Ghost 6.0: Disk Updates From Afar

It is hard enough to configure a single computer with an operating system and a half-dozen applications. It is even more complicated to handle the same chore when dozens or hundreds of systems are involved.

Symantec Corp.'s Norton Ghost 6.0 Enterprise saves information technology managers time and money by enabling them to copy the disk image from a single PC's hard drive and load it to multiple machines across a network. It also enables administrators to manage the system from a central console with remote control and logging tools.

Although Ghost shines as one of the first centralized disk cloning tools, it falls short in some product niceties. It doesn't support Redundant Array of Independent Disks, so agencies and departments that employ RAID devices will have to look elsewhere for a cloning solution.

The Ghost Console provides a single screen for managing the PCs on you network. To get it working you need to set up a DOS partition on your PCs to run Ghost's DOS or Microsoft Corp. Windows client software, which connects to the console and enables the remote management capabilities. Once registered with the console, clients can be told to remotely update files or send new images for backup purposes. In addition, you can dynamically resize disk partitions as needed. You might, for example, want to create a larger NTFile System (NTFS) partition to take advantage of that file system's security features.

The Ghost Explorer utility — which is not accessible within the Ghost Console — runs on client systems and generates the client images. It supports systems ranging from DOS to Windows 95, 98 and NT Workstation 4.0. Unfortunately, to create other operating system images (such as Windows NT Server 4.0 or Linux EXT2) you will need to boot the system you intend to image using a DOS diskette. That is because Ghost needs to create a separate partition on the client system in order to create a disk image of the primary partition. This was one of the few major disappointments we had with Ghost 6.0.

Using Ghost Explorer's menu-driven DOS program, you can create a disk image, then choose from three options of where you want to store the image. You can store it on the same machine's hard drive, you can connect via the parallel port to another computer and store it there, or you can connect via the network and store it on a central server.

Ghost supports disks up to 2 terabytes. Fortunately, compression of the disk images can be significant. With our tests, a 503M NTFS partition was reduced to a 128M Ghost image. This enables you to store many images on a single server. Ghost also allows for batch image updates so pushing out an image to 300 clients can be quick and easy.

Ghost is not just a simple image distribution system, it also is an effective repair tool. With Ghost Explorer, you can specify individual files to upload or simply keep the entire image intact for disaster recovery of a partition. So when a user crashes their Windows 95 partition because they downloaded and installed a bad version of Quake, you can remotely reinstall the original partition for that system. You will want to store their user data on another partition so the data is not overwritten during the image update.

Ghost Walker, another utility in the software suite, enables you to set the target drive's security identifier (SID). This value must be unique for each system when it is part of a Windows NT domain. Unfortunately, like Ghost Explorer, Ghost Walker is another separate command-line utility. And unlike other similar utilities, such as the freeware NewSID from, Ghost Walker requires booting the target PC to DOS before it can be used.

Ghost does allow batch updating of SIDs from a remote workstation but, again, the Ghost client software must be installed and the PC must be booted into the DOS partition.

Ghost Walker offers the ability to assign computer names in order to ensure that there are no duplicate names on the network. Unfortunately, when creating a batch file for this task, you can only specify generic names such as HR01 or HR02, and increment them up — you cannot specify more meaningful individual names.

The Gdisk utility in the package lets administrators quickly and effectively wipe disks — a must for all security-minded administrators.

Finally, as noted above, Ghost 6.0 does not support hardware RAID, although support is planned for the future. This means if your Windows NT Server depends on hardware RAID to access the NTFS partitions, you won't be able to create a Ghost image of it.

Overall, Norton Ghost 6.0 Enterprise is a great start to a product that can shave hours off an administrator's day, although IT staff members at agencies and departments with large networks will find that some chores still need to be accomplished manually.

— Stuart McClure is a security consultant for Rampart Security Group LLC.

Norton Ghost 6.0 Enterprise

Symantec Corp.

(800) 441-7234

Price and Availability: Available on the GSA Schedule at $12.30 per node for 100 nodes. Cost varies depending on volume.

Remarks : Norton Ghost 6.0 Enterprise shows promise as a centralized disk imaging and backup product. A far cry from its original PC roots, the enterprise product enables administrators to send and maintain disk images for client PCs over a network. However, the program's component utilities are not fully integrated, and it does not support RAID devices.


Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.