Mordac85

If you're connected to the internet, can send/rcv traffic to/from any other device and there is no firewall in between then your system is vulnerable. Theoretically, just by being connected to the net makes you vulnerable, even with a firewall. The only way to permit traffic from only addresses you specify is via a firewall, preferably a hardware firewall. That's what they are designed for and they can ignore any traffic that doesn't come from a specific address. However, that does not mean the firewall itself cannot be comrpomised. Depending on the critical nature of the data you want to protect, the best, most secure option is a dedicated line.

Also, does this happen if you try to shutdown after logging in? How about safe mode? You may want to run msconfig and disable all the startup items. If that resolves the issue, just re-enable them one by one until the problem returns. If msconfig doesn't kill the problem it's most likely a service causing your grief.

Also, you may want to check the BIOS to see if your system is using AHCI instead of ATA mode for the SATA operation. XP doesn't support AHCI natively and can give you a headache until you get the drivers loaded (e.g. F6 option above) but ATA mode may be a workaround for you.

Thanks. This is a start. For a little background, I manage an image that's currently deployed to 22 different models and managing all the drivers for those systems is getting to be a real pain. I could just include all the drivers for each model, but copying the same nVidia, Dell Truemobile, <insert large driver pkg name here> drivers over and over seems way too redundant. So I walk through them all and consolidate it down as much as possible. Thankfully, we started enforcing hardware standards a few years ago, but it still gets to be a pain. On top of that, Dell (our primary PC vendor) will sometimes release identical driver versions as different revs depending on the model or family (haven't really figured out the method to this madness yet). Plus it would be handy to watch for driver updates, but a little impractical to be proactive with that at the moment. If I knew Broadcom NIC driver version X covered models 1 thru 9, or that ATI driver is no longer needed b/c we're retiring the only system on which it was needed, then I could pick the drivers I need in my build and have some sense that they were up to date. With all of the variables involved, I know why there isn't anything out there yet. But I also know other people have a metehod of handling this so they don't spend a week crawling through INF's just to make sure their drivers are up to date.

@iTwins - Correct me if I'm wrong, but the UpdateUPHAL line checks the HAL required, Uni or Multi, and chooses the correct one for the platform being built. If the master is built on a Multiprocessor, and will be deployed on only Multi or Uniprocessor systems, you don't need this line but you will have a performance hit on the Uni's running a Multi proc HAL. If iqsman needs to deploy to ACPI systems as well, he should build it on a Uni or Multiprocessor system then change the HAL in device manager to ACPI before running sysprep. Luckily, I was able to convince corp that it's not cost effective to support the pre-HT systems so I only have Uni\Multi proc systems to maintain. And as a result, haven't had a problem with my image on any dual core systems, but I wasn't sure from his original post if he needed to include support for ACPI HAL or if this was just a Uni/Multi HAL problem. @iqsman - Did you copy the original HAL files to %SystemRoot%\Driver Cache\i386 before running sysprep so the UpdateUPHAL line had something to load?

OK, I've been dealing with the hassle of manually tracking drivers, what hardware they cover (specific PCI ID's), what systems they're for and updating an ad hoc database as I go. In this day and age there should be an easier solution and I was wondering how other people do it? It's such a pain in the rear that I wanted to get some ideas about what to include, or how others are already handling this. Bâshrat the Sneaky has to be the Mac Daddy at this and probably knows exactly what I'm talking about, but good luck finding a commercial, or open source solution to manage drivers in any way. So since it has to be a home grown solution I'd like to hear how others have pulled this off. I know this isn't really something for a home user that only has a single or just a few systems to manage, but I also would like to learn from those that have gone down this road already.

