Normally we do testing on some private repositories but I would like to get a couple average testers over here to see if they can find issues with my WIM-Modify PowerShell Windows Form project. It's almost heading to the alpha stage, as I've had about 20-25 people running the beta for a few months now. This is not a script. This is a full Windows Form project created entirely in Sapien PowerShell Studio 2018. This is not a project for those who are clueless, impatient or are not informed on certain process parameters before applying them. This project uses all of the imaging APIs provided by Microsoft, as well as my own DLL library that contains function methods written in C#. Every function and process it performs is completely independent, and requires absolutely no 3rd party software. What it does: -Full ISO re-imaging -Full WIM/ESD/UUP/etc. compression to and from other image-types. -Complete conversions of an OS (similar to my Pro for Workstations conversion executable on GitHub). -Image capturing -Image expanding (applying) -Proper answer file creation that utilizes an actual XML writer and not just a string with variables that can be edited. -BIOS access/backup/editing from within Windows (determines specific vendors' dedicated namespace and accesses it). -Full optimization functions of an offline image - this includes PROPER component package removal, where the permanency values are changed before the package is removed, and the DISM.API is used to allocate all package structures and then removed properly. None of this junk with making them visible in the registry, force removing them, and then haphazardly removing registry keys, etc. -Full WinPE creation/building -Multiple add-on implementations, with custom packages extracted and modified from more advanced builds. As an example, one can apply a full ADMX Group Policy package with all optimized and secure policy templates that ensures the Group Policy settings reflect the changes from within the registry itself. -Full control over more advanced Windows features with multiple wrappers to utilize them easily. For example, retrieving Secedit.inf security policy files and returning an editor for them, affording complete control over one's security policy and User Rights and security policies across a network. -Interop namespace control for complete control over even hardware peripherals on a device that are generally only accessible to vendors, OEMs and the like. -Device LSA namespace session authenticating, for control over the device firmware from within Windows and without having to actually boot into the firmware. -Conversions to MBR, UEFI, ReFS, etc. -Abilities to split and merge full RAID arrays, whether physical or virtual. -Full BitLocker control beyond what Microsoft offers. -Numerous crypto-creators utilizing multiple cryptographic CSP/APIs available that the device will use for hardware security device provisioning (i.e. PKI key creation, TPM password generation, etc.) and additional password generators using Security.Cryptography.CryptoStream, Security.Cryptography.PasswordDeriveBytes and Intersecting Vector Cryptology Hash and Salting. -Full .CVS exporting (with proper formatting) of various security attributes. -Many network (private/public/small) features for resolving users across networks to verify account validity, -Full network or independent deployment options, again, utilizing multiple server-grade features implemented into client SKUs (MDT, SCCM, etc.) Examples include the ability to sent boot-codes across PCs or a network, or to your own device from a WinPE build, to immediately remedy boot issues (also allows for full UEFI Windows 7 installations WITHOUT CSM). -Complete custom cmdlets for accessing and editing the registry using the .NET Framework class to access a specific namespace that the registry interacts with, which allows for complete registry control. ...and a ton more. Its help output is completely external, written in XML MAML (tiny snippit): Spoiler Code: <?xml version="1.0" encoding="utf-8" ?> <helpItems xmlns="http://msh" schema="maml"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Grant-UserRight</command:name> <maml:description> <maml:para>Grants User Rights or Privileges on an account.</maml:para> </maml:description> <maml:copyright> <maml:para></maml:para> </maml:copyright> <command:verb>Grant</command:verb> <command:noun>UserRight</command:noun> <dev:version/> </command:details> <maml:description> <maml:para>Grants User Rights or Privileges on a user account using the resolved security descriptor identification (SID). User Rights determine the type of logon a user can perform, and Privileges determine the type of system operations a user can perform.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Grant-UserRight</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="0"> <maml:name>Account</maml:name> <maml:description> <maml:para>The account name to grant User Right Privileges on.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="1"> <maml:name>Privilege</maml:name> <maml:description> <maml:para>The User Right Privileges to be granted. These are case sensitive.