Keith et al,
Thanks for all the good information. Sounds like a PLUG talk to me. J
Regards,
Eric
My apologizes that email accidentally got sent before I could finish it... restarting-
~ ~ ~
I had offered a talk on this to PACS but the procedure I for Virtualizing windows on Linux also provides clean way of imaging a Windows box which is especially critical to protection from Ransomware. Since the image is portable it is valid for virtualization use as well as bare metal installations.
The high level points are that you need two tools:
1) qemu-img (Linux)
2) sysprep (Windows)
You will also need a storage location to store the file the VM file that is produced.
Fortunately for WinXP the procedure might be slightly less complicated. I'll give you all the steps first and then point out where you might save time.
- Boot into Windows and use sysprep to create an out-of-box-experience - open a command prompt and run sysprep from the system32\sysprep folder of your $systemroot (which is normally c:\windows. When the dialog box comes up choose the one say says "OOBE". You should also check "Generalize". For "Shutdown Options" you should choose "Shutdown". The first time you do this you should not get any errors. Subsequent runs however will require setting setting two registry keys which reset the OOBE counter. I don't have that in front of me right now but its out there on the internet but I can email you the .reg file I created to do this if you can't find it.
- Boot into a Linux live cd with qemu-img to create the VM disk file - This is a matter of preference but in my case, I have usb disk installs of Lubuntu and Slax that I use. As long as you have network access you use whatever you want and then get a repository package that has the qemu-img program. In the Ubuntu world that is "qemu-utils". You will need to have the storage location for the VM image available. The most time efficient way to do this is by connecting a USB drive with enough space but you also stream this over the network to a location as well (i.e. via SSH). Keep in mind that this is the slowest part of the process. There are ways to accelerate that I will mention later. This is also space intensive and will consume at least the amount of space you have in use on your file systems. For USB, mount your storage and do something like "qemu-img convert -O qcow2 /dev/sda /mnt/my_pc.qcow". In this case, /dev/sda is the windows disk and my USB drive is mounted to /mnt
When this completes you will have a .qcow2 VM image. To test it, I would create a clone (i.e. a copy of the VM pointing to this file as a backing images, see the qemu-img help) and bring it up. You'll have to go through the windows set up. You'll have to create a another user (I just call it sysprep) and when you are done and log off, you will see your others account(s). You and log into them as they will be intact. You can delete the sysprep account. The beauty of this is that when done, you can just delete the clone. Your image remains intact and be used over and over again.
To burn this into bare-metal you would boot from your live cd again, connect your storage and use the qemu-img convert facility to write the image out in the "raw" format to the disk you want.
To accelerate the process you can use dd to capture your boot sectors and then use ntfsprogs to create a clone of your windows drives. This is much faster but because the rebuild has more steps I don't like to use it here.
I've use this for my Windows 7 Home Premium netbook. Which also has 2 Linux partitions. This process protects everything. So even though its 185Gb, I can sleep well knowing that my netbook can be destroyed and nothing is lost. In fact, I have it up in virtualization now so I could look at my Windows side instructions again. For Win XP, I have done this procedure without using sysprep but I don't know if it is always 100% reliable. We are talking about Windows after all. With Windows 2000 it was so I suspect it might work in XP but your mileage my vary.
Hope this helps!