Phurious Posted May 4, 2006 Share Posted May 4, 2006 (edited) Currently, I am working on a project that will aide me in my work. I support multiple remote locations, so if ever a user's machine needs to be reimaged I either have to travel to the site, or have the user ship their machine to me. To overcome this, I have adopted a simple solution - I installed Windows PE to partition 1, and the regular OS to partition 2. Using PTEDIT.EXE I Changed the "TYPE" for partition 1 to "DE" so that the Dell systems we use will recognize it as a "Utility" partition, and give the users an option to boot PE if F12 is pressed at startup. Once PE is loaded, it automatically Ghosts their machine with a supplied image. Also, this partition is not accessible from inside Windows, and the users are unaware of it's presence. Now onto my questions. I need a way to store backup information on the user's PC that is invisible to the user. Sever space is not available to keep weekly backups for the users; I am trying to devise a way to store a USMT backup for the user on a third partition on the local disk that the user will be unaware of.1. Does anyone know of a way to "Hide" a partition from a user other than the normal use of a group policy or registry edit?2. Pardon my ignorance on the matter, but is there a way to read/write data to a partition that has no assigned drive letter?3. Is there any way to update data through Windows on a partition that is of the "DE" type? I ask this beacuse I would like to be able to push fresh images to the utility partition.Thanks for any input you can offer! Edited May 4, 2006 by Phurious Link to comment Share on other sites More sharing options...
Phurious Posted May 4, 2006 Author Share Posted May 4, 2006 (edited) Well, digging into this I had been focused on finding a programmatic way to accomplish this, because the whole process has to go on in the background with the users unaware. I finally performed cranialrectonomy and found a round-a-bout way to accomplish this EASILY with vb script:HidenSeek.vb script:Option ExplicitDim oShellDim fsSet oShell = CreateObject("WScript.Shell")Set fs = CreateObject("Scripting.FileSystemObject")If fs.FolderExists("D:\USMT") Then oShell.Run "diskpart /s C:\Invisible.txt",0,TrueElse oShell.Run "diskpart /s C:\Visible.txt",0,TrueEnd IfVisible.txt Script for DISKPART.EXEselect volume 2assign letter D:Invisible.txt Script for DISKPART.EXEselect volume 2removeI think other people could use this to hide their documents from a cursory examination on PC's that other people may have access to. Edited May 4, 2006 by Phurious Link to comment Share on other sites More sharing options...
jaclaz Posted May 4, 2006 Share Posted May 4, 2006 Just for the record, RAW data is accessible even if no letter is assigned (i.e. volume not mounted).Most Hex/Disk editors will be able to connect to Physical disk.From batch/Command line, there is this freeware utility, dsfo/dsfi part of the DSFOK package:http://members.ozemail.com.au/~nulifetv/fr...ware/index.htmlFrom the README:DS File Ops Kit---------------1) dsfodsfo can save a block of data of any size from any location within a file.Also:- backup any disk partition, including "live" and "hidden"- backup entire disk, including "live"- create an ISO CD-ROM or DVD-ROM image- create a floppy disk image- check MD5 signature of a partial or complete data object- fast sector-level transferUsage: dsfo source offset size destinationNote: null size is interpreted as max possible output negative size is calculated on current file size negative offset is calculated from end of file use "$" as destination to check MD5 signature onlyExample: dsfo c:\tmp\my.avi -50000 0 test.bin dsfo \\.\d: 0 512 c:\0\partition-sectors.dat dsfo \\.\PHYSICALDRIVE0 0 0 \\srv\shr\tmp\first.dsk dsfo \\.\a: 0 0 "c:\tmp\floppy disk image.img" dsfo \\.\e: 0 0 d:\CDROM_or_DVD_image.isoTo backup a "hidden" partition (no assigned letter), first run vlm to find itsunique volume name, then copy and paste it to dsfo, eg:dsfo \\.\Volume{ac837e69-551d-11d9-9a3c-806d6172696f} 0 0 c:\tmp\my.datCheck MD5 signature only: dsfo \\.\g: 0 2048 $The offset argument has to be "0" with non-file objects.2) dsfidsfi can overwrite a block of data of any size at any location within a file.Also:- restore disk partitions (no resizing)- restore entire disk (no resizing)- restore a floppy disk image- join two files- fast sector-level transferUsage: dsfi destination offset size sourceNote: null size is interpreted as max possible input negative size is calculated on current file size negative offset is calculated from end of file use "e" as offset to indicate end of fileExample: dsfi c:\tmp\my.avi -50000 0 test.bin dsfi \\.\d: 0 512 c:\0\partition-sectors.dat dsfi \\.\PHYSICALDRIVE0 0 0 \\srv\shr\tmp\first.dsk dsfi \\.\a: 0 0 "c:\tmp\floppy disk image.img"To join two files type: dsfi file1 e 0 file2The offset argument has to be "0" with non-file objects...........6) vlmvlm scans the volumes of a computer and reports detailed info.Found volumes: (sample output)\\.\Volume{ac837e60-551d-11d9-9a3c-806d6172696f}Label: (none), File System: FAT32 4995/2000 MBSymbolic Link: \Device\HarddiskVolume1jaclaz Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now