Martin Zugec

Hmmm, well... I was fan of Linux, however I changed my mind over time. My brother is developer in one major linux company, so I am "in picture". The problem is Linux is still heading their own way and it is not good way They cant go on normal users desktops - can you imagine BFU installing and using linux without problems? Without their games? Dont think so... For corporate environment, it is slowly becoming disaster Since SAP announced strong cooperation with MS platform, linux lost this important role. In bigger/better company you cant live and work effeciently without ERP/CRM etc systems. And linux is getting out from this market. So where is linux heading? Microsoft is quickly trying to fix their "holes" (I mean segments, where Linux was enemy). SBS is replacing linux servers in SME segment. Monad is not just oponent to bash, it is something far better than today shells. The fact is I really love the way Microsoft took these days.

Well, the answer is cmdlines again However you could AFAIK use regedit etc... You must either copy regedit to directory with cmdlines, or provide full path. Using unattend.txt is the same, only different name (I am using unattend.txt)

Most simple method is using Components section... However there is way to modify it after installation - just clear StubPath for your selected component EDIT: StubPath is responsible for creating dynamic shortcuts (so you want be able to see them in default profile). For example to remove Outlook Express for all new accounts, just add this to RunOnceEx: REG ADD %strRegistryKey%\050 /VE /D "Removing Outlook Express" /f REG ADD %strRegistryKey%\050 /V 1 /D "reg add \"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\" /v Stubpath /t REG_SZ /d \"\" /f" /f REG ADD %strRegistryKey%\050 /V 2 /D "reg delete \"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\^>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\" /f" /f P.S.: Didnt try it, I am using Components method, however it should work

I was not talking about IDS/IPS... I was talking about restricting software (either on kernel level or API levels)... Which is quite old technology... Even though it is nice idea, it was not successful when broadly deployed. I am not trying to put you donw, I am just curious why do you think this technology is so exciting?

a.) add your activex deployment site to Trusted sites (that should allow them to install them) b.) install them through regsvr32...

I am using this: @echo off For /f "usebackq tokens=1,2 delims==" %%i IN (`WMIC CDROM Where "VolumeName='UACDROM'" list full`) DO If %%i EQU Drive Set strCdrom=%%j It will search for cd label UACDROM and assign it to variable strCdrom

Anyone? Some of my machines are falling to sleep during installation

Ah, that dumps revealed something new WsapiNT from Trend Micro got problems Let me know if I was right or we should took another way...

I am using it in domain... EDIT: But I can see your problem now You must use full path, %windir%\regedit.ex

I am open to new ideas, but dont think so this is something new or great... It is quite similar to MS technologies for restricting applications... However this concept was never fully designed because of many problems... What are ImmuneEngine rules based on? Hashes, paths? Hashes are changing from version to version (windows update etc.), paths are easily changed... And without beta version available, who can say how successful it will be "in the wild"?

2Phylliman: I had a look at that minidump file. It is driver fault, calling NtOsKrnl function MiGatherMappedPages. So it looks like a.) damaged pagefile. Just add tweak to remove it every shutdown b.) HW problem c.) driver problem d.) memory problem Dont you have other minidumps for analysis?

Agree, it is problem with %windir%\system32 not included in path variable...

Sometimes I am using this simple method (when I am in hurry): echo MsgBox "Network not available",0,"Error" > temp.vbs wscript temp.vbs del temp.vbs

Import it during cmdlines.txt. It is working.

If you are in the domain, most simple method is to check for LogonServer variable. If defined LogonServer goto:continue

There are few important differences. ROE is before shell is loaded, RO after. Also ROE is component based - if you are in the middle of your installations and you restart your PC, the rest will continue after installation. And at last - ROE looks more professional

Well, I got w2k on my network. I am using Detect Only method, so I exactly know what patches I need for my machines. Then I simply throw out the unneeded patches

Plus I forget one of the most importing security additions - using SAFER technology for browser, mail client and IM client...

Disabling startup paths - usually through removing ACL. It is quite good method, however not in corporate environment IE6SP2 lockdowns means installed XP SP2 with tons of security enhancements - LocalMachine Lockdown, Windows Restrictions etc. Prevention pack - autoupdate for killbits + restricted sites. I posted the scripts here before.

User RunOnceEx instead of RunOnce and the explorer shell wont get started... BTW using images for this big network isnt happy solution, use bootimages for unattended isntallations instead. It is much faster and much more reliable solution. I got 99.1 % success with this solution (0,9% are HW malfunctions or stupid users, who unplug the computer)

There is.... IE6 SP2 is included in XP SP2

You mean logon script?

I am using IE6SP2 lockdowns + prevention pack + MS AntiSpyware beta and I am really satisfied. For enterprise I am recommending Sunbelt CounterSpy - the same like MS AS, but with centralized management...

Not sure about cmdlines, but in ROE it should be quite easy... Just use FOR /F with type boot.ini. If you need more help, let me know, I will write the script for you

I am using this for my UNC based installations... Which is quite good way. When I wanted to detect CDROM drive, I am using different method than most people here - my solution is based on cd name. E.g. find drive, where name is "Unattended installation" and set it as source (using WMI classes)