A few testers

Discussion in 'Scripting' started by GodHand, May 18, 2018.

  1. GodHand

    GodHand MDL Senior Member

    Jul 15, 2016
    400
    444
    10
    Normally we do testing on some private repositories but I would like to get a couple average testers over here to see if they can find issues with my WIM-Modify PowerShell Windows Form project.

    It's almost heading to the alpha stage, as I've had about 20-25 people running the beta for a few months now.

    This is not a script. This is a full Windows Form project created entirely in Sapien PowerShell Studio 2018. This is not a project for those who are clueless, impatient or are not informed on certain process parameters before applying them. This project uses all of the imaging APIs provided by Microsoft, as well as my own DLL library that contains function methods written in C#. Every function and process it performs is completely independent, and requires absolutely no 3rd party software.

    What it does:

    -Full ISO re-imaging
    -Full WIM/ESD/UUP/etc. compression to and from other image-types.
    -Complete conversions of an OS (similar to my Pro for Workstations conversion executable on GitHub).
    -Image capturing
    -Image expanding (applying)
    -Proper answer file creation that utilizes an actual XML writer and not just a string with variables that can be edited.
    -BIOS access/backup/editing from within Windows (determines specific vendors' dedicated namespace and accesses it).
    -Full optimization functions of an offline image - this includes PROPER component package removal, where the permanency values are changed before the package is removed, and the DISM.API is used to allocate all package structures and then removed properly. None of this junk with making them visible in the registry, force removing them, and then haphazardly removing registry keys, etc.
    -Full WinPE creation/building
    -Multiple add-on implementations, with custom packages extracted and modified from more advanced builds. As an example, one can apply a full ADMX Group Policy package with all optimized and secure policy templates that ensures the Group Policy settings reflect the changes from within the registry itself.
    -Full control over more advanced Windows features with multiple wrappers to utilize them easily. For example, retrieving Secedit.inf security policy files and returning an editor for them, affording complete control over one's security policy and User Rights and security policies across a network.
    -Interop namespace control for complete control over even hardware peripherals on a device that are generally only accessible to vendors, OEMs and the like.
    -Device LSA namespace session authenticating, for control over the device firmware from within Windows and without having to actually boot into the firmware.
    -Conversions to MBR, UEFI, ReFS, etc.
    -Abilities to split and merge full RAID arrays, whether physical or virtual.
    -Full BitLocker control beyond what Microsoft offers.
    -Numerous crypto-creators utilizing multiple cryptographic CSP/APIs available that the device will use for hardware security device provisioning (i.e. PKI key creation, TPM password generation, etc.) and additional password generators using Security.Cryptography.CryptoStream, Security.Cryptography.PasswordDeriveBytes and Intersecting Vector Cryptology Hash and Salting.
    -Full .CVS exporting (with proper formatting) of various security attributes.
    -Many network (private/public/small) features for resolving users across networks to verify account validity,
    -Full network or independent deployment options, again, utilizing multiple server-grade features implemented into client SKUs (MDT, SCCM, etc.) Examples include the ability to sent boot-codes across PCs or a network, or to your own device from a WinPE build, to immediately remedy boot issues (also allows for full UEFI Windows 7 installations WITHOUT CSM).
    -Complete custom cmdlets for accessing and editing the registry using the .NET Framework class to access a specific namespace that the registry interacts with, which allows for complete registry control.
    ...and a ton more.

    Its help output is completely external, written in XML MAML (tiny snippit):
    Code:
    <?xml version="1.0" encoding="utf-8" ?>
    <helpItems xmlns="http://msh" schema="maml">
       <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
          <command:details>
              <command:name>Grant-UserRight</command:name>
              <maml:description>
                  <maml:para>Grants User Rights or Privileges on an account.</maml:para>
    
              </maml:description>
              <maml:copyright>
                  <maml:para></maml:para>
              </maml:copyright>
              <command:verb>Grant</command:verb>
              <command:noun>UserRight</command:noun>
              <dev:version/>
          </command:details>
          <maml:description>
                  <maml:para>Grants User Rights or Privileges on a user account using the resolved security descriptor identification (SID).
                   User Rights determine the type of logon a user can perform, and Privileges determine the type of system operations a user can perform.</maml:para>
       
