none
Security Tattooing and security overlay best practices

    Question

  • Hi,

    Im not familiar with the term Tattooing. What does the actual step in the Task sequence "Tattoo" actually do and what methods are there for security tattooing and security overlay? Is there any best practice?

    Any help would be great

     

    Thanks

    Justin


    Justin
    • Edited by justin_4321 Tuesday, January 17, 2012 11:02 PM
    Tuesday, January 17, 2012 11:01 PM

Answers

  • If you are refering to the tattoo sequence step in MDT that is a simple write a few items to registry and WMI database. You can query this items using vbscript (or any other language)

    Option Explicit
    Const strComputer = "."
    Const strNamespace = "\root\cimv2"
    Const strClassName = "Microsoft_BDD_Info"
    
    Const wbemCimTypeDatetime = 101
    'Const wbemCimTypeString = 8
    'Const wbemCimtypeBoolean = 11
    
    Dim objSWbemServices: Set objSWbemServices = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & strNamespace)
    Dim colInstances: Set colInstances = objSWbemServices.ExecQuery("SELECT * FROM " & strClassName)
    Dim iCount, objInstance, objProperty, colProperties
    Dim dateTime : Set dateTime = CreateObject("WbemScripting.SWbemDateTime")
    On Error Resume Next
    Dim o: o = colInstances.count
    On Error Goto 0
    If Not IsEmpty(o) Then
        iCount = 0
        For Each objInstance in colInstances
            iCount = iCount + 1
            Set colProperties = objInstance.Properties_
            For Each objProperty in colProperties
                If objProperty.cimType = wbemCimTypeDatetime Then
                    datetime.Value = objProperty.Value
                    If objProperty.Value <> "" Then WScript.Echo objProperty.Name & ": " & datetime.GetVarDate
                Else
                    If objProperty.Value <> "" Then WScript.Echo objProperty.Name & ": " & objProperty.Value
                End If
            Next
        
        Next
    Else
        WScript.Echo strClassName & " not found."
    End if
    

     

    • Marked as answer by justin_4321 Friday, January 20, 2012 7:52 AM
    Wednesday, January 18, 2012 10:08 AM
  • The tattoo process in MDT is a stamp to prove that the OS was deployed using MDT. It can also tell you what tasqsequnce you selected. All this settings are in registry under HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4 or in the WMI database

    If you run my script it will query the WMI database for all Microsoft_BDD_Info properties and values. Running the script against a computer will output something like

    DeploymentMethod: UNC
    DeploymentTimestamp: 2012-01-19 13:46:30
    DeploymentType: NEWCOMPUTER
    InstanceKey: @
    TaskSequenceID: WIN7X64LAP2012
    TaskSequenceName: Windows 7 x64 Laptop v2012.1
    TaskSequenceVersion: 1.0

    • Marked as answer by justin_4321 Friday, January 20, 2012 7:52 AM
    Friday, January 20, 2012 6:53 AM
  • so the task sequence "Tattoo" which triggers the ZTItattoo.wsf just engraves information about the task sequence in registry?


    Justin

    If is not just the registry. ZTITatoo.mof is copied to C:\Windows\SYSTEM32\WBEM\ and then compiled with MOFCOMP.EXE. This updates the WMI database.
    • Marked as answer by justin_4321 Friday, January 20, 2012 9:26 AM
    Friday, January 20, 2012 8:24 AM

All replies

  • If you are refering to the tattoo sequence step in MDT that is a simple write a few items to registry and WMI database. You can query this items using vbscript (or any other language)

    Option Explicit
    Const strComputer = "."
    Const strNamespace = "\root\cimv2"
    Const strClassName = "Microsoft_BDD_Info"
    
    Const wbemCimTypeDatetime = 101
    'Const wbemCimTypeString = 8
    'Const wbemCimtypeBoolean = 11
    
    Dim objSWbemServices: Set objSWbemServices = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & strNamespace)
    Dim colInstances: Set colInstances = objSWbemServices.ExecQuery("SELECT * FROM " & strClassName)
    Dim iCount, objInstance, objProperty, colProperties
    Dim dateTime : Set dateTime = CreateObject("WbemScripting.SWbemDateTime")
    On Error Resume Next
    Dim o: o = colInstances.count
    On Error Goto 0
    If Not IsEmpty(o) Then
        iCount = 0
        For Each objInstance in colInstances
            iCount = iCount + 1
            Set colProperties = objInstance.Properties_
            For Each objProperty in colProperties
                If objProperty.cimType = wbemCimTypeDatetime Then
                    datetime.Value = objProperty.Value
                    If objProperty.Value <> "" Then WScript.Echo objProperty.Name & ": " & datetime.GetVarDate
                Else
                    If objProperty.Value <> "" Then WScript.Echo objProperty.Name & ": " & objProperty.Value
                End If
            Next
        
        Next
    Else
        WScript.Echo strClassName & " not found."
    End if
    

     

    • Marked as answer by justin_4321 Friday, January 20, 2012 7:52 AM
    Wednesday, January 18, 2012 10:08 AM
  • If you are refering to the tattoo sequence step in MDT that is a simple write a few items to registry and WMI database. You can query this items using vbscript (or any other language)

    Option Explicit
    Const strComputer = "."
    Const strNamespace = "\root\cimv2"
    Const strClassName = "Microsoft_BDD_Info"
    
