Transcript Presented by Mark Minasi contents copyright 2009 Mark Minasi Do not redistribute Session Code: CLI302

Presented by Mark Minasi
contents copyright 2009 Mark Minasi
Do not redistribute
Session Code: CLI302
Overview
Volumes as Seven likes 'em: The Case of the
Unlettered Drive
What's new in Win 7 backup
Short Items
VHDs
Win 7 native support
Storing OS volumes in VHDs
Booting from a VHD
Quick Review: BCD/BCDEDIT
Let's back up and review something about how Vista
boots and how W7 adapts that
Vista doesn't use the NT boot loader that we've had
since 3.1; instead, it uses a new "boot configuration
database" (BCD), a hidden/system folder containing the
boot loader and boot instructions
It's why boot.ini's gone and bcdedit is essential
Download the (free) first chapter of my Vista Security
book for background and examples of bcdedit
(Administering Windows Vista Security: The Big
Surprises) -- it's free, no advertising
BCD in Win 7
If you install Win 7 on a system with a C: drive
larger than about 24 GB in size, you'll end up
with just one lettered ("C:") drive… but you will
not be able to find the BCD folder on that drive,
even with "dir c: /as"
The reason: it's sitting on a separate partition
that is not lettered
For example:
This system is a simple laptop with a single 100 GB C:
drive. I wiped the drives, told Win 7 to install to the one
drive and did not tell it to chop the drive up… but here
you see that it does that, creating an unlettered
partition that contains the boot loader
Now Compare Explorer
The Explorer view, in contrast, looks just like a Vista onedrive system – the unlettered volume doesn't appear at all
Why Did Microsoft Do This?
Vista introduced the BitLocker drive encryption
tool
It's useful, but it required you to boot from a
separate 1.5 GB partition that contained
nothing more than the BOOT folder
It was a pain to set up and didn't really need all
that space, but MS put it in for compatibility
This 100 MB volume now does the job
Why Do This?
Additionally, having a "Drive S:" (or whatever
letter the little active partition eventually got)
looked strange
Win 7's an improvement because
Separate partition's automatic, no after-the-fact
fumbling with partitions to use BitLocker
Separate active partition supports booting from
VHDs
Win 7 active partition only uses 0.1 gig on your
drive rather than 1.5 gigs
No Unlettered Volume?
no problem!
You probably don't have the unlettered volume,
if you upgraded in place from Vista or Server
2008/3!
Upgrades won't rearrange the existing disk
structure to create the unlettered volume
Upgrades won't "un-letter" an existing 1.5 GB
system partition created for BitLocker under
Vista
It Can Go at the Front or Back
Must the 100 MB volume be the volume first
physically placed on the hard drive?
No – I've set it up both ways, and it works fine in
both cases
What's New
Nothing major – this is basically the Vista/2008
backup tool
Backup and Restore isn't in Accessories, it's in
Control Panel / System and Security / Backup
and Restore / Create an image backup
You can also "Create a system repair disc," a
WinRE CD/DVD from Control Panel (System and
Security / Backup and Restore / Create a system
repair disc"
Difference From Vista
If you use Win 7's backup to do "bare metal"
backups from the "wbadmin" CLI then be sure
to include the "-allcritical" switch to ensure that
the unlettered volume gets backed up, as in this
example
wbadmin start backup –
backuptarget:m:
-allcritical –include:e:
What's New in Server Backup
System State Backup (on 2008 R2) uses VSS now
and is five times faster than Server 2008; no
corresponding changes in W7, as SSB isn't
meaningful on a desktop OS
Particular file/folder backup (as Vista had but
Server 2008 did not) is in Server 2008 R2
Still no tape or Exchange backup capability
Short Storage Items…
Built-in support for burning ISOs to CD, DVD and
Blu-Ray
Command-line tool in System32; syntax:
isoburn /q [burner drive letter:] [file to burn]
Example:
isoburn /q e: myimage.iso
Also there's shell support built-in
No native ability to mount ISOs, but…
Short Storage Items…
Google "virtual clone drive" from Slysoft, it's
free and does ISO mounting (even on 64-bit)
