DOCSLIB.ORG

The Tao of .Net and Powershell Malware Analysis Pontiroli & Martinez

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

THE TAO OF .NET AND POWERSHELL MALWARE ANALYSIS PONTIROLI & MARTINEZ THE TAO OF .NET AND adopted proven practices from agile software development and business administration that focus on maximizing profi ts while POWERSHELL MALWARE minimizing the development time and maintenance cost of ANALYSIS these dreadful concoctions. Santiago M. Pontiroli In 2002, Microsoft released a game-changing framework that Kaspersky Lab, Argentina revolutionized the software development industry and unwittingly provided malware writers with an unimaginable F. Roberto Martinez arsenal of weapons. While ‘script kiddies’ resorted to builders and automated environments to cobble together variations of Kaspersky Lab, Mexico already-available malware samples, seasoned malware writers now had access to forums with approachable lessons on how Email {santiago.pontiroli; roberto.martinez}@ to write fresh pieces of malicious code, all with an eye to the kaspersky.com most desirable feature of all: avoiding anti-virus detection for as long as possible. Intended to compete directly with Oracle’s JAVA platform, the .NET framework provided not only a ABSTRACT comprehensive library of built-in functions but also an accompanying development environment capable of With the ubiquitous adoption of Microsoft’s .NET and supporting several high-level programming languages PowerShell frameworks, an ever increasing number of including Microsoft’s soon-to-be-fl agship C# and the evolution software development and IT ninjas are joining a nascent of Visual Basic, dubbed VB .NET. tradition of professionals leveraging these powerful environments for added effi cacy in their everyday jobs. With a Available by default in most Windows installations, the .NET wide array of libraries and cmdlets at their fi ngertips, the need framework has become the de facto standard for software to reinvent the wheel is long forgotten. development in Microsoft’s family of operating systems. Of course, malware writers are not far behind – they too have Moreover, with the 2006 addition of the increasingly powerful seen the light and are eager to use these convenient tools against PowerShell scripting framework, the interaction between .NET’s us. Whether it’s for everyday ransomware or state-sponsored supported programming languages and scripting automation has targeted campaigns, cybercriminals are now emboldened by a given software developers and system administrators an easy new arsenal that enables them to adapt with ease and agility. way to interface not only with the operating system but nearly Are you ready to defend yourself against this emerging threat? all Microsoft software, ranging from the Offi ce suite to the crown jewel, the SQL Server database engine. It’s time to understand our adversaries’ capabilities. In this paper, we’ll analyse select in-the-wild malware samples, Vast amounts of ready-to-use functionality make the picking apart the inner workings of these dastardly creations. combination of .NET and PowerShell a deadly tool in the hands We’ll introduce the cloaking mechanisms adopted by of cybercriminals. The straightforward value is immediate: cybercriminals, moving beyond managed code in execution developing simple yet effective applications to send spam, brute environments to the devious packers, obfuscators and crypters forcing credentials for virtually any service, or creating the next leveraged in conjunction with these powerful frameworks in global malicious campaign. The added benefi t: PowerShell order to baffl e malware analysts and forensic investigators. being ubiquitously whitelisted due to its importance in everyday Windows system administration and other recurring Knowing is not enough; we must apply. Willing is not enough; management activities makes it harder to prevent attacks that are we must do. With a plethora of post exploitation and lateral reliant on these deeply ingrained operating system components. movement tools created and customized every day in rapid application development environments and high-level With access to a powerful integrated development environment programming languages, defending against this kind of (IDE) such as the newly free Visual Studio, even application pervasive opponent is a full-time job. lifecycle management and rapid application development practices have become easier and are increasingly adopted by THE RISE OF .NET AND POWERSHELL today’s cybercriminals with aspirations of forming part of an organized industry. Clearly defi ned separations between MALWARE programmers, designers, testers, command-and-control server Gone are the days when a programming-savvy malware writer administrators, and everyone involved in cybercriminal would lock him/herself up in a dark basement, looking at a operations translates into maximum effi ciency and, in turn, glaring screen fi lled with assembly code. A challenge to the maximum profi ts. Computer-enabled crime and fraud have status quo has succeeded and now the self-titled cybercrime become a faithful refl ection of their ‘real-life’ counterparts. With industry has become a booming business, with criminals all cybercrime gangs stealing millions of dollars from institutions around the world wanting to jump on the bandwagon and get a (examples include Carbanak and gangs like the recently piece of the action. With a greater availability of high-level apprehended Svpeng), we are witnessing a paradigm shift in programming languages each day, some of which are even computer crime away from the ‘one-man show’ to that of an taught in high-school- and university-level courses thanks to earnest team effort. On the other side of the table, we fi nd their simplicity, lots of curious ‘wannabe criminals’ with cooperation between private security research companies and dubious intentions fi nd themselves surprisingly well equipped law enforcement agencies proving paramount in combating these to reach into the depths of the Internet and pull out examples borderless threats. The evolution in the complexity and quantity of source code and step-by-step tutorials to create their next of .NET and PowerShell malware is becoming a reality, and as malicious campaign. Instead of wanting to showcase their security researchers we need to be ready to fi ght back against technical expertise or intellectual capacity, criminals have these types of threats with the proper tools and knowledge. VIRUS BULLETIN CONFERENCE SEPTEMBER 2015 99 THE TAO OF .NET AND POWERSHELL MALWARE ANALYSIS PONTIROLI & MARTINEZ Whereas normal PE samples are better analysed using a embedded device use. A reduced version of the framework, debugger such as Olly or a disassembler such as IDA Pro, .NET Compact Framework, is available on Windows CE understanding .NET malware samples requires a specifi c set platforms, including Windows Mobile devices such as of tools that will make the malware analyst’s life much smartphones. Additionally, .NET Micro Framework is easier. The availability of free and open-source decompilers targeted at severely resource-constrained devices. and a plethora of tools to help in our analysis tasks means Amidst the number of open-sourced .NET related projects, that not only can cybercriminals benefi t from the use of we can fi nd the compiler platform code-named ‘Roslyn’, high-level programming languages, but we can benefi t as which provides open-source C# and Visual Basic compilers well. As with any endeavour, building the right toolset with rich code analysis APIs. Moreover, the .NET Core means getting prebuilt tools but also being ready to develop platform is made up of several components, including the our own when needed. What better than to fi ght fi re with aforementioned managed compilers, the runtime, the BCL fi re, by using Visual Studio, PowerShell and C# in our daily and the application model, such as ASP.NET. The majority of fi ght against malware? Integrating PowerShell with several .NET Core platform projects typically use either the MIT or .NET libraries and DLLs from currently available Apache 2 code licences. Some projects license their decompilers such as ILSpy will allow any analyst to create a documentation and other forms of content under Creative standardized process that fi ts his needs, enabling quick Commons Attribution 4.0. determination both of the sample’s behaviour and whether it warrants further research. The Mono Project is a software platform designed to allow To understand the differences in the analysis of .NET developers to easily create cross-platform applications assemblies we’ll need fi rst to briefl y review how the (Figure 1). It is an open-source implementation of Microsoft’s framework works and how a .NET PE is built. We have .NET Framework based on the ECMA standards for C# and already seen that cybercriminals have changed their habits to the Common Language Runtime. Along with the adopt new malware development practices, and as defendants implementation of the CLR we can also fi nd a cross-platform we should adapt our analysis environments too in order to IDE named MonoDevelop, making a perfect companionship counteract this evolving threat in an effi cient manner. for cross-platform .NET developers. As of Windows XP SP2 (and Windows 2003 server editions), .NET FRAMEWORK INTERNALS the .NET Framework is included by default in Microsoft operating systems. The inclusion of version 2.0 in Windows It was within Microsoft’s original plans to build the .NET XP SP2 paved the way for the availability of newer versions Framework with the ambitious goal of providing developers a in editions of Windows to follow. Windows Vista already single platform on which they could build all kinds of included versions 2.0 and 3.0, nearly reaching the ever applications. In theory, this revolutionary framework was to popular Windows 7, which included version 3.5.1 of the .NET be supported by a wide range of operating systems outside the Framework (in addition to previous framework versions with Microsoft ecosystem, having an ECMA specifi cation in place their corresponding service packs). The development path so as to aid the development of open-source implementations suggested by Microsoft is clear; making .NET an essential (e.g.
Recommended publications
  • Building Openjfx

    Building Openjfx

    Building OpenJFX Building a UI toolkit for many different platforms is a complex and challenging endeavor. It requires platform specific tools such as C compilers as well as portable tools like Gradle and the JDK. Which tools must be installed differs from platform to platform. While the OpenJFX build system was designed to remove as many build hurdles as possible, it is necessary to build native code and have the requisite compilers and toolchains installed. On Mac and Linux this is fairly easy, but setting up Windows is more difficult. If you are looking for instructions to build FX for JDK 8uNNN, they have been archived here. Before you start Platform Prerequisites Windows Missing paths issue Mac Linux Ubuntu 18.04 Ubuntu 20.04 Oracle Enterprise Linux 7 and Fedora 21 CentOS 8 Common Prerequisites OpenJDK Git Gradle Ant Environment Variables Getting the Sources Using Gradle on The Command Line Build and Test Platform Builds NOTE: cross-build support is currently untested in the mainline jfx-dev/rt repo Customizing the Build Testing Running system tests with Robot Testing with JDK 9 or JDK 10 Integration with OpenJDK Understanding a JDK Modular world in our developer build Adding new packages in a modular world First Step - development Second Step - cleanup Before you start Do you really want to build OpenJFX? We would like you to, but the latest stable build is already available on the JavaFX website, and JavaFX 8 is bundled by default in Oracle JDK 8 (9 and 10 also included JavaFX, but were superseded by 11, which does not).
  • Ironpython in Action

    Ironpython in Action

    IronPytho IN ACTION Michael J. Foord Christian Muirhead FOREWORD BY JIM HUGUNIN MANNING IronPython in Action Download at Boykma.Com Licensed to Deborah Christiansen <[email protected]> Download at Boykma.Com Licensed to Deborah Christiansen <[email protected]> IronPython in Action MICHAEL J. FOORD CHRISTIAN MUIRHEAD MANNING Greenwich (74° w. long.) Download at Boykma.Com Licensed to Deborah Christiansen <[email protected]> For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. Sound View Court 3B fax: (609) 877-8256 Greenwich, CT 06830 email: [email protected] ©2009 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid-free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15% recycled and processed without the use of elemental chlorine.
  • Opening Presentation

    Opening Presentation

    Mono Meeting. Miguel de Icaza [email protected] October 24, 2006 Mono, Novell and the Community. Mono would not exist without the community: • Individual contributors. • Companies using Mono. • Organizations using Mono. • Companies using parts of Mono. • Google Summer of Code. Introductions. 2 Goals of the Meeting. A chance to meet. • Most of the Novell/Mono team is here. • Many contributors are here. • Various breaks to talk. Talk to others! • Introduce yourself, ask questions. Talk to us! • Frank Rego, Mono's Product Manager is here. • Tell us what you need in Mono. • Tell us about how you use Mono. 3 Project Status Goals Originally: • Improve our development platform on Linux. As the community grew: • Expand to support Microsoft APIs. As Mono got more complete: • Provide a complete cross platform runtime. • Allow Windows developers to port to Linux. 5 Mono Stacks and Goals. MySMQySQLL//PPosstgtrgesrsess EvEovolluutitioonn# # ASP.NET Novell APIs: MMoozzillala Novell iFolder iFolder, LDAP, Identity ADO.NET ApAapchachee MMonoono DesktoGpTK#: GTK# OpNoevenlOl LfDfAiPce GCneomceil# Windows.Forms JavaJa vCa oCommpaatitbilbitiylity Google APIs Microsoft Compatibility Libraries Mono Libraries Mono Runtime (Implementation of ECMA #335) 6 Platforms, CIL, Code Generation. 7 API space Mono 1.0: July 2004 “T-Bone” Mono 1.2: November 2006 “Rump steak” Mono 1.2 bits. Reliability and C# 2.0, .NET 2.0 scalability: • Complete. • With VM support. • ZenWorks and iFolder • Some 2.0 API support. pushed Mono on the server. • IronPython works. • xsp 1.0: 8 request/second. • xsp 1.2: 250 Debugger: request/second. • x86 and x86-64 debugger. GUI • CLI-only, limited in scenarios (no xsp).
  • SME: a High Productivity FPGA Tool for Software Programmers

