[FR] USB Export feature, multi-key certificate

I usually try to fit what I'm looking for into larger context that'll benefit the majority... but I honestly don't know how many other ppl will really need what I'm asking for here.

My use case is for various recovery environment scenarios and the fact that I have a variety of USB flash keys with different pre-boot tools for different situations, most of them managed through Opus (toolbars, popup menus, etc) since it's easy to 'find' stuff in Opus using all the nifties (volume label references, aliases, etc). Constantly updating apps individually on these keys is a pain, so I've taken to storing them inside the WinPE images I'm using to host my recovery environments. They load from my SSD's in most cases so they're zippy and fast too... yay! But for my bootable keys, I still have to copy over a rather large WinPE image file, but once I've updated the image with any tool updates, it's easy to update multiple keys with this single new file. But to create a WinPE image with correct Opus licensing for a given key, I have to make multiple copies of my ~golden boot.wim file (~1GB), mount them separately one at a time, update the appropriate dopus.cert file for the key I'm copying the WinPE to, and then commit and copy it to the USB.

It would be very handy to be able to do something within the USB Export feature that could allow me to ADD dongle support for a USB key to an existing certificate... such that I could end up with a single dopus.cert that could be used with multiple keys. Either that, or some mechanism by which I could copy multiple separate dopus.cert files into a folder that Opus could look for on startup if there's no dopus.cert file in the normal location or something.

Again, not sure how many other ppl would have any interest in this, and hope it's not something you might be concerned could further encourage piracy in some way... etc.

Thanks for listening.

What if you put all the different certs into a subdir in the image, and have a batch file that checks if there's a cert in the root, and if there isn't copies out the one appropriate for the drive (based on the drive label I guess) before launching Opus?

If I've understood correctly, I think that's what you're asking for; to be able to copy all the certs to one image and then have it automated.

If the certs are named after the drive labels then the batch file doesn't need to be updated to know about each drive, it could all be down to the filenames.

(Could use serial numbers instead of labels if they all have the same labels.)

Yes, you've gotten what I'm after - an automated way for Opus to find the correct license for whichever dongle I happen to be using so I can centralize things better.

I'm already doing a few things in very similar fashion to what you suggested Leo... but all of that is being done within Opus, with the scripting facilities you've provided us (never tired of saying thanks for THAT), as well as doing some generic config file swap-a-roo stuff based on other factors like variables and such.

To do it BEFORE launching Opus, I'll have to see if there is enough of an environment under PE to access the WMI stuff needed in either VBScript or JScript to get at the info I need (DriveType or MediaType). The labels are unique in my scenario so that's all I think I would need.

Cork smoking WinPE... doesn't include enough environment to even run a simple VBScript or JScript.

Sigh, thought I was done trying to patch the PE side of things. Hopefully it's not too much of a hassle to add in the required bits.

For any interested, here's a VBscript that you can load on startup to match the volume label of the USB drive you used as an Opus USB Export Dongle to the name of the dopus.cert created for the USB key. Note that depending on what generates the PE image, GOOD LUCK following any googled guidance on how to get it to launch upon WinPE startup. Mine is from a backup/partition utility vendor called AOMEI, though I won't keep this very long as I ran into severely disappointing support failings with the company... but in any event, there are several documented places to load your own custom stuff during WinPE startup, like the startnet.cmd and winpeshl.ini files... none of these worked for me at all. I had to find something I KNEW for a fact was executing in order to insert a call to this script - and that wound up being the %systemdrive%\Windows\System32\drvload.cmd file.

[code]Option Explicit

Dim colDrives
Dim objFSO, objDrive
Dim strDstDir, strDstFile, strSrcDir, strSrcFile

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives

strDstDir = "x:\opus\dopus"
strSrcDir = strDstDir & "Certificates"
strDstFile = strDstDir & "dopus.cert"

For Each objDrive in colDrives
Select Case objDrive.DriveType
Case 1
strSrcFile = strSrcDir & objDrive.VolumeName & "_dopus.cert"
If (objFSO.FileExists(strSrcFile)) Then
objFSO.CopyFile strSrcFile, strDstFile
QuitScript
End If
End Select
Next

Sub QuitScript
Set colDrives = Nothing
Set objFSO = Nothing
Set objDrive = Nothing

WScript.Quit

End Sub[/code]

The script can be modified easily of course - but as written, expects the following:

[ul][li]That you've copied the exported DOpus USB folder to the root of the WinPE image (after mounting the boot.wim file with imagex or dism from the Windows AIK/ADK) at the following path: [b]x:\opus\dopus[/b][/li]
[li]That you've also copied all of the different USB dongle certificate files (dopus.cert - exported along with the program folder, and located in the main exported program folder along with d8viewer.exe) to a x:\opus\dopus\Certificates folder[/li]
[li]That you've named all of the certificate files with the volume label of the USB key prepended to each keys certificate (i.e. SANDISK_CRUZER_dopus.cert)[/li][/ul]

The script will look for all 'Removable Disk' drives (which is what the FileSystemObject->objDrive.DriveType property value of 1 is defined as, used in the Select/Case portion of the script). For each removable drive, the script gets the volume label and looks for any files in the Certificates folder mentioned above that match that name with _dopus.cert appanded to the end. If a match is found (first match), the script then copies the cert to the appropriate folder and strips off the appended volume label name to copy it into place as dopus.cert.

If anyone even cares about this stuff - ping me and I will write a guide or something on how I've set up the environment... but I will soon be ditching the whole thing for either a Win10 based PE image, or a Win10 based Windows To Go bootable VHD (credit to Leo for referring me to the WinToUSB project).