          </maml:description>
          <command:syntax>
              <command:syntaxItem>
                  <maml:name>Grant-UserRight</maml:name>
                  <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="0">
                      <maml:name>Account</maml:name>
                      <maml:description>
                          <maml:para>The account name to grant User Right Privileges on.</maml:para>
                      </maml:description>
                      <command:parameterValue required="true" variableLength="false">string</command:parameterValue>
                  </command:parameter>
                  <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="1">
                      <maml:name>Privilege</maml:name>
                      <maml:description>
                          <maml:para>The User Right Privileges to be granted. These are case sensitive.</maml:para>
                      </maml:description>
                      <command:parameterValue required="true" variableLength="false">string[]</command:parameterValue>
                  </command:parameter>
              </command:syntaxItem>
          </command:syntax>
          <command:parameters>
              <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="0">
                  <maml:name>Account</maml:name>
                  <maml:description>
                      <maml:para>The account name to grant User Right Privileges on.</maml:para>
                  </maml:description>
                      <command:parameterValue required="true" variableLength="false">string</command:parameterValue>
                  <dev:type>
                      <maml:name>string</maml:name>
                      <maml:uri/>
                  </dev:type>
                  <dev:defaultValue></dev:defaultValue>
              </command:parameter>
              <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="0">
                  <maml:name>Username</maml:name>
                  <maml:description>
                      <maml:para></maml:para>
                  </maml:description>
                      <command:parameterValue required="true" variableLength="false">string</command:parameterValue>
                  <dev:type>
                      <maml:name>string</maml:name>
                      <maml:uri/>
                  </dev:type>
                  <dev:defaultValue></dev:defaultValue>
              </command:parameter>
              <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="1">
                  <maml:name>Privilege</maml:name>
                  <maml:description>
                      <maml:para>The names of the User Rights or Privileges to be granted. These are case sensitive.</maml:para>
                  </maml:description>
                      <command:parameterValue required="true" variableLength="false">string[]</command:parameterValue>
                  <dev:type>
                      <maml:name>string[]</maml:name>
                      <maml:uri/>
                  </dev:type>
                  <dev:defaultValue></dev:defaultValue>
              </command:parameter>
              <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="1">
                  <maml:name>Right</maml:name>
                  <maml:description>
                      <maml:para></maml:para>
                  </maml:description>
                      <command:parameterValue required="true" variableLength="false">string[]</command:parameterValue>
                  <dev:type>
                      <maml:name>string[]</maml:name>
                      <maml:uri/>
                  </dev:type>
                  <dev:defaultValue></dev:defaultValue>
              </command:parameter>
          </command:parameters>
          <maml:alertSet>
              <maml:title></maml:title>
              <maml:alert>
                  <maml:para>Use best practices when enabling User Rights or Privileges by ensuring they get revoked once they are no longer required.</maml:para>
              </maml:alert>
          </maml:alertSet>
          <command:examples>
              <command:example>
                  <maml:title>--------------------------  EXAMPLE 1  --------------------------</maml:title>
                  <maml:introduction>
                      <maml:para></maml:para>
                  </maml:introduction>
                  <dev:code>PS C:\&gt; Grant-UserRight -Account Spiderman -Privilege SeAssignPrimaryTokenPrivilege</dev:code>
                  <dev:remarks>
                      <maml:para></maml:para>
    
                  </dev:remarks>
              </command:example>
              <command:example>
                  <maml:title>--------------------------  EXAMPLE 2  --------------------------</maml:title>
                  <maml:introduction>
                      <maml:para></maml:para>
                  </maml:introduction>
                  <dev:code>PS C:\&gt; Grant-UserRight -Account Batman -Privilege SeBackupPrivilege, SeTakeOwnershipPrivilege</dev:code>
                  <dev:remarks>
                      <maml:para></maml:para>
    
                  </dev:remarks>
              </command:example>
          </command:examples>
          <maml:relatedLinks>
              <maml:navigationLink>
                  <maml:linkText></maml:linkText>
                  <maml:uri>http://msdn.microsoft.com/en-us/library/windows/desktop/bb530716.aspx</maml:uri>
              </maml:navigationLink>
              <maml:navigationLink>
                  <maml:linkText></maml:linkText>
                  <maml:uri>http://msdn.microsoft.com/en-us/library/windows/desktop/bb545671.aspx</maml:uri>
              </maml:navigationLink>
          </maml:relatedLinks>
       </command:command>
    

    Again, I'm only looking for a few people who will not be utilizing this carefree on a live system without knowing how the more advanced functions work. It's obviously best on a live system, but though it does have internal error monitoring, logging, etc. it does not have training wheels and expects the end-users to read a bit about something if they're unsure of what something does before using it. If you do not recognize the purpose of the process, but it sounds neat, the help file needs to be glanced at first.