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string[]</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="0"> <maml:name>Account</maml:name> <maml:description> <maml:para>The account name to grant User Right Privileges on.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> <dev:type> <maml:name>string</maml:name> <maml:uri/> </dev:type> <dev:defaultValue></dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="0"> <maml:name>Username</maml:name> <maml:description> <maml:para></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string</command:parameterValue> <dev:type> <maml:name>string</maml:name> <maml:uri/> </dev:type> <dev:defaultValue></dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="1"> <maml:name>Privilege</maml:name> <maml:description> <maml:para>The names of the User Rights or Privileges to be granted. These are case sensitive.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string[]</command:parameterValue> <dev:type> <maml:name>string[]</maml:name> <maml:uri/> </dev:type> <dev:defaultValue></dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName, ByValue)" position="1"> <maml:name>Right</maml:name> <maml:description> <maml:para></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">string[]</command:parameterValue> <dev:type> <maml:name>string[]</maml:name> <maml:uri/> </dev:type> <dev:defaultValue></dev:defaultValue> </command:parameter> </command:parameters> <maml:alertSet> <maml:title></maml:title> <maml:alert> <maml:para>Use best practices when enabling User Rights or Privileges by ensuring they get revoked once they are no longer required.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <maml:introduction> <maml:para></maml:para> </maml:introduction> <dev:code>PS C:\> Grant-UserRight -Account Spiderman -Privilege SeAssignPrimaryTokenPrivilege</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <maml:introduction> <maml:para></maml:para> </maml:introduction> <dev:code>PS C:\> Grant-UserRight -Account Batman -Privilege SeBackupPrivilege, SeTakeOwnershipPrivilege</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText></maml:linkText> <maml:uri>http://msdn.microsoft.com/en-us/library/windows/desktop/bb530716.aspx</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText></maml:linkText> <maml:uri>http://msdn.microsoft.com/en-us/library/windows/desktop/bb545671.aspx</maml:uri> </maml:navigationLink> </maml:relatedLinks> </command:command> Again, I'm only looking for a few people who will not be utilizing this carefree on a live system without knowing how the more advanced functions work. It's obviously best on a live system, but though it does have internal error monitoring, logging, etc. it does not have training wheels and expects the end-users to read a bit about something if they're unsure of what something does before using it. If you do not recognize the purpose of the process, but it sounds neat, the help file needs to be glanced at first. Not everything incorporated into it is advanced, as there's a plethora of imaging, networking, security, etc. processes most people are accustomed to, albeit undoubtedly not being applied in the same fashion many are use to (i.e. a batch script with a BIN folder with 30+ programs to help out). On the flip-side, the more advanced processes - particularly those that rely on security namespace access - can not only ruin software but also render hardware unusable because of its access elevation on different OEM namespaces designed to control their proprietary device hardware through the OS itself. If you have any interest, inbox me.
@ GodHand yep seen fantastic software so I can start PM now with you thanks a lot for your contribution here bro
Sorry for the delay in replying back to this thread specifically but the handful of people requested pretty quickly after I initially posted. In any case, the final project should be in its final stage on GitHub within a week.
Been very busy with work the past week, hence the delay. I have been making changes and tweaking the actual GUI of the project, as the code itself is entirely complete. I tend to have a bit of OCD when it comes to how visual projects such as this look, and ensuring all actual form functions interact properly with all of the actual code processes can be tedious but will mitigate any unforeseen issues that could be encountered by an end-user. Particularly with how this project particularly can affect a system down to a hardware level, I want to make sure that though the processes themselves run silently, the end-user is well aware of any GUI-related interactions. And because of the different variations that must be taken into account - regarding individual systems - I want to make sure things cannot be enabled/disabled; activated/deactivated through the GUI itself that is ambiguous. Believe me, I will keep people posted.
Any news about the project? I'd like to test but I did not send PM because I was out of time to commit to anything.
