windows 2003 Aug 25 2009 05:44PM
THOMAS, DEDRIC (ATTCLSMA) (dt7089 att com)


Privacy Statement
Copyright 2010, SecurityFocus