    Not everything incorporated into it is advanced, as there's a plethora of imaging, networking, security, etc. processes most people are accustomed to, albeit undoubtedly not being applied in the same fashion many are use to (i.e. a batch script with a BIN folder with 30+ programs to help out). On the flip-side, the more advanced processes - particularly those that rely on security namespace access - can not only ruin software but also render hardware unusable because of its access elevation on different OEM namespaces designed to control their proprietary device hardware through the OS itself.

    If you have any interest, inbox me.
     
  2. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    4,125
    4,601
    150
    @ GodHand yep seen fantastic software so I can start PM now with you thanks a lot for your contribution here bro :good3:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. liliactr

    liliactr MDL Member

    Sep 3, 2009
    158
    67
    10
    Me too if you mind
     
  4. GodHand

    GodHand MDL Senior Member

    Jul 15, 2016
    400
    444
    10
    Sorry for the delay in replying back to this thread specifically but the handful of people requested pretty quickly after I initially posted. In any case, the final project should be in its final stage on GitHub within a week.
     
  5. blackdeathzc

    blackdeathzc MDL Novice

    Jul 21, 2009
    7
    1
    0
    sounds interresting
     
  6. drew84

    drew84 MDL Senior Member

    Mar 13, 2014
    433
    778
    10
    @GodHand.. any update on the project
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. GodHand

    GodHand MDL Senior Member

    Jul 15, 2016
    400
    444
    10
    Been very busy with work the past week, hence the delay.

    I have been making changes and tweaking the actual GUI of the project, as the code itself is entirely complete. I tend to have a bit of OCD when it comes to how visual projects such as this look, and ensuring all actual form functions interact properly with all of the actual code processes can be tedious but will mitigate any unforeseen issues that could be encountered by an end-user. Particularly with how this project particularly can affect a system down to a hardware level, I want to make sure that though the processes themselves run silently, the end-user is well aware of any GUI-related interactions. And because of the different variations that must be taken into account - regarding individual systems - I want to make sure things cannot be enabled/disabled; activated/deactivated through the GUI itself that is ambiguous.

    Believe me, I will keep people posted.
     
  8. drew84

    drew84 MDL Senior Member

    Mar 13, 2014
    433
    778
    10
    @GodHand, apologies for recent PM... somehow missed the above post, thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. AeonX

    AeonX MDL Senior Member

    May 24, 2013
    370
    235
    10
    Any news about the project? I'd like to test but I did not send PM because I was out of time to commit to anything.
     
  10. skooper1895

    skooper1895 MDL Novice

    Feb 21, 2012
    4
    0
    0
    I am following as well.

    Best wishes
     
  11. tomcat415

    tomcat415 MDL Novice

    Apr 16, 2011
    8
    2
    0
    :worthy:i fall in the category of clueless but my respects for you learning programming skills
     
  12. GodHand

    GodHand MDL Senior Member

    Jul 15, 2016
    400
    444
    10
    As I'm confident this will be fully compatible with the official PS 6.0 (we've been debugging/testing on the beta version), the project is now out of its alpha stage and has a full release build.

    There are quite a few additions/changes to the initial list above, but for imaging, it uses primarily managed Wimgapi.dll wrapper with an inclusion of a managed Dismapi wrapper, and a handful of other Win32 APIs in order for support in a PE environment or a build with no required Windows packages/dependencies installed.

    Uses a stream compiler wrapper for ISO creation for both data and bootable images of any type.

    Accesses security/OEM/device/hardware namespaces and classes allowing for ownership control of a device, thus allowing for many features usually isolated for BIOS/boot disks (i.e. UEFI/BIOS backup/flashing/editing, etc). In order for access to secure namespaces to be granted, full Windows Identities are resolved and matched to the issuing NTAccount and once matched, the Identity's security policies are set appropriately (all of this is done by a managed advapi32.dll wrapper, which controls advanced security and registry calls).

    There is no reliance on user input for critical information required to initialize advanced features and functions. All of this data is retrieved automatically using the aforementioned security/registry calls, which are impervious to such things as account impersonation, SID spoofing, etc.

    It CAN and WILL brick a device if used without knowing what some of its more advanced features do. You cannot just discard or revert these changes with Windows Restore, a backup, or an image dismount (I'm talking about live OS hardware management like described above). Keep in mind, these functions are very limited, as this project was never intended for such purposes, but a handful were enabled for managing devices over a network as a network administrator, server management and to make certain things just easier on an end-user to do who wishes to say flash their UEFI BIOS and edit its settings, edit Secure Boot certificates or send bootcodes to other devices right from Windows or a preinstallation environment. Moreover, it's primary and focused functionality is imaging creation, management, editing, etc.

    I will start distributing public links to it once its How-To PDF if complete.