DFS and FRS are, believe it or not, not just
deprecated but gone from 2008 R2 apparently
Exception is if you're still using FRS for Sysvol
You can now do RAID 1 (mirroring) on the
desktop OS, Windows 7
And now on to the BIG topic…
Agenda
What VHDs do for
Windows 7
Native VHD support in
Win 7 intro
Creating VHDs step by
step
Attaching VHDs (nope, it
ain't "mounting")
Boot from VHD (BFV)
Simple "add a second
image via VHD" steps
Bcdedit in detail: BFV's
screwdriver and wrench
Expert boot from VHD
setup – boot your
computer from one file
20
Originally a Format for VM Disks
VHDs were (and still are) a useful format for
storing virtual machines – when you power
down a VM, basically it's nothing but a bunch of
files
Virtual machines can have more than one
imaginary hard disk, and each of those
imaginary hard disks are stored in a file format
with the quite sensible extension ".vhd"
VHDs Store Structures and ACLs
A VHD-format file can be a handy way to
package (and easily transport) an entire drive
into one file, incorporating the folder structure
and its NTFS permissions – way more useful
than a ZIP file!
Thus, they can provide "non-virtual service"
replacing ZIP and CAB files
VHDs Support Snapshots
Virtual machine managers support the notion of
"snapshots," a way to store the entire state of a
VM that is both quick and that doesn't burn up
a lot of hard disk space
(Consider how large VMs are and how quickly
snapshots happen!)
VHDs, then, offer a useful format for backups
and maintaining many incremental backups, as
we saw in Vista/Win 7's "CompletePC Backup"
And the Most Interesting Part…
Remember, a VHD can hold an entire drive
With Win 7, that can be a bootable drive
Place that VHD onto a system's otherwiseempty hard drive (with a BCD folder)
And then you can boot the physical system from
that one big hard disk that was packaged as a
VHD file
Again, not a "virtual" application at all
First, Some Pictures
There's a lot to learn here, but let me do a quick
overview of one of the outcomes of native VHD
support
Consider this the "10,000 foot view" of something
that I will later explain step by step
It presents what is perhaps the simplest-to-see
design (if not the simplest to create!)
VHD Boot Setup: "Big Picture"
Start off with a clean hard disk, a WIM of the
System Reserved Boot Partition and a VHD
containing a Windows OS partition (you have
to create those yourself, more info on that
later)
Boot WinPE
Using DiskPart, chop it up
26
VHD Boot Setup : "Big Picture"
100 MB
R:
Create two partitions: a 100 MB active partition, give it any drive
letter (let's call it R:)
27
"R:?"
Doesn't the drive letter matter?
No – as we've seen, the system reserved boot
partition won't have a drive letter eventually
anyway
We just need a drive letter now so that ImageX
can do the next step
VHD Boot Setup : "Big Picture"
100 MB
R:
Get the boot manager (system
reserved boot partition, "SRBP")
code into the small partition with
Setup or ImageX
SRBM.wim
SRBP.wim
VHD Boot Setup : "Big Picture"
100 MB
SRBP
S:
Then, use the rest to create a big
empty drive -- format it and call it
drive S: (Again, the particular drive
letter you choose does not matter)
Create a folder in S:, call it
anything
VHD Boot Setup : "Big Picture"
100 MB
SRBP
S:
Into the folder, and copy an
already-created Win 7 VHD
which I've called image.vhd
(and that I'll explain how to
create later) to the folder
image.vhd
Notice the "Copy"
If you've already got an OS image inside a VHD,
then "deploying" it is as simple as XCOPYing the
VHD file… no Ghost, no ImageX
(Again, we'll see how to create a VHD with an OS
image in it in a moment)
Note also:
We've got a drive S: that contains the file
s:\vhds\image.vhd that we want to boot from
Then we'll do some bcdedit (details later)
And reboot…
After You Reboot: "Big Picture"
100 MB
As before, the 100 MB partition has no
letter
SRBP
E:
S: has been renamed to some other
letter just above C:, like D: or E:, and
has just one file in it
image.vhd
C:
The attached VHD – which is just a
VHD file sitting in a folder on "E:" –
now shows up as a separate C: drive
with the OS on it
What it looks like when booted
So on to the details!
