FrankE9999

Deploying Windows® 7 Essential Guidance from the Windows 7 Resource Kit and TechNet Magazine http://www.microsoft.com/downloads/details...;displaylang=en

This seems like overkill for a HTPC. The MSI Media Live DIVA 5.1 AM2+/AM2 AMD 780M HDMI Micro ATX AMD Motherboard - Retail is about $170 after rebate. A AMD Phenom 9350e Agena 2.0GHz 4 x 512KB L2 Cache 2MB L3 Cache Socket AM2+ 65W Quad-Core Processor - Retail is also about $170. With this morherboard and processor you don't need a video or sound card. http://thedigitallifestyle.com/cs/blogs/st...htpc-video.aspx

These are the ones I use. Note you only need the latest Cumulative Security Update. If you look in the KB article it will tell you if a patch replaces another patch. For XP SP3 IE 7 MS07-050 (IE7-WindowsXP-KB938127-x86-ENU.exe) patch shows that it replaces MS08-045 (IE7-WindowsXP-KB953838-x86-ENU.exe), MS08-045 replaced MS08-031 (IE7-WindowsXP-KB950759-x86-ENU.exe), MS08-031 replaced MS08-024 (IE7-WindowsXP-KB947864-x86-ENU.exe). MS07-050 : Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) IE7-WindowsXP-KB938127-x86-ENU.exe http://www.microsoft.com/technet/security/...n/MS07-050.mspx MS08-058 : Cumulative Security Update for Internet Explorer (956390) IE7-WindowsXP-KB956390-x86-ENU.exe http://www.microsoft.com/technet/security/...n/ms08-058.mspx You may also want to install the following. When you use Remote Desktop Connection to connect to a terminal server, PNG images do not appear in Internet Explorer 7 during that RDP session http://support.microsoft.com/kb/935560 Print queue shows incorrect number of pages when you print a Web page in Internet Explorer 6 or Internet Explorer 7 http://support.microsoft.com/kb/889333

Create a vb script (I called it t.vbs) On Error Resume Next const wbemFlagReturnImmediately = &h10 const wbemFlagForwardOnly = &h20 set objWMIService = GetObject("winmgmts:\\.\root\CIMV2") set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_LogicalDisk", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly) for each objItem In colItems WScript.Echo "Found " & objItem.Name & " " & objItem.Description if objItem.Name = "D:" then WScript.Echo "Drive type is " & objItem.Description if objItem.DriveType=3 then WScript.Quit(0) 'This is a Local Fixed Disk else WScript.Quit(1) 'D: is not a Local Fixed Disk no need to continue end if end if next WScript.Quit(1) Call this from a batch file and use the return value. @echo off cscript -nologo "%~dp0t.vbs" if not errorlevel 1 ( echo Moving my documents to the D: drive ) You could also modify the script to use WshShell.Run to directly call a batch file. set WshShell = WScript.CreateObject("WScript.Shell") WshShell.Run(strCommand, [intWindowStyle], [bWaitOnReturn]) Note: You will also need to modify the "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal" registry key so Windows knows where you put the My Documents folder.

You can use 'tasklist /v' to display a list of all programs loaded into memory. Use a program like AutoRuns to disable programs that are running at startup that you don't need. You can download Start_ups.exe which lists most application that run at startup and what they are for. Also it wouldn't hurt to run a program like CCleaner to clean you hard drive and Wise Registry Cleaner to clean out the registry. You can also use Eusing Registry Cleaner to clean out the registry. Run a spy ware checker such as Ad-Aware 2007 or Spybot - Search & Destroy. If none of this works you can upgrade the memory in your computer.

Try this DevCon to install the drivers.

