Re: Checking when the OS was first installed

From: Greg Stiavetti (stiavetti_at_rentoneonline.com)
Date: 05/24/05

  • Next message: Jason Albuquerque: "Wireless" 
    To: <ricci@cs.ust.hk>, <security-basics@securityfocus.com>
Date: Tue, 24 May 2005 09:38:18 -0700

    You can check the date of the OS installation by examining the properties of
    the "C:\documents and settings" (amongst many other places) for "created"
    date and time.

    If the OS was cloned it can be impossible to tell unless you have the
    orginal for comparison. If you do the SIDS will be non-unique.

    Besides Ghost, check out Altiris, they make excellent deployment tools.

    My favorite method of cloning is to use hardware RAID 1 and let the
    controller mirror the installation. Even works with RAID 5 volumes.

    For information on RestorePoint, you should RTFM the helpscreens. Beyond
    that, know that it CANNOT be relied upon to work correctly, in a pinch it
    will fail.

    ----- Original Message -----
    From: "ricci" <ricci@cs.ust.hk>
    To: <security-basics@securityfocus.com>
    Sent: Monday, May 23, 2005 5:07 PM
    Subject: Checking when the OS was first installed

    > Hello All,
    >
    > I was given a Windows XP Pro bootup hard disk for verification of its
    > first
    > installation date. What information I can verify when the hard disk was
    > first installed?
    >
    > Secondly, if the OS was cloned and reproduced from another source, how can
    > I
    > verify that? Other than Norton Ghost, what other tools could be used for
    > duplicating the hard disk? Besides, if I got a hard disk how can I verify
    > what software (for cloning) it has been used?
    >
    > In a Windows XP platform, what is the use of Windows XP RestorePoint? What
    > information I can collect from the RestorePoint? Is that related to backup
    > information?
    >
    > Thanks.
    >
    > Ricci
    >

  • Next message: Jason Albuquerque: "Wireless"

    Relevant Pages

    • Re: Windows will not load with new motherboard
      ... a Repair Installation is normally required ... > After plugging in my old hard drive with a working copy of windows XP ... > installed a fresh copy of XP on my second hard disk and then copied NTLDR ... > NTdetect from the windows disk to the first hard disk. ...
      (microsoft.public.windowsxp.configuration_manage)
    • Re: How can I copy a bootable Win2K partition to another HD?
      ... > I'm having problems trying to copy a bootable Windows 2000 ... > partition from an 80GB hard disk to a 160GB hard disk. ... > Windows installation just fine, ...
      (microsoft.public.win2000.general)
    • Re: How Do I Reboot My XP Laptop And Wipe My HD Clean?
      ... home OEM, pro, pro OEM or branded OEM. ... serial from his installation. ... recovery partition on the hard disk. ... I would like to know if i can uninstall windows XP from my laptop without ...
      (microsoft.public.windowsxp.hardware)
    • Re: A lot of Windows Errors!!
      ... to verify that this is a valid Windows Installer package." ... Click the TEMP folder and then verify that the SYSTEM account has full ... Do you think that your installation media may be defective. ...
      (microsoft.public.windowsxp.general)
    • Re: A lot of Windows Errors!!
      ... to verify that this is a valid Windows Installer package." ... Click the TEMP folder and then verify that the SYSTEM account has full ... Do you think that your installation media may be defective. ...
      (microsoft.public.windowsxp.general)