It takes some work but still QED. Go to their support site and download the drivers for the model you have and what particular hardware is installed since they list all possible choices for that model. Then unzip them using winzip/winrar to a separate folder. Once you have them unpacked you need to wade through each one to just pull out the drivers. Most have some kind of installer for their own unique utilities, but for just the drivers you can normally find them in a subdirectory. The exception to this is the chipset drivers. Normally you only have the cat files and the infs are in one of the data cab files. But you can open that with something like Zipscan easily enough. Copy the necessary driver files, INFs, SYS, DLL, TXTSETUP.OEM, etc to it's own folder and use that for your build. If you have questions about what files you'll need just open the INF files and they will have a section that calls out the required files. Problem is it can be tricky catching all of them b/c there can be a number of those sections. IMHO, BTS driverpacks and vendor originals are OK, and for the most part work fine, but I've run into issues from time to time on Dell systems due to their own alterations. If you run into any problems with the above, let me know. I'll be glad to help out.

I'm not sure if you're renaming an existing computer or changing the computername in the sysprep.inf/unattend.xml? Unless you could use something like cygwin to mount the newly imaged drive (and I'm not sure even that would work) I don't know how you could edit the respective file w/o a reboot. Of course you could script the computer account reset, OU move and image copy into a single step. It's difficult to merge everything into just a few steps since most operations require a reboot to implement your changes. What about using an inf/xml on a floppy/flash drive instead of on the imaged drive? btw, from my experience on XP, you'll need to script the OU move if the computer account is already existing cuz MachineObjectOU in sysprep.inf doesn't work if the computer account already exists. Not sure about Vista tho, thankfully we're putting that off for a long time.

Thankfully it's not coming out of my pocket! But it does seem to be closer to what he was talking about. Seems like a lot of admin overhead for that tho... I'm looking at WPI now and I think I like that solution better.

I'm not sure if that's it but it looks great and something worth checking out. From what I gathered, he seemed to be talking about a single pkg/file/delta that you could apply to the base image. But he's also relaying info from people doing this (or fantasizing about it) in another group, so there may be some distortion in the translation. He just mentioned this and I haven't been able to find out who's doing somthing similar, if they are, and talk with them first hand. So I figured I'd see what was already out there from all the other MSFN members. Once I find out more details I'll post it, but I know I've heard of something like this before, but just didn't have time to look into it and can't remember any details. I know in AI Builder you could, theoretically, run all your app installs and package that up into a single install. But I wouldn't enjoy stepping through that AI Builder script to parse out the junk and clean it up. At least I have something to check out and get me a little closer. If this turns out to be what I think it is, it may be a better option than a single package since apps are changing so frequently.

OK, I have a new task from the boss. He mentioned using some kind of RIP (?) of just a set of application installs that can be applied to a base OS image. So the Sales guys get the base image and the sales application package, the dev guys get a different set of apps. Sounds cool, but I can't find any info on this, if it's even possible, other than using something like Symantec Ghost's AI Builder. I've always just used Ghost, or PowerQuest, and never really got into RIS or BDD. Has anyone heard of a process like this or know what tools you can use to do it?

w00t!! I forgot all about the Configuration context! See what you can forget if they limit what you can work with? Thanks mate, you're a lifesaver.

Nope, that didn't do it. The attribute isn't listed as an available column. But in the production domain the available column name is different than anything I entered when extending the schema (description, common-name, etc). I'm thinking there is something else I need to do to get the attribute to show up in the list of available columns and that I can define a more appropriate name for it, sorta like how Modify-Time-Stamp is displayed as 'Modified'.

If they were logging in using local accounts it would also explain the behavior. Since he mentioned a 'rule in the directory' though, I assumed he was referring to Active Directory and would presumably be using domain accounts. But, we've all seen stranger stuff.

I'll assume you mean they log into their system using their old password, change their password and continue working when the problem arises. If so, it's a problem w/the cached credentials on the system and you should train them to change their password, log out and log back in with the new one before continuing with their day.

The Technet article uses examples that used NetBIOS names to initially define the server names and moves from there to use dfsutil to change them to FQDN entries. If this is a domain rootdfs and he used FQDN's to add targets from the beginning, wouldn't he still function properly w/o WINS in a multiple site/WAN environment? Even if the DFS server defaults to using the netBIOS name in the referral (assumed from the lack of the DfsDnsConfig reg key on his DFS servers), when that fails I would think that DNS should pick up the slack and resolve it. We run DFS across our environment, but we're also tied down with WINS so I can't really test the theory. But if it's working w/o WINS more power to him!