    SME: a High Productivity FPGA Tool for Software Programmers

    1 SME: A High Productivity FPGA Tool for Software Programmers Carl-Johannes Johnsen∗, Alberte Thegler∗, Kenneth Skovhede∗, and Brian Vinter† {∗Niels Bohr Institute, University of Copenhagen, † Faculty of Technical Sciences, Aarhus University} Abstract—For several decades, the CPU has been the standard model to use in the majority of computing. While the CPU does excel in some areas, heterogeneous computing, such as reconfigurable hardware, is showing increasing potential in areas like parallelization, performance, and power usage. This is especially prominent in problems favoring deep pipelining or tight latency requirements. However, due to the nature of these problems, they can be hard to program, at least for software developers. Synchronous Message Exchange (SME) is a runtime environment that allows development, testing and verification of hardware designs for FPGA devices in C#, with access to modern debugging and code features. The goal is to create a framework for software developers to easily implement systems for FPGA devices without having to obtain heavy hardware programming knowledge. This article presents a short introduction to the SME model as well as new updates to SME. Lastly, a selection of student projects and examples will be presented in order to show how it is possible to create quite complex structures in SME, even by students with no hardware experience. Index Terms—Reconfigurable hardware, Modeling techniques, Simulation, Verification, Hardware description languages, Computers and Education ✦ 1 INTRODUCTION The use of CPUs for programming is an incredibly flexi- simpler than other methods [4] and initial results also show ble approach that allows the same hardware to be deployed that the SME model allows students familiar with sequential in many different scenarios, and also enables seamless up- programming to pick up the parallelism [5].
  • Tor and Circumvention: Lessons Learned

    Tor and Circumvention: Lessons Learned

    Tor and circumvention: Lessons learned Nick Mathewson The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity 1) open source software, 2) network, 3) protocol Community of researchers, developers, users, and relay operators Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch, NSF, US State Dept, SIDA, ... 2 The Tor Project, Inc. 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy Not secretly evil. 3 Estimated ~250,000? daily Tor users 4 Anonymity in what sense? “Attacker can’t learn who is talking to whom.” Bob Alice Alice Anonymity network Bob Alice Bob 5 Threat model: what can the attacker do? Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! 6 Anonymity isn't cryptography: Cryptography just protects contents. “Hi, Bob!” “Hi, Bob!” Alice <gibberish> attacker Bob 7 Anonymity isn't just wishful thinking... “You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?” 8 Anonymity serves different interests for different user groups. Anonymity “It's privacy!” Private citizens 9 Anonymity serves different interests for different user groups. Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 10 Anonymity serves different interests for different user groups. “It's traffic-analysis resistance!” Governments Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 11 Anonymity serves different interests for different user groups.
  • ATTACKING RDP How to Eavesdrop on Poorly Secured RDP Connections

    ATTACKING RDP How to Eavesdrop on Poorly Secured RDP Connections

    IT SECURITY KNOW-HOW Adrian Vollmer ATTACKING RDP How to Eavesdrop on Poorly Secured RDP Connections March 2017 © SySS GmbH, March 2017 Wohlboldstraße 8, 72072 Tübingen, Germany +49 (0)7071 - 40 78 56-0 [email protected] www.syss.de Vollmer | Attacking RDP 1 Introduction The Remote Desktop Protocol (RDP) is used by system administrators everyday to log onto remote Windows machines. Perhaps most commonly, it is used to perform administrative tasks on critical servers such as the domain controller with highly privileged accounts, whose credentials are transmitted via RDP. It is thus vital to use a secure RDP configuration. We at SySS regularly observe that due to misconfigurations, system administrators in an Active Directory environment are routinely presented with (and ignore) certificate warnings like this: Figure 1: An SSL certificate warning If warnings like these are a common occurrence in your environment, you will not be able to recognize a real man-in-the-middle (MitM) attack. This article was written to raise awareness of how important it is to take certificate warnings seriously and how to securely configure your Windows landscape. The intended audience is system administrators, penetration testers and security enthusiasts. While not necessary, it is recommended that you have a firm understanding of the following subjects: – Public key cryptography as well as symmetric cryptography (RSA and RC4) – SSL – x509 certificates – TCP 2 Vollmer | Attacking RDP – Python – Hexadecimal numbers and binary code We will demonstrate how a MitM can sniff your credentials if you aren’t careful. None of this is particularly new – it even has been done before, for example by Cain [2].
  • Wireless Mesh Networks 10 Steps to Speedup Your Mesh-Network by Factor 5

    Wireless Mesh Networks 10 Steps to Speedup Your Mesh-Network by Factor 5

    Overview CPU/Architecture Airtime Compression Cache QoS future wireless mesh networks 10 steps to speedup your mesh-network by factor 5 Bastian Bittorf http://www.bittorf-wireless.com berlin, c-base, 4. june 2011 B.Bittorf bittorf wireless )) mesh networking Overview CPU/Architecture Airtime Compression Cache QoS future 1 Agenda 2 CPU/Architecture efficient use of CPU rate-selection 3 Airtime avoid slow rates separate channels 4 Compression like modem: V.42bis iproute2/policy-routing compress data to inet-gateway slow DSL-lines? 5 Cache local HTTP-Proxy Gateway HTTP-Proxy B.Bittorf DNS-Cache bittorf wireless )) mesh networking synchronise everything compress to zero 6 QoS Layer8 7 future ideas ressources Overview CPU/Architecture Airtime Compression Cache QoS future 1 Agenda 2 CPU/Architecture efficient use of CPU rate-selection 3 Airtime avoid slow rates separate channels 4 Compression like modem: V.42bis iproute2/policy-routing compress data to inet-gateway slow DSL-lines? 5 Cache local HTTP-Proxy Gateway HTTP-Proxy B.Bittorf DNS-Cache bittorf wireless )) mesh networking synchronise everything compress to zero 6 QoS Layer8 7 future ideas ressources Overview CPU/Architecture Airtime Compression Cache QoS future 1 Agenda 2 CPU/Architecture efficient use of CPU rate-selection 3 Airtime avoid slow rates separate channels 4 Compression like modem: V.42bis iproute2/policy-routing compress data to inet-gateway slow DSL-lines? 5 Cache local HTTP-Proxy Gateway HTTP-Proxy B.Bittorf DNS-Cache bittorf wireless )) mesh networking synchronise everything
  • ASP.NET 5, .NET 4.6, and Visual Studio 2015

    ASP.NET 5, .NET 4.6, and Visual Studio 2015

    ASP.NET 5, .NET 4.6, and Visual Studio 2015 Nate McMaster @natemcmaster Overview Application! ! Framework! Tooling Runtime! Overview Application! ! Framework! Tooling Runtime! What is .NET? • Introduced in 2002 • It provides – Core class libraries – Complier – Runtime (execution layer) – Support for CLI languages (C#, VB, plus more) Application! ! Framework! Tooling Runtime! Application! Entity Framework! ! Identity! SignalR! Tooling MVC / WebAPI! Roslyn! Runtime! Frameworks Roslyn What is Roslyn? • Code Analysis APIs • .NET Core What is Roslyn? • Code Analysis APIs • .NET Core • “Introduction to Roslyn” at 2:40pm today Entity Framework Entity Framework • Data access framework db.Animals.Where(i=>i.Name == “penguin”).Take(4) SELECT * FROM animals WHERE name=“penguin” LIMIT 4 Entity Framework 6 • MSSQL and MySQL • Primarily ASP.NET What’s New in EF 7 • Azure Table Storage, Redis • SQLite • Complete rewrite • New APIs (similar to v6) • CLI tools What’s new in v7 • Cloud optimized • Runs on .NET Core MVC MVC • The .NET web framework What’s new in v6 MVC 5 WebAPI Web Forms MVC 6 • Host agnostic • Built-in dependency injection • config.json What’s new in v6 • Cloud optimized • Runs on .NET Core Identity Identity • User authentication framework • OAuth providers and two- factor auth What’s new in v6 • Cloud optimized • Runs on .NET Core SignalR SignalR • Real-time web functionality • Server and client components Not yet • Not cloud optimized • Does not run on .NET Core What is .NET Core? What is “cloud optimized”? Application! ! Framework! Tooling
  • Freelab: a Free Experimentation Platform

    Freelab: a Free Experimentation Platform

    FreeLab: A Free Experimentation Platform Matteo Varvello|; Diego Perino? |AT&T Labs – Research, ?Telefónica Research ABSTRACT In this work, we set out to build a free experimentation As researchers, we are aware of how hard it is to obtain access platform which can also be reliable and up-to-date. In classic to vantage points in the Internet. Experimentation platforms experimentation platforms applications run directly at vantage are useful tools, but they are also: 1) paid, either via a mem- points; we revert this rationale by proposing to use vantage bership fee or by resource sharing, 2) unreliable, nodes come points as traffic relays while running the application at theex- and go, 3) outdated, often still run on their original hardware perimenter’s machine(s). By leveraging free Internet relays as and OS. While one could build yet-another platform with vantage points, we can make such experimentation platform up-to-date and reliable hardware and software, it is hard to free. The drawback of this approach is the introduction of imagine one which is free. This is the goal of this paper: we extra errors (path inflation, header manipulation, bandwidth set out to build FreeLab, a free experimentation platform shrinkage) which need to be carefully corrected. which also aims to be reliable and up-to-date. The key idea This paper presents FreeLab, a free experimentation plat- behind FreeLab is that experiments run directly at its user form built atop of thousand of free HTTP(S) and SOCKS(5) machines, while traffic is relayed by free vantage points inthe Internet proxies [38]—to enable experiments based on TCP, Internet (web and SOCKS proxies, and DNS resolvers).
  • C++/CLI Tutorial

