DTM Lab Security

Note  This content applies to the Windows Logo Kit (WLK). For the latest information using the new Windows Hardware Certification Kit (HCK), see Windows HCK User's Guide on the Windows Hardware Dev Center.

Before you deploy DTM, you should consider security requirements. There are two areas of logo testing that significantly affect security:

• Enabling auto-logon functionality

  Do not change or create an autologon account, as this may cause DTM to stop functioning properly. The DTM handles this process automatically.

• Running tests in an administrator role

Additional security precautions

In addition, be aware of the following security precautions and considerations:

• Isolate DTM computers on the network

  To prepare to deploy DTM in your lab, you should isolate the computers that you intend to install it on. For example, do not allow those computers access to the Internet or your primary network. If any of your test systems can connect to a corporate network or the Internet, those connections should be disabled during testing. Alternately, put lab computers on their own private subnet. For more information about configuring a private subnet, search the Windows XP Professional Resource Kit for information about Configuring APIPA.

• Use dedicated computers and reformat them before use

  Systems that are used for testing should not store sensitive data or be used (or have been used in the past) for company-provided services (such as a Web server, Dynamic Host Command Protocol [DHCP] server, or a backup domain controller [BDC]). If new systems are not available, then reformat and wipe clean all dedicated DTM computers before installing DTM and running the logo test to ensure that no sensitive information is inadvertently captured in the DTM logs. For example, in the event of a kernel crash, the job log could record a full memory dump that might contain potentially sensitive information. For more information about cleaning your lab computers, see Fdisk and Format a Hard Disk. After you have cleaned the computer you must install the operating system you want the computer to run.

• Use hardware and/or software firewalls

  When you install the DTM controller and DTM client, the installers will open TCP port 1778. Ensure that no other software running on a controller or client uses port 1778. The controller and client installers will prompt you to open this port in the Window's software firewall. However, if your lab includes non-Microsoft software firewalls or hardware firewalls, you must manually make sure that port 1778 is open. Otherwise, DTM controllers will be unable to communicate with their clients and schedule them to run tests. If you use a hardware firewall, refer to the documentation that came with it to open TCP port 1778.

• Set user permissions

  When you install the DTM controller, its installer will create a network share and set the permissions for the share to allow access for DTM clients. One folder inside the network share is for the DTM client installer, and another folder is for the DTM Studio installer. Another network share is created for clients to communicate job results back to the controller. You can increase security by allowing only testers and DTM clients to connect to these shares across the network, which is another reason why you should isolate the computers of your lab on a private subnet.

• Physically secure your lab

  You should enable auto-logon on DTM clients. Therefore, wherever possible, test systems should be located in a locked room and should be physically available to testing and support personnel only. Enabling auto-logon is described in a bit more detail in the section that follows.

For more information about security and enabling automatic logon, see the following references:

• Microsoft Security

• Microsoft TechNet

• Automating Logon in Windows XP

• Automating Logon in Windows 2003

 

 

Build date: 9/14/2012