Windows XP has several vbs files for configuring printers. The Prncnfg.vbs, Prndrvr.vbs, Prnjobs.vbs, Prnmngr.vbs, Prnport.vbs, and Prnqctl.vbs commands. These need to be run as an administrator and can be used to install network printers on a system. These will be available to all users on the system. Add an IP based printer rem create port cscript c:\WINNT\system32\Prnport.vbs -a -r IP_192.168.1.5 -h 192.168.1.5 -o raw -n 9100 -me -i 1 -y public rem add printer cscript c:\WINNT\system32\Prnmngr.vbs -a -p "Network Printer HP LaserJet 4000 Series PCL6 (192.168.1.5)" -m "HP LaserJet 4000 Series PCL6" -r "IP_192.168.1.5" Delete an IP based printer cscript c:\WINNT\system32\Prnmngr.vbs -d -p "Network Printer HP LaserJet 4000 Series PCL6 (192.168.1.5)" Delete a port cscript c:\WINNT\system32\Prnport.vbs -d -r IP_192.168.1.5 Delete unused drivers cscript c:\WINNT\system32\prndrvr.vbs -x The above work for IP based printers. If shared a printer on computer Computer1 as HPLaserJ. You need to add a registry entry and then restart the spooler service. reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports" /v "\\Computer1\HPLaserJ" /t REG_SZ net stop spooler net start spooler Add the printer cscript -nologo c:\WINNT\system32\Prnmngr.vbs -a -p "HP LaserJet 4000 (Computer1)" -m "HP LaserJet 4000 Series PCL6" -r "\\Computer1\HPLaserJ" If you are trying to do this remotly use -s option to specify the system. The net stop and net stop commands don't have a remote option. You an use psexec from sysinternals to remotly execute the "net stop spooler" or "net start spooler" commands. The W2K resource kit had a progrtam NETSVC.exe to remotly start and stop services.

We are using WIM images to deploy Windows XP. I am trying to integrate the latest updates into the image without having to recreate it. The only information I could find was for doing this under Vista (http://www.minasi.com/newsletters/nws0709.htm). Does anyone have information on how to do this with a XP WIM image?

Just to verify that WindowsUpdateAgent30 was installed correctly. Check the file version on the following files (They should all be version 7.0.6000.381). %SystemRoot%\system32\cdm.dll %SystemRoot%\system32\wuapi.dll %SystemRoot%\system32\wuaueng.dll %SystemRoot%\system32\wucltui.dll %SystemRoot%\system32\wups.dll %SystemRoot%\system32\wups2.dll %SystemRoot%\system32\wuweb.dll I haven't got this integrated and am installing it using RunOnceEx. I extracted the contents of WindowsXP-KB905474-ENU-x86-Standalone.exe to a folder using 7zip. This file contained a file called WGANOT~1.EXE. I extracted that file again using 7zip which created a folder structure similar to the one below. LegitCheckControl.dll spmsg.dll spuninst.exe update wgalogon.dll wgatray.exe update\update.exe update\update.inf update\update.ver update\updspapi.dll update\wganotify.cat update\wgawizard.dll update\wga_eula.txt I copied LegitCheckControl.dll and LegitCheckControl.inf from the LegitCheckControl.cab file to the folder above. Replacing the older version of LegitCheckControl.dll. To install it I use "update\update.exe /quiet /norestart". Not the best method but it does work. I would think that you should be able to install the LegitCheckControl.dll simply using the LegitCheckControl.inf but I haven't had time to test this. Windows XP SP2 updates for use with HFSLIP shows that this can be done.

Make sure you have the latest version of WindowsUpdateAgent30-x86. If you extract the contents of WindowsUpdateAgent30-x86 check the file version on some of the dll files (They should be 7.0.6000.381). I think you also need KB905474 Windows Genuine Advantage Notifications WindowsXP-KB905474-ENU-x86-Standalone.exeand the latest LegitCheckControl.cab.

"Firefox Setup 2.0.0.7.exe" -ms "Thunderbird Setup 2.0.0.6.exe" -ms Windows Live Messenger 8.x msiexec /i MsnMsgs.msi IAGREE="Yes" ALLOWRHAPSODY="" ADDLINKS="" ADDBHO="" SETHOMEPAGE="" /qb

If your looking for a deployment solution you can try Business Desktop Deployment 2007. There is also Windows Automated Installation Kit (AIK) which works with Windows XP. This is much better for small orginizations which don't need all the features of BDD. You basically build a WinPE 2.0 bootable CD and use it and imageX to create/restore hard drive images. o You can create multiple HD images in a single file. This results in a single file that is much smaller than multiple images would by as duplicate files are only stored once. o You can mount the image and edit the file contents. o You can integrate patches without having to recreate the image (although I haven't done this yet). Capturing a custom Image using ImageX and a Generic WinPE Disk Adding Applications to BDD Building a Windows XP Image in BDD 2007 Part 1 IT Idiots has some video on using BDD.

The Removes Hotfix Backup files web site states "NOTE: This utility does NOT remove application specific hotfix backups (Internet Explorer, Outlook Express, Media player and etc.). It will only remove hotfix backups that are specific to the Windows XP operating system". CCleaner may remove some of these hot fixes (You need to selest Hot Fix Uninstallers). However I haven't found any programs that clean out the $hf_mig$ folder and you can't just delete it. Note: rmdir is included with Windows XP and does the same thing as deltree.