Native VHD Support
what Win 7/R2 can do
Win 7 lets you create, from the CLI or (less
completely) the GUI a brand-new VHD
You can then access it by "attaching" it, which
fools Windows into thinking that you've just
added a new physical hard disk to the system
You can then partition it, format it, etc
From that point on, any other system that
attaches that VHD sees its partitions, NTFS
security and the like
VHD Attachment
simpler example that we can quickly see
Take a computer with one physical hard disk
and just one volume on that disk (except the
hidden partition)
We'll carve out a 1 GB fixed-size VHD file named
"image.vhd" from C:
Then we'll partition it, format it and make it
drive D: with a volume label of "VHD Disk" or
the like
Win 7 VHD Workflow
what we'll do to create the "extra" drive
Initially create a VHD with logical disk manager
(LDM), diskpart or, in some cases, start from an
existing VHD
Following that, "select" the VHD
Then you "attach" the VHD
Once it's attached, it looks like a new hard drive
Now you treat it just like a regular drive –
partition it, format it, etc
Using Win 7's VHD Support
command line tools (overview)
Create VHDs from create vdisk file=…
Connect to a VHD file with select vdisk file=…
Then view it as if it were a physical with the
attach vdisk command
Once it's attached, you can treat it like a
physical disk – create/delete partitions and
volumes, format the volumes, give them a letter
Let's get more specific
Three Kinds of VHDs
Fixed: when you create the VHD, you tell
Windows how large it should be, and that space
gets allocated immediately
Expandable: when created, you tell Windows
the VHD's maximum size, but Windows only
actually allocates the space as needed
Differencing: based on an existing "parent"
VHD, this is a space-saving way to create several
VHDs that are based on a "baseline" VHD
Creating a VHD: CLI
From the CLI:
diskpart
create vdisk file=filename maximum=sizeinmegabytes
[type=fixed|expandable] (we'll skip differencing for
now)
ex:
create vdisk
file="c:\vhds\image.vhd"
maximum=1000
"Fixed" is default, "expandable" can be much
faster for big VHDs
Selecting a VHD: CLI
Necessary intermediate step in using diskpart
on a VHD
Also, it's the first step if you want to use a VHD
that you got from somewhere else
Connect to a VHD file in diskpart with "select
vdisk file=filename" – example:
select vdisk
file=c:\vhds\image.vhd
No options
Attaching a VHD: CLI
Next, a simple one:
attach vdisk
Attaches whatever disk you named in the last
command
Can take "readonly" as an option, or create new
in-the-vdisk permissions with the "usefilesd" or
"SD=" options
Now it's like you have an extra hard drive on
your system… partition it, give it drive letters
Disk Manager w/VHD drive
Really just a
piece of C:
Explorer w/VHD drive
Remember, this system in actuality has only one physical hard disk and
only visible partition, no matter what it looks like
Boot From VHD: Basics
We've seen that a VHD can "become" a disk
But what if that disk contained a bootable
operating system image?
Then you could (with Windows 7 Ultimate or
Enterprise) tell Windows at boot time to
automatically attach the VHD, essentially
"unpacking it on the fly" and booting from the OS
inside that VHD
Better: you could have several VHDs for multiboot, and deploying is basically XCOPYing
Hey, Wait A Minute…
I copy some VHD – call it "image.vhd" – onto a
computer and I can boot from it
But wait… "image.vhd" has a bootable Windows
image in it?????
How do I get a Windows image into a VHD in
the first place?