As I'm confident this will be fully compatible with the official PS 6.0 (we've been debugging/testing on the beta version), the project is now out of its alpha stage and has a full release build. There are quite a few additions/changes to the initial list above, but for imaging, it uses primarily managed Wimgapi.dll wrapper with an inclusion of a managed Dismapi wrapper, and a handful of other Win32 APIs in order for support in a PE environment or a build with no required Windows packages/dependencies installed. Uses a stream compiler wrapper for ISO creation for both data and bootable images of any type. Accesses security/OEM/device/hardware namespaces and classes allowing for ownership control of a device, thus allowing for many features usually isolated for BIOS/boot disks (i.e. UEFI/BIOS backup/flashing/editing, etc). In order for access to secure namespaces to be granted, full Windows Identities are resolved and matched to the issuing NTAccount and once matched, the Identity's security policies are set appropriately (all of this is done by a managed advapi32.dll wrapper, which controls advanced security and registry calls). There is no reliance on user input for critical information required to initialize advanced features and functions. All of this data is retrieved automatically using the aforementioned security/registry calls, which are impervious to such things as account impersonation, SID spoofing, etc. It CAN and WILL brick a device if used without knowing what some of its more advanced features do. You cannot just discard or revert these changes with Windows Restore, a backup, or an image dismount (I'm talking about live OS hardware management like described above). Keep in mind, these functions are very limited, as this project was never intended for such purposes, but a handful were enabled for managing devices over a network as a network administrator, server management and to make certain things just easier on an end-user to do who wishes to say flash their UEFI BIOS and edit its settings, edit Secure Boot certificates or send bootcodes to other devices right from Windows or a preinstallation environment. Moreover, it's primary and focused functionality is imaging creation, management, editing, etc. I will start distributing public links to it once its How-To PDF if complete.
I know I'm coming late to this party, but I'm happy to assist you if you are looking for people who are familiar with your other WinOS GetHub projects to do a final shake-down of any near-ready GUI or script.
First I want thank you and your team. for your contribution. Makes me interesting how far is project and can I how can test this out. I have c# skill on average level, I still improving myself.
This has been well within the alpha stages for a few months now. The only delay is ensuring all features work with the latest 18362 build. When I feel it's fully ready for a public release, it will be uploaded to GitHub and I will announce it here.
It's been complete for a bit now - I've just had other things that needed to be worked on. I had been holding off on it for a bit because for some reason Microsoft's WimgApi had an undocumented flag for handle creation that is required for the usage of LZMS (solid) compressed images with their library. As of a few days ago, I added that flag to the C# wrapper I wrote for WimgApi and am ensuring all solid compression functions work properly. Moreover, I wanted to make a friendlier way of editing the metadata of the image file (i.e. flags, edition, display name, etc.) than I had before so I created an XPathNavigator function that will allow for the string input on single nodes rather than editing an entire X Document: Code: var imageInformation = WimgApi.GetImageInformation(wimHandle).CreateNavigator(); if (imageInformation == null) throw new NullReferenceException("Unable to get Image Information"); var imageCount = WimgApi.GetImageCount(wimHandle); if (imageCount > 1 && !string.IsNullOrWhiteSpace(Edition)) { loadImageIndex = 1; } var xpath = string.Format("//WIM/IMAGE[@INDEX={0}]/NAME", loadImageIndex); var imageNameNode = imageInformation.SelectSingleNode(xpath); The DismApi wrapper is finished, as I just recently added a feature allowing for the end-user to load their own Dism library from any ADK they want to use ( the wrapper itself returns the latest Dism library enumeration by default). However, the option to manually select the library allows for downleveling to support versions of Windows that may not be supported with the latest library: Code: public static bool LoadDismLibrary(Generation dismGeneration) { if (_hDismApi != IntPtr.Zero) { return false; } string dismApiPath = string.Empty; switch (dismGeneration) { case Generation.Win10: dismApiPath = ADK10DismApiPath; break; case Generation.Win8_1: dismApiPath = ADK81DismApiPath; break; case Generation.Win8: dismApiPath = ADK80DismApiPath; break; case Generation.Win7: dismApiPath = ADKDismApiPath; break; default: return false; } return (_hDismApi = NativeMethods.LoadLibrary(dismApiPath)) != IntPtr.Zero; } And some other things...