Focus on Microsoft
Re: How to /password policy on Windows 2003 Aug 21 2009 12:14PM
pent 5971 (pent5971 gmail com) (5 replies)
RE: How to /password policy on Windows 2003 Aug 26 2009 05:21PM
Kurt Dillard (kurtdillard msn com) (1 replies)
Vista Complete PC Backup coolness Aug 28 2009 07:49PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
RE: Vista Complete PC Backup coolness Sep 02 2009 10:50PM
James D. Stallard (james leafgrove com) (1 replies)
RE: Vista Complete PC Backup coolness Sep 05 2009 06:50AM
Ken Schaefer (Ken adOpenStatic com)
The 100MB partition is for Bitlocker. I am surprised that this isn't backed up normally/transparently as part of a backup that includes system state...

Cheers
Ken

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of James D. Stallard
Sent: Thursday, 3 September 2009 6:50 AM
To: 'Thor (Hammer of God)'; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Vista Complete PC Backup coolness

Hey Thor

There's no real reason why a VHD backup should not be mountable as a VM, after all, we all do P2V. Indeed, an automated P2V is an excellent way of creating a warm-standby DR environment or a "real" live test bed. Mounting a VHD as a VM would seem to be a common sense feature to me - especially as it also raises the possibility of V2P. MS have missed a trick IMHO.

Also, we have another backup nasty on Windows 7 that also hits Windows Server 2008 R2.

On default installations, both OSs create a 100Mb partition on the boot drive, presumably for recovery (not bothered doing the reading on that yet).
It would seem that taking backups of the system state requires a VSS snapshot to be created for that drive, and the drive is too small for VSS to be happy about doing it. The result, some commercial backup software (my test was BackupExec 12.5 SP2 fully patched) fails. You can do some VSSADMIN jiggery-pokery to move the snapshot to another drive, but that requires a drive letter to be assigned to the 100Mb partition and is a messy solution at best.

Using DISKPART to setup your own partitions during installation (either OS) does not create the 100Mb partition and so doesn't create the problem.

Kinda wandered of topic a bit, but I hope it's useful

Cheers

James

James D. Stallard MBCS CITP MIoD
Enterprise Architect
Web: www.leafgrove.com
LinkedIn: www.linkedin.com/in/jamesdstallard
Email: james (at) leafgrove (dot) com [email concealed]
Mobile: +44 (0) 7979 49 8880
Skype: JamesDStallard

Think before you print. Please don't print this email unless you really need to.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Thor (Hammer of God)
Sent: 28 August 2009 20:49
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Vista Complete PC Backup coolness

So, before I upgraded to Win7 on my production rig, I took the opportunity to try out the "Full PC Backup" for giggles just in case things went tits up. Aside from the restore not working (it said it had a disk problem) and the fact that you can only restore to a partition the same size as the one you backed up from (it's supposed to be =>, but it didn't work out that way), I did find out some cool things about the Complete backup that you might find interesting...

First off, while you have to be admin to perform a Complete PC Backup, you no longer get the option of requiring a password to "protect" the backup.
That was cool when you were concerned with people with physical access getting to your data. The directory created (based on HOSTNAME of unit backed up) will have local Administrators group Full, and local Backup Operators Full, but all you have to do (obviously) is pop the usb drive into a different machine that you have local admin access to and you immediately get full access. You don't even have to change permissions... I don't consider that a big deal, and is actually easier, since if you are admin on the box, it doesn't matter what drives you put in from an OS permissions standpoint (not EFS, obviously).

The "cool" part is that the Complete PC Backup is actually a .VHD disk file.
Sure, there is catalog information accompanying the backup, but if you need data off of the backup, you can just stick the USB source in a drive somewhere and mount the VHD to access it like a drive letter, again without worrying about file permissions. You can do this in VPC or VMWare, or even easier, use something like WinImage to just mount the thing and grab your data. /mosh

It would have been very cool for MSFT to have built in the functionality of actually BOOTING the vhd in VPC (or VMWare) but alas, that dog does not hunt. While not ideal, it would require substantial driver reloading (and
reactivation) anyway, but it still would be nice to be able to boot into your Complete Backup. Just as well that you can just attach the .vhd directly in VMWare/VPC and go from there though.

That's it.. just thought I'd post up the bits about not expecting any security on your backups, and how you can now just directly mount the vhd backup file to get data without worrying about permissions. I'm sure some with think that is a bad thing, but I've always treated backups like any other "physical access" asset, which is, if I have my hands on it, it's mine anyway (so encrypt, etc).

Have a good one!

T

____________________
Timothy (Thor) Mullen, Ph.D.
thor (at) hammerofgod (dot) com [email concealed]
www.hammerofgod.com

[ reply ]
Re: How to /password policy on Windows 2003 Aug 25 2009 07:03PM
Gerardo Castillo Alvarado (gecastillo edelca com ve)
Re: How to /password policy on Windows 2003 Aug 25 2009 07:01PM
Wim Remes (wremes gmail com)
RE: How to /password policy on Windows 2003 Aug 25 2009 05:50PM
Rivest, Philippe (PRivest transforce ca) (1 replies)
Re: How to /password policy on Windows 2003 Aug 26 2009 04:47AM
Kevin (rot_betruger sbcglobal net) (1 replies)
Re: How to /password policy on Windows 2003 Aug 26 2009 10:00PM
Ben Scott (mailvortex gmail com)
RE: How to /password policy on Windows 2003 Aug 25 2009 05:44PM
THOMAS, DEDRIC (ATTCLSMA) (dt7089 att com)


 

Privacy Statement
Copyright 2010, SecurityFocus