Create a Bootable VHD: Steps
(high level)
1. Get a Windows system the way you want it
2. Sysprep it
3. Boot the system with WinPE and use ImageX to
capture the image to a WIM file – for example,
let's call it "system.wim"
4. Create a new VHD
5. Mount it as a drive (call it G:)
6. Use ImageX to deploy system.wim to G:
Background: More Details
(in case WIMs are still strange)
I'll assume that you know how to get Windows
installed and sysprepped (remember sysprep is
now on all Windows at
\windows\system32\sysprep)
Get WinPE and ImageX by downloading the
Windows Automated Installation Kit (WAIK)
from Microsoft (it's free)
Learn how to set up WinPE with my newsletter
#59 at www.minasi.com
Background: More Details
Create the system.wim from the Windows
system with ImageX (see newsletter #61 on my
site), save it on a removable drive for simplicity
Create a VHD ("image.vhd") with diskpart, as
before
Attach the VHD and give it a drive letter (G:, for
example)
Use ImageX /apply to apply the WIM to G:
Unmount the VHD, and you now have a usable
image.vhd
Worked-Out Example
Start from the sysprepped system, you're booted
into WinPE
You've attached an extra drive called H: (could be
removable, could be a network share)
Image the system to h:\system.wim:
imagex /capture c: h:\system.wim
"Basic W7 Image"
Create image.vhd to h:
md h:\vhds
diskpart
Worked-Out Example
create vdisk
file="h:\vhds\system.vhd"
type=expandable maximum=24000
select vdisk
file="h:\vhds\system.vhd"
attach vdisk
create partition primary
active
assign letter=g
format fs=ntfs quick
Worked-Out Example
exit (gets out of diskpart)
ImageX /apply h:\system.wim 1 g: /verify
diskpart
detach vdisk
exit
You now have an imagex.vhd!
The Basic VHD Boot
We'll essentially employ just two steps to add a
second bootable image to a Win 7/R2 PC using a
VHD with a system image on it:
Copy the VHD to a local hard drive on the system
(for example put "image.vhd" into C:\VHDs)
Use BCDEDIT to create a new OS entry and point
that entry at the VHD
Where BCDEDIT Fits In
Remember the 100 MB boot partition?
For the first few seconds, that is the only code
running, and bcdedit is the main tool to tell it
what to do
Windows Setup configured bcdedit to boot
(usually) from
c:\windows\system32\winload.exe
But Win 7's boot partition can do the VHD stuff,
if we tell it to
The only problem is that the syntax is pretty
ugly… so here goes!
Using BCDEDIT
First, start from an elevated command prompt
Copy the current "OS entry," the word for a set
of commands that tells the computer how to
boot from C:, D:, a VHD or whatever, using a
bcdedit command I'll show you
Modify the copied entry that it shouldn't boot
from C: but instead from c:\vhds\image.vhd
with, again, some bcdedit commands
BCDEDIT Setup
our bcdedit tasks
Here, we will use bcdedit to
Copy the one existing bootable OS entry
Give the new OS entry a name
Change two parameters, "device" and "osdevice" to
point to the VHD
Optionally, tell it to rescan for plug and play
changes with a "detecthal" parameter
BCDEDIT Setup
To copy the current OS entry, type
bcdedit
VHD"
/copy {current} /d "Boot from
The output, well, won't be pretty:
The entry was successfully copied
to {f1776970-7ee6-11de-a72ef4251c6d1ab0}.
"What was that hex thing?"
Okay, the thing is that you can have more than
one "OS Entry," and you can give them English
names (or German or French or Polish or …) but
internally, Windows assigns them GUIDs
BCDEDIT Setup
Next, tell it where the boot device is, which
looks like
bcdedit /set {guid} device vhd=VHD-filespec
Unfortunately this, too, is a bit ugly, as the drive
letters will be different after the reboot,
meaning the C:\VHDs ain't gonna be on C:\ any
more
So surround the drive letter in brackets:
bcdedit /set {f1776970-7ee6-11de-a72ef4251c6d1ab0} device
vhd=[C:]\VHDs\image.vhd
Almost Done…
We next need the same command for a
parameter named not "device" but "osdevice:"
bcdedit /set {f1776970-7ee6-11dea72e-f4251c6d1ab0} osdevice
vhd=[C:]\VHDs\image.vhd
Finally, set "detecthal" on:
bcdedit /set {f1776970-7ee6-11dea72e-f4251c6d1ab0} detecthal on
You can see those commands in this screen shot
Summary Run
Can't Figure Out the [Drive]?