OK, here's one for the experienced Domain admin. I'm making a sandbox test domain (W2K3SP2) and needed to extend the schema for a particular attribute we use to track the clients. That's done and, I think, is setup correctly. At least it matches the production domain. In our production domain I can go into AD Users & Computers and select this attribute from the Add/Remove columns option in the MMC View menu. The problem is it's not showing up in my sandbox domain and our forest admins are not generally accessible for such an off-the-wall question like this. Has anyone worked with their schema and know if there's a particular setting or operation I need to check to enable this attribute as a display column in MMC? TIA @Mods: Not sure if this is the correct forum for this topic, so feel free to move it if it fits better elsewhere.

I'm building an image for the new Dell Optiplex GX-745 and forgot to update the drivers in a customized PC build that stores a path for an initial Intel chipset driver (from my Optiplex GX-620 build) in the registry at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DevicePath. I also have a drivers folder off the SystemRoot that have the updated chipset drivers for the 745. Everything's fine until it's sysprepped. The system doesn't seem to use/see the updated drivers in the OemPnPDriversPath and the HW wiz pops up on the first login for the SM bus controller. If I point it to the folder in C:\drivers it'll install just fine. I've updated the drivers in the folder called out in the registry and all works fine. So, is there some reason why it seems to ignore the OemPnPDriversPath? I'm going to grep thu the INF's in the older driver folder for the PCI VENID, but if it's not there I have no idea why it's doing this and not knowing really bugs me. Any ideas? TIA

Welcome to the forums! Well, the license key is an easy one. Just add the following line to your unattend.txt under the UserData section like this: [UserData] ProductID=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX As for the command line switches to kick off the install, to quote the M$ Windows 2000 Guide to Unattended Setup: Of course, the MSFN Unattended Guide is also a great resource.

The Event log service should not be causing such an issue and it's the only native source of logging for your system. However, if you could post a list of what services you have, and in what states something may pop out to someone. I still think you have a service looking for a network resource and is timing out. Can you duplicate the delay fairly consistently? If so, try coming up w/o your network cable connected to see if you still get the delay.

I'm not really sure what you're asking. Do you mean you have your mail stored to a local PST file? If so, just go to File->Open->Open Outlook data file... and browse to your PST.

Why not call up Dell and ask them? I'm sure they've run into this question many times already and can tell you what your options are based on their own agreements w/M$. It's a lot better than guessing and could save you time and money.

Not easily. The settings are stored in a REG_BINARY format in the following keys: HKCU,"Software\Microsoft\Internet Explorer\Toolbar\WebBrowser","{01E04581-4EEE-11D0-BFE9-00AA005B4383}" HKCU,"Software\Microsoft\Internet Explorer\Toolbar\WebBrowser","{0E5CBF21-D15F-11D0-8301-00AA005B4383}" HKCU,"Software\Microsoft\Internet Explorer\Toolbar\WebBrowser","ITBarLayout" You could configure the toolbar displays and then export the reg file, but other than that it's difficult dealing with the binary registry values.

OK, how about some others that I've spent many hours playing back in the day: Leisure Suit Larry California Games Wing Commander 688 Attack Sub Harpoon Battle Chess Pool of Radiance Gunship 2000 Jack Nicklaus' Unlimited Golf Falcon 3.0 Aces of The Pacific Populous II Wizardry series

We have a medium campus site (manufacturing plant) with one deskside tech for approx 900 users and 700 systems. However, we are very standardized, have a numebr of tools/utilities and have a stable infrstructure. We don't work on phones, copiers, change toner or have to support home systems (thank God). If you're anything like our local school though, this isn't the case. fizban2 has a point with the metrics. If you track where you're spending your time, say for a month or so, you should get a pretty good idea of what your most time intensive tasks are, how repeatitive they are and if another tech is justified.