You need to run the portion of the script that sets the default printer using User Logon not Computer Startup as this settings is configured per user in the HKCU portion of the registry. You can try creating two scripts one that installs the printers and the other that sets the default printer.

Two good free download managers are. Free Download Manager http://www.freedownloadmanager.org/download.htm Orbit Downloader http://www.orbitdownloader.com/index.htm Another good download manager is GetRight but it costs money GetRight http://www.getright.com/get.html

I am trying to get Drive Image XML working from WinPE but haven't had any luck. I am not even sure it can be run from WinPE and since this is freeware there isn't much support. I am able to get it working with BartPE but we are not susposed to use that. Also I have worked with imagex but this is more of a deployment tool and I am using DriveImage XML to backup specific systems.

There are many ways to create a shortcut from a batch file. You could simply create the shortcut in the same folder and copy it to the desktop. Just remember that the shortcut has a .lnk extension. From the batch file run the following copy /y "%~dp0My Shortcut.lnk" "%ALLUSERSPROFILE%\Desktop" Another option is to use shortcut.exe. Copy shortcut.exe to the same folder as your batch file and call it using "%~dp0shortcut.exe" or change to directory "%~dp0" or copy shortcut.exe to the System32 folder under your windows directory. "%~dp0shortcut.exe" /F:"%ALLUSERSPROFILE%\Desktop\Notepad.lnk" /A:C /T:"C:\WINNT\system32\notepad.exe" note the above must be run from a patch file so "%~dp0" will expand to the path where the batchfile is located. If running from the command line specive the path to shortcut.exe or copy it to youe system32 folder. Use %USERPROFILE% from the administrator account in place of %ALLUSERSPROFILE% to create the icon on the current users desktop.

Try generating a log file of the install. I think the command line option is /Lv C:\dotnetinstall.txt but look here for various options. MsiExec.exe Command-Line Parameters I integrated dot net 1.1 and the latest security patch, added the VPModule.msi and compressed everything into a single self extracting executable using 7zip (command line version). I did this some time ago and haven't had any problems running the install off DVD. Here are the notes I name while building the install. Note this works well for dot net 1.1 but I had problems trying to build an admin install for dot net 2.0 using the same process. With .Net 2.0 everything worked and .Net 2.0 installed with all the patches but I got an error trying to uninstall it. 'download dotnetfx.exe 'extract files to C:\Temp\dotnetfx using 7zip 'build admin install msiexec /a C:\Temp\dotnetfx\netfx.msi TARGETDIR=C:\Temp\dotnetfxa 'delete dotnetfx folder rmdir /s /q C:\Temp\dotnetfx 'download NDP1.1sp1-KB867460-X86.exe 'extract patch md C:\Temp\KB867460 NDP1.1sp1-KB867460-X86.exe /Xp:C:\Temp\KB867460 'patch the admin install msiexec /p C:\Temp\KB867460\S867460.msp C:\Temp\dotnetfxa\netfx.msi 'delete patch rmdir /s /q C:\Temp\KB867460 ' download VPModule.msi {http://www.microsoft.com/downloads/details.aspx?familyid=DA77B852-DFA0-4631-AAF9-8BCC6C743026&displaylang=en} copy VPModule.msi C:\Temp\dotnetfxa\ 'create a batch file setup.bat @echo off pushd "%~dp0" msiexec /i "netfx.msi" REBOOT=REALLYSUPRESS /qb if errorlevel 1 exit 1 msiexec /i "VPModule.msi" REBOOT=REALLYSUPRESS /qb if errorlevel 1 exit 1 popd exit 0 'create C:\Temp\utf-8script.txt ;!@Install@!UTF-8! Title="Microsoft .NET Framework 1.1 with Service Pack 1" RunProgram="setup.bat" ;!@InstallEnd@! ;copy 7zS.sfx to the C:\Temp folder (part of 7zip) 'compress the whole mess into a single executable using 7zip command line. pushd C:\Temp\dotnetfxa 7za.exe a -r "..\dotnetfx11.7z" * -m0=BCJ -m1=LZMA:d=25 -ms -mmt cd .. copy /y /b 7zS.sfx+utf-8script.txt+dotnetfx11.7z dotnetfx11.exe popd

I know that normally if you change a users password they won't be able to access their encrypted files. However in our configuration users download a certificate/key the first time they logged on and that was used to encrypt their files (there was also a process for recovering a key). In this configuration it was possible for an administrator to reset a users password and not affect their ability to access their encrypted files. We don't use this anymore or I wouldn't have said anything about it. I'm not sure if this was done by design or just configured incorrectly. The only issue I can have with TrueCrypt is you better not forget you password as there doesn't seem to be anyway to recover your information. As a side note if anyone is looking for a good/free password manager I recommend KeePass Password Safe.