Sometimes typing in the current drive letter in
the bcdedit /device/osdevice commands
doesn't work so well
In that case, there's a neat alternative that lets
you tell the computer, "you go find the stupid
VHD!"
Instead of [C:] or [D:] or whatever, just type
[locate], like
bcdedit /set {guid} device vhd=[locate]\vhds\image.vhd
Booting an Existing VHD
summary (reference)
Copy the VHD (call it "image.vhd" in this
example) – assume it's in c:\VHDs
Create a new OS entry in bcdedit, copy from
your current one with
bcdedit /copy {current} /d "Boot Win7 VHD"
That will result in a long GUID; copy that and do
a bit of configuration:
bcdedit /set {GUID} device
vhd=[locate]\image.vhd
bcdedit /set {GUID} osdevice
vhd=[locate]\image.vhd
Adding A Second VHD
So now we've got a complete "standard" Win 7
install and a VHD-based Win 7, allowing a multboot situation
What if we want to add another VHD? No
problem – just reproduce what we did here
Except for the bcdedit hassles (which aren't bad
once you've done them a few times and [locate]
helps), this essentially allows "xcopy
deployment" of extra images
The Final Step: VHD Only
So we could imagine a system with, say, five
images on it – one "standard," the other four
"VHD"
But what about a simpler arrangement:
100 MB partition
Big C: drive with just one file on it… image.vhd?
Overview: Pure Boot From VHD
Run Win 7 Setup
Shift-F10 for a command prompt
Wipe the hard disk
Partition it with
100 MB partition, set active
the rest as one large partition; format
Create a \VHDs folder on the large drive
Create, select, attach a 24+ GB VHD
Point Setup at the new "drive" now available
Step by Steps
Start Win 7 Startup
Press shift-F10 to get a command prompt
Commands to create 100 MB partition:
diskpart
select disk 0
clean
create partition primary size=100
Step by Steps
Create large drive (still in diskpart):
create partition primary
format fs=ntfs label="Cdrive" quick
assign letter=s
exit
md s:\VHDs
diskpart
Step by Steps
this should look sort of familiar by now
Create VHD, attach it and partition it
create vdisk file="s:\vhds\image.vhd"
type=expandable
select vdisk file="s:\vhds\image.vhd"
attach vdisk
exit
exit
Now for the trick
You're back in Setup
Run the install; where it asks, "Where do you
want to install Windows?," look at the new
space you created (the size is the clue, it's
probably the last one)
Setup will say "Windows cannot be installed to
this disk. (Show details)"
Click it an Next anyway; it'll install
What It Looks Like
Set up roughly as we just did, here are the
Explorer and Disk Manager views
Disk Manager View
Remember,
there's really
only one hard
drive here;
"Windows 7
Image" is really
a VHD file in
"C Physical"
Explorer View: All Drives
Explorer View: C:
Explorer View: E:
This is the only folder on C:, containing just one VHD file
All-VHD Gotchas: Insomnia
In my experience, running a system from VHD
does have a couple of down-sides:
hibernate seems not to work
you can't put a system to sleep
Thank You!
I am at [email protected]
Find out about my free newsletter and online
www.minasi.com
Please take a moment and do an evaluation
Two more talks!
Why you should learn IPV6 and save your job (1 PM
today)
Cracking Open Kerberos (5 PM today)
Resources
www.microsoft.com/teched
www.microsoft.com/learning
Sessions On-Demand & Community
Microsoft Certification & Training Resources
http://microsoft.com/technet
http://microsoft.com/msdn
Resources for IT Professionals
Resources for Developers
Complete an evaluation
on CommNet and enter to
win an Xbox 360 Elite!
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should
not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.