FBReseal & Multiple disks

[Desi]

I have a target with two Compact flash modules. The first module (Drive
C is EWF protected with a RAM overlay. The second module (Drive D
is not EWF protected.

Accordingly, I have moved some of the read-write file locations over to
the D: drive. These include the Event Logs, MSMQ, Documents and
Settings, etc.

My question is "When I do an FBReseal.exe on the target, do I have to
do it twice, once for each drive?" How do I handle mismatched SID's
(And other unique numbers) on the D: drive? How do I image multiple
drives?

Help me understand what I need to do to be able to duplicate these two
CF modules over to many targets in manufacturing.
Thanks in advance,
Desi Richards

 

[KM]

Desi,

Your question does not make much sense if second card does not have OS on it.

You will have to run FBreseal only once. It will make sure you get unique SIDs on cloned images (SIDs are in registry).
Please read about SIDs on Intenet (e.g. www.sysinternals.com).

Also, please read Cloning setion in the XPe docs.

KM

 

[Slobodan Brcin \(eMVP\)]

Hi Desi,

Do you have NTFS or FAT on second drive?
Anyhow you need to do fbreseal on OS itself, and just make sure that both disks are present at the first boot time.

Regards,
Slobodan

 

[Desi]

I was under the impression that SID's were linked to files via the file
system security, which would mean that the security settings on Drive
D: would somehow require that D: stay in sync with the C: drive.

Both drives are NTFS and compressed, btw.

Thanks for clearing me up on that one.
Desi

Hi Desi,

Do you have NTFS or FAT on second drive?
Anyhow you need to do fbreseal on OS itself, and just make sure that

both disks are present at the first boot time.

 

[KM]

Desi,

I was under the impression that SID's were linked to files via the file
system security, which would mean that the security settings on Drive
D: would somehow require that D: stay in sync with the C: drive.

This is true. NTFS files would have security descriptors accosiated with them.
I am not sure about fbreseal but NewSID from sysinternals.com will scan and find every security descriptor for occurrences of the
computer SID that you trying to replace with a new one.

You can defnitely give it a shoot with fbreseal. I suspect it works similar way.

KM

 

[Desi]

NewSID caused problems when I tested it just now. I used a ghost image
of my target, duplicated it on another target, and then ran NewSID.

When it rebooted, the target showed the taskbar as locked, and the
checkbox to unlock it was grayed out. Many other permissions and/or
viewing capabilities were broken, such as the Services snap-in for MMC,
the IIS snapin, etc. Eventually, the taskbar went away on the machine
and I never did get it back.

I'm wondering if FBRESEAL will blank out the SIDs on both drives, and
then (If I restore them in reverse order) replace them with real SIDs
on reboot... I'll give that a shot and report back to everyone.

Desi