Writing an HTA is similar to writing a Web page. The big advantage is that an HTA application doesn't have the security restrictions that a web page would so anything you can do from a script you can do from an HTA. The thing you have to remember is that unlike a web page there isn't a server to do any processing so you have to do everything using a scripting and the document object model. Here are some links Creating Your Own HTAs Introduction to HTML Applications A little more advances example shows what you can do with an HTA HTA-Notepad

To secure your files you need to use some type of encryption as it is just to easy to get around passwords if you have physical access. You can encrypt your files using TrueCrypt. Vista had bitlocker technology and there is also a program called SafeGuard Easy which allows you to encrypt the complete hard drive. I would use TrueCrypt as it is free and works well. I have some issues with EFS. It changes the date/time stamp on files. We used to use this and I needed to get access to a users encrypted files who left the company. All I had to do was reset their password and login as them. SafeGuard Easy has it's own set of problems. First once a computer is booted into Windows an administrator can still access your files from the network.

Don't use roaming profiles on the laptops. I have users who have laptops (primary workstation) but also need to logon various workstations. I configured their accounts to use roaming profiles but on the laptops I enabled "Prevent Roaming Profile changes from propagating to the server" and "Only allow local user profiles" in the local group policy. This way they have a single account/password to logon and get a roaming profile on all the workstations but they have a local profile on the laptop. There are a lot of issues roaming profiles as everything in the users profile has to be copied from the server to the workstation when the user logs on and then copied back when they log off. This can take some time if the user has a lot of information in their profile and their is always the risk of the users profile getting corrupt. If you decide to go with roaming profiles for the workstations you should redirect the users "My Documents" folder to the server. If you are using outlook and pst files these should also be stored on the server and not in the users profile. You can limit the size of a users roaming profile using "Limit profile size" in the local group policy and prevent specific files from being uploaded back to the server using "Exclude directories in roaming profile" (Exclude the Temp, Temporary Internet Folders). Also teach your users how to put files on the server and create a link on their desktop. As for group polocies at a minimum I would use one for the desktops and one for the laptops.

Filever doesn't have an option to just display version information. You could use sed or awk which are unix commands and just filter the portion you want. There are ports of these commands in the GNU utilities for Win32. With sed you would do something like the following. filever c:\WINNT\system32\notepad.exe | sed -e "s/.* \([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\).*/\1/" You could also execute the filever command within a for loop and extract the portion you want. If you want a simple solution you can use the following script filever.vbs. It takes one input the name of the file and outputs the version of the file. If the files doesn't exist or you don't specify a file name it doesn't output anything. 'filever.vbs Set fso = WScript.CreateObject("Scripting.FileSystemObject") Set objArgs = WScript.Arguments if objArgs.Count<>1 then WScript.Quit() if NOT fso.FileExists(objArgs(0)) then WScript.Quit() WScript.Echo fso.GetFileVersion(objArgs(0)) to call the script just use cscript -nologo filever.vbs "c:\WINNT\system32\notepad.exe"

The closest thing I've found is filehippo.com Update Checker . This is a .Net 2.0 application that will scan your system and check for updates to installed software. You could also write a script to check for installed versions of various applications and make sure the latest version is intalled. This is a lot of work up front and only worth it if you need to updated a lot of computers.

You may want ot check out Microsoft Solution Accelerator for Business Desktop Deployment 2007. They have something called "Zero Touch Installation (ZTI) with SMS 2003". I basically use the "Lite Touch Installation (LTI)" method since I don't have SMS server 2003. It is a very simple process to create or restore an image. You basically boot off a Windows PE CD, map a network drive and create or restore and image. You need to configure the hard drive using diskpart which is a command line utility but it's very simple once you get used to it and you can write a batch file to automate the process. You can also create a WinPE DVD with the image and restore using that. This works well for remote users who don't have a good connection to the server. Imagex lets you mount an image so it looks like it is part of the directory structure. This allows lets you make small changes without having to recreate the image.