oao

I was advised that to preserve IE6, I should not remove IE5, but rather let IE6 SP1 upgrade it. I've also found out that it is possible to HFSLIP the OS without removing anything, then use nLite on SOURCESS to remove whatever I want and create the ISO file. Thanks. FP

Whoops, strike the last question. I had just completed the streamlining and did not ask nLite to create the ISO. FP

I've done a trial run of HFSLIP+nLite combination as you suggested. 1. HFSLIP ran OK except for a complaint that it could not find a AU.IN_ file in \source\I386, after which it continued and created an 342MB ISO file. 2. I then ran nLite on the SOURCESS folder as per your suggestion and reduced the size of that folder by about 134MB. Now, if I understand it correctly, if I substitute this folder for the initial SOURCE created by HFSLIP, and run HFSLIP again, will it create the ISO from the folder reduced by nLite? Thanks. FP

BTW, you did not reply to my question re IE: Does IE6 SP1 require the installation IE to be there in order to install, or can the latter be removed and the former slipstreamed? IOW, can I (a) use the FDV files to remove ie and (b) install IE6 from scratch by applying SP1 and the subsequent fixes? If I cannot do both in one HFSLIP run, can I du (b) manually after (a) is over?

I understand the tradeoffs -- I am a relatively experienced user, I used to write harware/software articles. I don't think a real GUI is necessary. It could be just a menu-driven non-graphical interface of the kind we used with DOS. The critical need is to select individual components for removal and HFSLIP/HFCLEANUP would act accordingly in the background. Otherwise it is difficult to figure out how to customize the files to selectively remove components due to multiple unknown dependencies. It is too demanding and risk prone

I've already looked at HFCLEANUP and it seems quite tricky and requires attention to details I don't much care for. I'll take another look, but I doubt it's for me. The problem I see with nLite si that it requires .NET; sort of defeats the purpose of bloating my system with this kind of crap in order to produce a streamlined system installation. One possibility is to install .NET just for nLite and uninstalling it after. But that means I will have to do that each time I need to make changes to the installation setup. It is unfortunate that there is no FDV modular solution, where one could choose individual components to be removed from a menu. Seems like the most logical way to do it.

BTW, having seen older exchanges about plugins and multiple FDV files, perhaps it's possible to have separate files for each major component in the list posted at http://www.vorck.com/2ksp5.html, namely: Internet Explorer, Outlook Express and Windows Address Book (or leave these in if you like, it's extremely easy), Internet Information Server (IIS), Internet Information Server Debugger, MS FrontPage Extensions, Fax Services, Indexing Service, Kodak built-in Imageviewer, MS PictureIT!, Games, Windows Scripting Host, Task Scheduler (it opens Port 135), DCOM, Internet Connection Wizard (if you're here on this site, you're the type who does this manually. This is like having a Wizard to open a folder. Who needs this?!?), ActiveMovie for IE, NetMeeting, Media Player 2.0 (the Codecs will be installed, though), 16 bit Application Compatability (you will not see an error in your logs), Remote Storage Recall Notification, Windows Help (sorry, can't be helped, it's exploitable, copy MSHTML.DLL to your SYSTEM32 directory if you want it), MS Fake Java for IE (no longer in Windows, removed by MS' Service Packs as part of legal settlement), and Windows Update (don't ask me why, it should be totally obvious that it's IE-dependant.) Regards, FP

I would like to use FDV fileset to remove Win2K components, but leave in: Internet Explorer Fax services Tax Scheduler Windows Update Has anybody figured out how to tweak FDV files to leave these in? With regards to IE I have a question: Does IE6 SP1 require the installation IE to be there in order to install, or can the latter be removed and the former slipstreamed? I was thinking of eliminating the baggage and slipstream IE6 from scratch, but I doubt this is possible. Regards, FP

>The list is missing 1 update for Windows 2000 which Microsoft released a few days ago. It's KB925902, and it replaces KB912919 and KB896424. As far as I can tell KB925902 is for Vista, not 2000: http://www.microsoft.com/downloads/details...;displaylang=en

