+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Windows Thread, Problems with ghost imaging in Technical; Hey guys I use ghost to image machines within school but we recently moved ghost and all the images from ...
  1. #1

    Join Date
    Jun 2008
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Problems with ghost imaging

    Hey guys

    I use ghost to image machines within school but we recently moved ghost and all the images from a 2003 server to a 2008 one. Since then i cant bring up the ghost GUI when using the universal TCPIP cd, errors relate to security and permissions even though the ghost folder is properly shared and all permissions are correct.

    Does anybody have a clue what it could be??

    many thanks!

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,568
    Thank Post
    721
    Thanked 1,682 Times in 1,497 Posts
    Rep Power
    432
    Probably something to do with secure communications/kerberos etc...?

    Ben

  3. #3
    TheLibrarian
    Guest
    Can you provide more detail about what you are doing and what is failing?

    I cannot picture what you are attempting and therefore can't suggest anything useful.

  4. #4

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,257
    Thank Post
    55
    Thanked 283 Times in 189 Posts
    Rep Power
    135
    Quote Originally Posted by plexer View Post
    Probably something to do with secure communications/kerberos etc...?

    Ben
    Seconded

  5. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    Try authenticating with domainname\username, then your password.

  6. #6
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    732
    Thank Post
    100
    Thanked 42 Times in 32 Posts
    Rep Power
    25
    Just to clarify what he means

    We used to have our ghost images on a share which was on a 2003 server. We use the universal TCPIP boot disk (NetBootDisk.com - The Universal TCP/IP Network Bootdisk for M$ Networks) to boot up a machine in dos mode so we could map the drive and then reimage the machine.

    we would use the boot disk and then run the following command:

    net use t: \\servername\ghostshare

    This would then normally mount the share successfully. we would then go to the drive letter, there would be the ghost executable in there, run that and then go through the process of reimaging the machine. happy days.

    The problem now is since we have moved all the images to a windows 2008 server when we try to run the net use command in dos it doesnt work. It doesnt authenticate successfully.

    So we will run net use t: \\new2008servername\ghostshare.

    and we are returned with a message to say

    error 5: access is denied.

    This problem is likely to do with security permission on a 2008 server.

    Has anyone seen this sort of problem before. We also tryed to copy the ghost image to a windows 7 machine and share it that way and had the same problem.

    if we try to do this on a server 2003 it works fine.

    Any help on this would be appreciated.

  7. #7
    TheLibrarian
    Guest
    Can you use the server IP rather than the NetBIOS name?

    This is a guess based on what I would try, I work with any 2K8 servers yet so I can't try it here.

    Can you connect to the share successfully if you use WinPE / BartPE?

  8. #8
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,483
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Why not use the console or the ghostcast server?

    I suspect you will have to turn off quite a lot of the signing requirements for the domain controller policies to get it to work.

  9. #9

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,239
    Thank Post
    882
    Thanked 2,742 Times in 2,316 Posts
    Blog Entries
    11
    Rep Power
    784
    Quote Originally Posted by DMcCoy View Post
    Why not use the console or the ghostcast server?

    I suspect you will have to turn off quite a lot of the signing requirements for the domain controller policies to get it to work.
    Yeap 2008 server has higher security requirements which is why dos won't connect to it. Your best bet may be booting Windows PE/Window AIK and then running ghost through there which should work fine or using the above options.

  10. #10
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    732
    Thank Post
    100
    Thanked 42 Times in 32 Posts
    Rep Power
    25
    Quote Originally Posted by SYNACK View Post
    Yeap 2008 server has higher security requirements which is why dos won't connect to it. Your best bet may be booting Windows PE/Window AIK and then running ghost through there which should work fine or using the above options.
    Thanks for the replies.

    I looked at group policy and didn't know which security policies would affect this.

    Does anyone have any ideas which policies I would need to look at?

    thanks

  11. #11

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,239
    Thank Post
    882
    Thanked 2,742 Times in 2,316 Posts
    Blog Entries
    11
    Rep Power
    784
    Quote Originally Posted by ranj View Post
    Thanks for the replies.

    I looked at group policy and didn't know which security policies would affect this.

    Does anyone have any ideas which policies I would need to look at?

    thanks
    Its not a policy as it is unsuported and opens you up to all sorts of vunrabilities that are present in the older protocol. I totally do not recommend it but you can do it in the registry like so:

    Run "regedit" on Windows Server 2008 based computer.

    Expand and locate the sub tree as follows. HKLM'System'CurrentControlSet'Services'LanmanServe r'Parameters

    Add a new REG_DWORD key with the name of "Smb2" (without quotation mark) Value name: Smb2

    Value type: REG_DWORD
    0 = disabled
    1 = enabledSet the value to 0 to disable SMB 2.0, or set it to 1 to re-enable SMB 2.0.