    C++/CLI Tutorial

    CC++++//CCLLII TTuuttoorriiaall Author: Adam Sawicki, [email protected], www.asawicki.info Version 1.0, December 2011 Table of Contents Table of Contents .............................................................................................................................................................. 1 Introduction ...................................................................................................................................................................... 2 What is C++/CLI? ............................................................................................................................................................... 2 Why Use C++/CLI? ......................................................................................................................................................... 2 What C++/CLI is Not? .................................................................................................................................................... 2 Hello World Example ........................................................................................................................................................ 3 Project Properties ............................................................................................................................................................. 3 Namespaces .....................................................................................................................................................................
  • The Future Computer the Future Computer

    The Future Computer the Future Computer

    Anyone MICROSOFT TECHNOLOGY who knows DEPLOYMENT ISSUE 6 OCTOBER 2003 this much TECHNOLOGY about our software .NET: CHANGING THE FACE OF DEVELOPING is probably SQL SERVER: WAITING FOR YUKON TERMINAL SERVICES: certifiable. AT YOUR FINGERTIPS The Affinity Homes Group chose Phoenix Software, a Microsoft Certified Partner, to migrate 250 users and their 20 servers to It takes a special company to be a Microsoft Gold Certified Open here Windows 2000, Microsoft Exchange 5.5 and Partner, one that’s demonstrated an exceptional level of You naturally want your IT service provider to have proven Microsoft Exchange 2000 Server. Richard Swift, specialist expertise in a particular Microsoft solution. And expertise across the full range of Microsoft products for the ultimate Head of Information Systems at Affinity you will reap the rewards for all their hard work, as you get commented: “We had been working with and solutions. Every Microsoft Certified Partner has met the assurance of the highest possible levels of service. Microsoft resource guide Phoenix for a number of years and they are a rigorous technical criteria set by Microsoft, so you can be THETHE FUTUREFUTURE Whatever challenges you’re facing, a Microsoft Gold Certified Microsoft Certified Partner, that gave us the confident that they can give you the high level of service Partner is perfectly qualified to make your IT systems for IT Professionals and added comfort of knowing that they had the you expect, together with trustworthy, independent advice. Developers right level of expertise that we were looking for”. workFor moreharder details, for you. visit Visit www.microsoft.com/uk/certified www.microsoft.com/uk/certified COMPUTERCOMPUTER PUSHINGPUSHING THETHE BOUNDARIESBOUNDARIES ATAT < ©Microsoft©Microsoft Corporation.
  • Download Deploying Windows 7, Essential Guidance

    Download Deploying Windows 7, Essential Guidance

    FROM THE Windows® 7 Resource Kit Mitch Tulloch, Tony Northrup, Jerry Honeycutt, Ed Wilson, and the Windows 7 Team at Microsoft I Chapter 3 Deployment Platform .............................................. 85 I Chapter 4 Planning Deployment ............................................ 113 I Chapter 5 Testing Application Compatability ........................... 139 I Chapter 6 Developing Disk Images ......................................... 179 I Chapter 7 Migrating User State Data ...................................... 223 I Chapter 8 Deploying Applications .......................................... 247 I Chapter 9 Preparing Windows PE ........................................... 273 I Chapter 10 Confi guring Windows Deployment Services .............. 293 I Chapter 11 Using Volume Activation ........................................ 335 I Chapter 12 Deploying with Microsoft Deployment Toolkit ........... 355 DEPLOYING WINDOWS 7 83 Chapter 3 Deployment Platform n Tools Introduction 85 n Windows 7 Deployment Terminology 87 n Platform Components 89 n Deployment Scenarios 99 n Understanding Setup 101 n Basic Deployment Process 105 n Microsoft Deployment Toolkit Process 107 n Summary 110 n Additional Resources 111 uilding on technology that the Windows Vista operating system introduced, Windows 7 Bdeployment technology has evolved significantly since Windows XP Professional . For example, it supports file-based disk imaging to make high-volume deployments quicker, more efficient, and more cost effective . The Windows 7 operating system also provides