For any Win2K SP4 update/fix that does not appear in your configuration list, if it is added to the HF folder, will it be slipstreamed, or will HFSLIP slipstream only those in your list? Regards, FP

>KB891122 - HFSLIP sort of supports this WMP9 codec update. You need to extract wmfdist.exe into the HF folder (that's the only file of importance). The "Windows Media 9/10 codecs" checkbox in the "Update your Windows 2000 configuration" section links to this update. Also, as explained in the Notes section at the top of my dynamic 2K list: "You will need a decompression program (such as 7-zip or WinRAR) to extract the necessary files out of some of the downloaded installers. From the updates listed below, this applies to DirectX9, the new DirectX9 gaming binaries and the Windows Media 9/10 codecs." I had actually done all this as per the instructions, I just did not connect it to KB891122. >If Windows Update insists you need KB828026 and KB896422, you have probably slipstreamed version 1 of Update Rollup 1. Please include HFSLIP.LOG next time. Actually, the rollup 2 and 923414 WERE installed, but WU would still push 896422. I reinstalled the rollup and 923414 and it now looks as WU is happy. As per my initial message, I am now only PREPARING for slipstream in case I will need to reinstall the system. My comment referred to the already installed system, which was not slipstreamed. I just want to make sure that no update/fix will be missing, or unnecessary for the slipstream CD I am preparing. Thanks for all your help. Regards, FP

>How are you checking for these discrepancies? Are you using an old outdated mssecure.xml file? Are you googling old windows updates on the web? The MSBLA will guide you the right direction for applying the latest and greatest updates. I have already described my procedure: I checked everything on your configuration file and then compared the generated list to The Guy's latest list. I also considered the updates that Windows Update has applied to my system. When I found missing items in either or both lists I checked the MS download pages. What is MSBLA? >As far as some hotfixes you list..... Here is an interesting finding while searching the boards for hotfix 896422 - link. For KB912812, an cumulative update to IE6 released April 2006. Each month last year, IE6 had a cumulative rollup. 912812 is 12 updates behind at this point and it would be unwise to slipstream it. The problem is that Windows Update does not always delete fixes that are superseded by new ones; nor do the MS download pages document very clearly what is being superseded. >I can probably answer for the_guy with his hotfix lists. He concentrates on critical updates and not recommended updates. Tomcat76 includes some recommended ones and some fixes that are nice to have, xml stuff falls into this category. OK, that's what I needed to know. Regarding vulnerabilities: are they a problem due to the existence of non-updated files per se, or do those files need to be actually used to cause vulnerability? E.g. Windows installs OE, but I don't use it. Should I then bother to apply OE security fixes? And is it possible to remove OE and other components during slipstreaming? Thanks. FP

Hi, Yes, I slipstream WMP9 and IE6. I focused on just two Win2K lists, the configuration one you refer to and The Guy's, and I hope that this is the latest iteration of the discrepancies I found. This is based on checking everything in your configuration list: 1. Neither list has the following: * KB896422 Security Update for Windows 2000 * KB828026 Critical Update for Windows Media Player (All Versions) for Windows 2000, Windows XP, and Windows Server 2003 * KB870669 Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer * KB885492 Security Update for Windows Media Player 9 Series * KB904368 Update for Windows 2000 * KB903235 Security Update for JView Profiler * KB911565 Security Update for Windows Media Player 9 * KB912812 Cumulative Update for Internet Explorer 6 SP1 * KB891122 Update for DRM-enabled Media Players * KB911564 Security Update for Windows Media Player Plug-in Windows Update insists that the first two, KB828026 and KB896422, be applied even after removing them. 3. Your configuration list includes MSXML2.MSI which the MS download page says it applies to SQL Server, not Windows 2000. 4. Any ideas why The Guy's list does not have the following ones that you have in your configuration list? ( I emailed him this question too). * Microsoft Data Access Components (MDAC) 2.8 SP1 * KB887606 FIX: The Microsoft XML Parser (MSXML) uses cached credentials incorrectly * KB927978 MS06-071: Security update for Microsoft XML Core Services 4.0 * Microsoft Core XML Services (MSXML) 6.0 Service Pack 1 * Roots certificate update * KB908506 Update for Windows 2000 * KB926121 Security Update for Windows 2000 * KB926247 MS06-074: Vulnerability in Simple Network Management Protocol (SNMP) could allow remote code execution * KB909520 Microsoft Base Smart Card Cryptographic Service Provider Package: x86 * KB917275 Microsoft Windows Rights Management Services Client with Service Pack 2 - x86 * WindowsUpdateAgent20-x86.exe Please advise. Thanks. FP

Hi, I've compared this list of hotfixes for Win2K Pro SP4 with that provided for HFSLIP at http://users.telenet.be/tc76/winup/_win2k.html and the latter has the following which this list does not. Any ideas why? * Microsoft Data Access Components (MDAC) 2.8 SP1 * KB887606 FIX: The Microsoft XML Parser (MSXML) uses cached credentials incorrectly * KB927978 MS06-071: Security update for Microsoft XML Core Services 4.0 * Microsoft Core XML Services (MSXML) 6.0 Service Pack 1 * Roots certificate update * KB908506 Update for Windows 2000 * KB926121 Security Update for Windows 2000 * KB926247 MS06-074: Vulnerability in Simple Network Management Protocol (SNMP) could allow remote code execution * KB909520 Microsoft Base Smart Card Cryptographic Service Provider Package: x86 * KB917275 Microsoft Windows Rights Management Services Client with Service Pack 2 - x86 * WindowsUpdateAgent20-x86.exe Also, neither the HFSLIP list nor this one have the following: * KB896422 Security Update for Windows 2000 * KB828026 Critical Update for Windows Media Player (All Versions) for Windows 2000, Windows XP, and Windows Server 2003 * KB870669 Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer * KB885492 Security Update for Windows Media Player 9 Series * KB904368 Update for Windows 2000 * KB903235 Security Update for JView Profiler * KB911565 Security Update for Windows Media Player 9 * KB912812 Cumulative Update for Internet Explorer 6 SP1 * KB891122 Update for DRM-enabled Media Players * KB911564 Security Update for Windows Media Player Plug-in Windows Update insists to apply the first two, 896422 and 828026, even after they are removed. Pls advise. Thanks. FP

>KB925672 is superseded by KB927978. Well, when 927978 installs it does not remove 925672, so it's hard to tell. >KB927978 is on my list so I conclude that you didn't go through the "Update your Windows 2000 configuration" part, where you'll find a checkbox to include MSXML4 among many other upgrade possibilities. I've been working from several lists, the main one being http://users.telenet.be/tc76/winup/_win2k.html and it does not have it. I will go over yours more carefully and check out any differences. What about the other 4?

From the above list, the following were applied to my computer by Windows update: 925672 xml4 sp2 927978 xml4 sp2 828026 wmp 896422 925902 926436 I have removed them and Windows Update notifies me that the last 4 should be applied. So it looks they are valid, why are they not in your list? And what about the 2 XML fixes? Regards, FP

I am adding the following two XML fixes which Windows Update applied to my computer, but which are not in your valid list: Vulnerabilities in Microsoft XML Core Services 4.0 SP2 Could Allow Remote Code Execution (925672) msxml4-KB925672-enu.exe http://www.microsoft.com/downloads/details...;displaylang=en Vulnerabilities in Microsoft XML Core Services 4.0 Could Allow Remote Code Execution (927978) msxml4-KB927978-enu.exe http://www.microsoft.com/downloads/details...;displaylang=en

I am removing the following fix from the above list, as it is valid: Security Update for Windows Media Player Plug-in (KB911564) WindowsMedia-KB911564-x86-ENU.exe http://www.microsoft.com/downloads/details...;displaylang=en