    Reboot the server.
    Windows - SMB Signing (Little Pud)

    and this will disable signing on the version 1 protocol:
    To define SMB Signing Disabled Policy.

    Instead of making changes to the Default Domain Policy to disable SMB signing, create a new Group Policy Object with the appropriate policy settings.

    At the server, open Start, All Programs, Administrator Tools.

    Open Group Policy Management.

    Expand the forest.

    Expand Domains.

    Select the local domain. The group policy objects will display in the right-hand pane along with the Default Domain Policy.

    Right-click the domain icon (domainname.local) in the console tree and select Create and Link a GPO Here.

    Enter "SMB Signing Disabled" (without the quotations marks) for the GPO Name and click OK.

    Right-click on the new GPO in the right-hand pane and select Edit to open the Group Policy Object Editor.

    Under Computer Configuration, expand Windows Settings.

    Expand Security Settings.

    Expand Local Policies.

    Select Security Options.

    In the right-hand pane, scroll down to Microsoft network server: Digitally sign communications (always) and double-click on the policy object.

    Select the Disabled radio button and make sure the checkbox is enabled for Define this policy setting.

    Click OK.
    Windows - SMB Signing (Little Pud)

    Use at own risk.

  12. #12
    Bestbett's Avatar
    Join Date
    Apr 2007
    Location
    Hiding
    Posts
    46
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0

    RIS

    Or just use RIS/WDS provided with 2003 and 2008 to image the machines instead of paying to use ghost.

    There are some sharing changes in 2008 especially dealing with NETBIOS and UAC shares being turned off by default. You may need to enable NETBIOS to do what you are wanting. Enabling UAC shares is done through a registry change:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\system\LocalAccountTokenFilterPolicy

    0 - build filtered token (Remote UAC enabled)
    1 - build elevated token (Remote UAC disabled)

    By setting the DWORD entry to 1, you will be able to access the administrative shares since the remote logon token will not be filtered.

    This is discussed in this KB article, Error message when you try to access an administrative share on a Windows Vista-based computer from another Windows Vista-based computer that is a member of a workgroup: "Logon unsuccessful: Windows is unable to log you on". (It's for Vista but it applies.)

  13. #13

    Join Date
    Jan 2010
    Location
    Cheshire
    Posts
    8
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Bestbett View Post
    Or just use RIS/WDS provided with 2003 and 2008 to image the machines instead of paying to use ghost.
    Or use it with Ghost. PXE booting makes life much easier.

  14. #14

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,257
    Thank Post
    55
    Thanked 283 Times in 189 Posts
    Rep Power
    135
    I think its this (which we had to do on 2003 as well (though can't say I endorse it)

    On server 2008 one way to get there is the following:
    Administrative Tools
    Server Manager
    Features
    Group Policy Manager
    Forest: ...
    Default Domain Policy
    Computer configuration
    Policies
    Windows Settings
    Security Settings
    Local Policies
    Security Options
    Microsoft Network Server: Digitally Sign Communications (Always)
    - Define This Policy
    - Disabled

    Execute Gpupdate /force or reboot to apply policy

  15. #15
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    732
    Thank Post
    100
    Thanked 42 Times in 32 Posts
    Rep Power
    25
    Hi

    I have tried all the above solutions but still get the

    error 5: access is denied when using the net use command.

    The Microsoft Network Server: Digitally Sign Communications (Always) policy is disabled both on the top level domain policy as well as on the OU the server is placed in.

    We are looking at alternative solutions such as MDT2010 and Novell Zenworks to deploy images but have other priorities so to load our ghost images from a 2008 server is just a temp solution. Any help would be appreciated.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. problems imaging old machines
    By Little-Miss in forum Hardware
    Replies: 4
    Last Post: 4th September 2009, 10:50 PM
  2. [Ghost] Ghost Imaging Problems
    By Tricky_Dicky in forum O/S Deployment
    Replies: 17
    Last Post: 8th June 2009, 10:24 AM
  3. [Ghost] Ghost/Imaging options?
    By jmair in forum O/S Deployment
    Replies: 6
    Last Post: 27th April 2009, 01:49 PM
  4. DELL E6400 - Ghost imaging issues
    By wishyboy in forum O/S Deployment
    Replies: 0
    Last Post: 6th March 2009, 12:03 PM
  5. Imaging HDD using BartPE/Ghost
    By _Bat_ in forum Wireless Networks
    Replies: 10
    Last Post: 18th August 2006, 03:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •