Windows v Enikey
In response to the topic "In a room with a white ceiling . "
In the topic was proposed an effective solution to eliminate some problems enikey. Let's add and signify with their list:
In the same place ( in the topic ), the author proposed an interesting and, of course, useful solution using the “freezing” system of the system partition of the operating system with preliminary transfer of the Profile and “Program Files” to another section. In the comments I would like to note some shortcomings.
The author writes that after installing the OS, it is difficult to redirect the Profile and Program Files. To solve this problem, he suggests using specialized utilities, the registry editor, and the process is complicated by rebooting from the media and changing important system files. In my opinion, it is worth thinking about using the popular nLite utility, which at the stage of creating a distribution disk image allows you to specify the future profile folder and “Program Files” (the system will be installed immediately with the specified parameters).
')
Also, the author is forced to install all updates manually, since The system disk is “thawed” manually by the administrator. This is completely inconvenient when the number of machines is more than, say, 20.
The author notes that it is advisable to use RAMDrive to store temporary folders like “Temp”, since when you restart, many malware are destroyed along with all the data as a result of a power outage. This is a very effective way if the amount of RAM is excessive.
This topic will offer an alternative way to solve problems.
1. The computer boots from Windows OS, the default OS on Linux OS is changed in the bootloader config
2. The computer boots from Linux OS, the default OS on Windows OS is changed in the bootloader config
1. Windows OS installation is performed from an image prepared by NLite, with the path to the folder with profiles and “Program Files”.
* Before installation, you need to create two sections: for the Windows system partition, for Profiles and “Program Files”.
2. Installing the Linux OS (I used Debian Lenny in a minimal build):
3. Adding scripts:
In my opinion, the most suspicious is the placement of Grub on the FAT partition (after all, the config can be changed unauthorized). The fact is that I just don’t remember how I made Hrab, by condition, run the OS. But haber-makers will have no difficulty in implementing it differently ... for example, it would be wiser to use Grub2, and implement a switcher of operating systems in the hornbeam itself.
In this topic, an idea is formulated that has been successfully implemented in two companies. For us it was salvation, because machines weak and active anti-virus packages could not be used. If anyone is interested in receiving more detailed information or clarifying specific implementations, then you are welcome in the comments.
! In no case, this decision does not relieve you of the correct configuration of the OS, the adequate assignment of user rights, etc. etc.
Introduction
In the topic was proposed an effective solution to eliminate some problems enikey. Let's add and signify with their list:
- The consequences of the work of viruses, and, sometimes, the consequences of the fight against viruses lead to the state of the system in which it is “under-treated” or “not cleaned”;
- Weak iron or greed does not allow the use of serious anti-virus packages;
- Errors of users or specialized programs lead to no less damage than malicious programs (a case when the program is difficult to pick up the root, but it does not work very optimally);
- The system is subject to a natural (for her) "littering" over time;
- System administrator errors can lead to serious consequences (eg, an unsuccessful attempt to upgrade);
- Absence of an automated backup system (for example, Acronis, but not networked);
- and others ...
In the same place ( in the topic ), the author proposed an interesting and, of course, useful solution using the “freezing” system of the system partition of the operating system with preliminary transfer of the Profile and “Program Files” to another section. In the comments I would like to note some shortcomings.
The author writes that after installing the OS, it is difficult to redirect the Profile and Program Files. To solve this problem, he suggests using specialized utilities, the registry editor, and the process is complicated by rebooting from the media and changing important system files. In my opinion, it is worth thinking about using the popular nLite utility, which at the stage of creating a distribution disk image allows you to specify the future profile folder and “Program Files” (the system will be installed immediately with the specified parameters).
')
Also, the author is forced to install all updates manually, since The system disk is “thawed” manually by the administrator. This is completely inconvenient when the number of machines is more than, say, 20.
The author notes that it is advisable to use RAMDrive to store temporary folders like “Temp”, since when you restart, many malware are destroyed along with all the data as a result of a power outage. This is a very effective way if the amount of RAM is excessive.
This topic will offer an alternative way to solve problems.
Principle of operation
1. The computer boots from Windows OS, the default OS on Linux OS is changed in the bootloader config
- if there are “tasks” from the administrator, then the task file (password-protected archive) is copied to the local disk from the “tasks” ftp-server (the place where the archives are laid out by the administrator);
- if the computer is started to perform the task, then at the earliest loading stage the network adapter is disabled, the archive is unpacked and start.exe is started (for example) to complete the task;
2. The computer boots from Linux OS, the default OS on Windows OS is changed in the bootloader config
- if the computer performed the administrator's task during the previous run, then make a backup and mark it as the most relevant;
- if the computer did not perform tasks during the last boot, then recover from the most current backup, mount partitions with profiles, “Program Files” and check for viruses. Go to reboot.
Implementation in three stages
1. Windows OS installation is performed from an image prepared by NLite, with the path to the folder with profiles and “Program Files”.
* Before installation, you need to create two sections: for the Windows system partition, for Profiles and “Program Files”.
2. Installing the Linux OS (I used Debian Lenny in a minimal build):
- On the disk, it is proposed to create an additional (for convenience) partition where backups will be stored (the file system should not be supported by Windows, this will make it impossible to simply modify images / backups);
- It is recommended to install Grub on a dedicated partition for it (It is important that the config can be changed under both Windows and Linux).
3. Adding scripts:
- A program is added to Windows autoload that changes the default configuration of the Grub's Linux operating system (it is convenient to prepare the exe's using BatchToExe from the bat, this will allow you to add functionality without programming knowledge);
- in the “autoload” of Linux, add the Grub config change script to start the Windows OS by default;
- creation of other auxiliary scripts at the discretion of the administrator.
In my opinion, the most suspicious is the placement of Grub on the FAT partition (after all, the config can be changed unauthorized). The fact is that I just don’t remember how I made Hrab, by condition, run the OS. But haber-makers will have no difficulty in implementing it differently ... for example, it would be wiser to use Grub2, and implement a switcher of operating systems in the hornbeam itself.
In this topic, an idea is formulated that has been successfully implemented in two companies. For us it was salvation, because machines weak and active anti-virus packages could not be used. If anyone is interested in receiving more detailed information or clarifying specific implementations, then you are welcome in the comments.
! In no case, this decision does not relieve you of the correct configuration of the OS, the adequate assignment of user rights, etc. etc.
Source: https://habr.com/ru/post/137679/
All Articles