After som thorough work with the hot fixes and review of the docs here I cane up with the following questions: 1. General question: for security fixes that pertain to components not being used, are the vulnerabilities in the files per-se, or do they occur only if the components are used? E.g. KB923694 cumulative security update for MSOE: I don't use MSOE, even though it is installed with Windows 2000. Incidentally: can it be removed from the installtion CD? 2. The following two fixes msxml2.msi msxml6_x86.msi should be placed in HF, or together with UPHClean-Setup.msi in HFGUIRUNONCE? 3.Based on the removed fixes list at http://www.msfn.org/board/index.php?showtopic=58360 February 17-Removed 925454, 911562, and 922616. January 10-Removed 925486. December 19-Removed 911567 and 922760. November 17-Removed 918899, 890046 and 921883. October 10-Removed 917159. August 9-Removed 916281 and 908523. The following fixes are neither shown as removed, nor in the currently valid fix list at http://users.telenet.be/tc76/winup/_win2k.html Are they valid, or should they be disregarded? Security Update for Windows 2000 (KB896422) Windows2000-KB896422-x86-ENU.EXE http://www.microsoft.com/downloads/details...;displaylang=en Update for Windows 2000 (KB904368) Windows2000-KB904368-v3-x86-ENU.EXE http://www.microsoft.com/downloads/details...46-910be4ddcbbc Cumulative Update for Internet Explorer 6 SP1 (KB912812) IE6.0sp1-KB912812-Windows-2000-XP-x86-ENU.exe http://www.microsoft.com/downloads/details...;displaylang=en MS05-037: Vulnerability in JView Profiler could allow remote code execution IE-KB903235-x86-ENU.exe http://support.microsoft.com/kb/903235#appliesto Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer (KB870669) Windows-KB870669-x86-ENU.exe http://www.microsoft.com/downloads/details...;displaylang=en Critical Update for Windows Media Player (All Versions) for Windows 2000, Windows XP, and Windows Server 2003 (KB828026) WindowsMedia-Q828026-x86-ENU.exe http://www.microsoft.com/downloads/details...;displaylang=en Security Update for Windows Media Player 9 Series (KB885492) WindowsMedia9-KB885492-x86-ENU.exe http://www.microsoft.com/downloads/details...;displaylang=en Security Update for Windows Media Player 9 (KB911565) WindowsMedia9-KB911565-x86-ENU.exe http://www.microsoft.com/downloads/details...;displaylang=en Windows Media Player Plug-in for Netscape Navigator wmpplugin.exe http://www.microsoft.com/downloads/details...;displaylang=en Security Update for Windows Media Player Plug-in (KB911564) WindowsMedia-KB911564-x86-ENU.exe http://www.microsoft.com/downloads/details...;displaylang=en QuoVadis Root Certificate rootsupd.exe http://download.windowsupdate.com/msdownlo...en/rootsupd.exe Thanks. FP

Thanks. There seems to be some confusion between the KB's that I got from my Windows Update history and the download pages of Windows updates: the former were applied to my system as 2K, but when I went to the later, they were shown as XP. Not clear why. Anyway, I am now working with the list at http://users.telenet.be/tc76/winup/_win2k.html and will let you know if any confusion remains. In a trial run of HFSLIP I noticed that one fix was not applied and a statement with /command? parameter was issued. If it reoccurs I will post here. I may have a few other questions, but I will first search on the topics here.

I read thru all the FAQs/guides/help I could locate and I did not see an answer to the specific question I asked, namely WHY hotfixes for XP and server 2000 should be slipstreamed into win2000 professional. Also, should all generations of MSXML (1,2,4,6) be included? Thanks. FP

I am in the process of using HFSLIP to create a win2K cd-r. In the list of hot fixes for 2000 there are quite a few ones that MS download pages say they are for to XP SPs (e.g. 896358), and fewer for server2003 (e.g. 899591). Should they be included and if so why? Thanks. FP