    Const wbemCimTypeDatetime = 101
    'Const wbemCimTypeString = 8
    'Const wbemCimtypeBoolean = 11
    
    Dim objSWbemServices: Set objSWbemServices = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & strNamespace)
    Dim colInstances: Set colInstances = objSWbemServices.ExecQuery("SELECT * FROM " & strClassName)
    Dim iCount, objInstance, objProperty, colProperties
    Dim dateTime : Set dateTime = CreateObject("WbemScripting.SWbemDateTime")
    On Error Resume Next
    Dim o: o = colInstances.count
    On Error Goto 0
    If Not IsEmpty(o) Then
        iCount = 0
        For Each objInstance in colInstances
            iCount = iCount + 1
            Set colProperties = objInstance.Properties_
            For Each objProperty in colProperties
                If objProperty.cimType = wbemCimTypeDatetime Then
                    datetime.Value = objProperty.Value
                    If objProperty.Value <> "" Then WScript.Echo objProperty.Name & ": " & datetime.GetVarDate
                Else
                    If objProperty.Value <> "" Then WScript.Echo objProperty.Name & ": " & objProperty.Value
                End If
            Next
        
        Next
    Else
        WScript.Echo strClassName & " not found."
    End if
    

     

    Hi Michael,

    Just wondering, what does the tattoo actually do though? Also what does your script do too besides adding registry items. Sorry i am quite new to the term tattoo.

     

    Thanks


    Justin
    Wednesday, January 18, 2012 10:28 PM
  • If you are refering to the tattoo sequence step in MDT that is a simple write a few items to registry and WMI database. You can query this items using vbscript (or any other language)

    Option Explicit
    Const strComputer = "."
    Const strNamespace = "\root\cimv2"
    Const strClassName = "Microsoft_BDD_Info"
    
    Const wbemCimTypeDatetime = 101
    'Const wbemCimTypeString = 8
    'Const wbemCimtypeBoolean = 11
    
    Dim objSWbemServices: Set objSWbemServices = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & strNamespace)
    Dim colInstances: Set colInstances = objSWbemServices.ExecQuery("SELECT * FROM " & strClassName)
    Dim iCount, objInstance, objProperty, colProperties
    Dim dateTime : Set dateTime = CreateObject("WbemScripting.SWbemDateTime")
    On Error Resume Next
    Dim o: o = colInstances.count
    On Error Goto 0
    If Not IsEmpty(o) Then
        iCount = 0
        For Each objInstance in colInstances
            iCount = iCount + 1
            Set colProperties = objInstance.Properties_
            For Each objProperty in colProperties
                If objProperty.cimType = wbemCimTypeDatetime Then
                    datetime.Value = objProperty.Value
                    If objProperty.Value <> "" Then WScript.Echo objProperty.Name & ": " & datetime.GetVarDate
                Else
                    If objProperty.Value <> "" Then WScript.Echo objProperty.Name & ": " & objProperty.Value
                End If
            Next
        
        Next
    Else
        WScript.Echo strClassName & " not found."
    End if
    

     

    Hi Michael,

    Just wanted to know what Tattooing refers to and whether there is a best practice for it?

    Also, i dont quite understand what your script actually does.

     

    Thanks


    Justin
    Friday, January 20, 2012 4:07 AM
  • The tattoo process in MDT is a stamp to prove that the OS was deployed using MDT. It can also tell you what tasqsequnce you selected. All this settings are in registry under HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4 or in the WMI database

    If you run my script it will query the WMI database for all Microsoft_BDD_Info properties and values. Running the script against a computer will output something like

    DeploymentMethod: UNC
    DeploymentTimestamp: 2012-01-19 13:46:30
    DeploymentType: NEWCOMPUTER
    InstanceKey: @
    TaskSequenceID: WIN7X64LAP2012
    TaskSequenceName: Windows 7 x64 Laptop v2012.1
    TaskSequenceVersion: 1.0

    • Marked as answer by justin_4321 Friday, January 20, 2012 7:52 AM
    Friday, January 20, 2012 6:53 AM
  • The tattoo process in MDT is a stamp to prove that the OS was deployed using MDT. It can also tell you what tasqsequnce you selected. All this settings are in registry under HKEY_LOCAL_MACHINE\Software\Microsoft\Deployment 4 or in the WMI database

    If you run my script it will query the WMI database for all Microsoft_BDD_Info properties and values. Running the script against a computer will output something like

    DeploymentMethod: UNC
    DeploymentTimestamp: 2012-01-19 13:46:30
    DeploymentType: NEWCOMPUTER
    InstanceKey: @
    TaskSequenceID: WIN7X64LAP2012
    TaskSequenceName: Windows 7 x64 Laptop v2012.1
    TaskSequenceVersion: 1.0

    Thanks for the answer Michael,

    so the task sequence "Tattoo" which triggers the ZTItattoo.wsf just engraves information about the task sequence in registry?


    Justin
    Friday, January 20, 2012 7:55 AM
  • so the task sequence "Tattoo" which triggers the ZTItattoo.wsf just engraves information about the task sequence in registry?


    Justin

    If is not just the registry. ZTITatoo.mof is copied to C:\Windows\SYSTEM32\WBEM\ and then compiled with MOFCOMP.EXE. This updates the WMI database.
    • Marked as answer by justin_4321 Friday, January 20, 2012 9:26 AM
    Friday, January 20, 2012 8:24 AM