iamtheky

I use the following: [unattended] UnattendMode=DefaultHide OemSkipEula=Yes OemPreinstall=Yes TargetPath=\WINDOWS UnattendSwitch=Yes FileSystem=ConvertNTFS

The office 2007 automatically calls the .msp files in the updates folder. http://technet.microsoft.com/en-us/library/cc179097.aspx So build an msp and call the setup from the runonce. REG ADD %REGKEY%\013 /VE /D "installing office 2007" /f REG ADD %REGKEY%\013 /v 14 /D "%APPpath%\MSO2007\setup.exe" /f

save a copy of your registry folow these steps: http://www.petri.co.il/save_settings_to_ad...ative_tools.htm save another copy of your registry. Diff the two files and let us know

http://www.wdc.com/en/library/eide/2579-001037.pdf look at the jumper setting for PM2 (ATA Mode) Your hard drive should have a similar jumper setting indicated in the documentation. From my past experience just because the BIOS does not list the setting, does not necessarily mean it does not support the functionality. But you will know really quick if it has failed because the drive wont spin.

change the SATA controllers in your BIOS to ATA mode or IDE compatibility mode (dont know what each BIOS calls it but if you can get it off AHCI mode, try another selection), and load normally?

what about doing it from cmdlines at T-13 or from the runonce at the end with /quiet /norestart switches? Its not integrated, but the installation is still unattended.

what are the symptoms if you manually integrate the SP into your vanilla xp pro? "I have tested this a couple of times and it seems to break a lot of the customizations I have done with nLite." -meaning you have tried integrating a couple of times or you have tried dloading the update a couple of times? Its bad practice to slip service packs into a previously modified source. No one will be able to troubleshoot the broken modifications, because integrating into anything but a vanilla copy is not really supported. what is the MD5 of the sp3 you slipped? does it differ from the MD5 of the one M$ is offering you through automatic updates?

you can use IEAK to build a branding file. I know its not quite as fun as searching for non-M$ ways to do it, but ieak6 and 7 are quite functional, I have not used ieak8 RC1. http://technet.microsoft.com/en-us/ie/bb381619.aspx downloads for ieak are on the right hand side. "i'm the first to use nlite" is an awesome mistranslation.

If restore points are on (believe it only checks against those), this guy might help. http://support.microsoft.com/kb/924732

whats under HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{} That usually only affects writing, but if the key is missing or jacked it cant be good. Does the IMAPI still see the device as usable (if you right click and send a file to the cd drive does the balloon pop up?) What does it return if you try to follow the built in CD writing wizard?

not terribly, just go up to devices, the bottom selection is guest editions. If autorun is on the wizard will pop up and walk you through the install (if not just go to the cd drive and execute it) and reboot. Then I imagine the folder you believed you shared will be present under network places.

@walrus did you run the guest editions? if so the folder you share will appear if you right click my network places select explore you will see the \\vboxsvr. It will let you go through the share folder process in the vbox toolbar without running the additions, but it will not be accessible.

odd behavior indeed, unless the virtual O/s already had the items in the runonce (or at least the offending item) installed? Was it a clean install?

my wmp install is stripped down so i cant answer the question. But you could just make that the only line in the cmd and run your wmp10 package, even on your working box all you have to do is uninstall it afterwards.

nothing stands out aside from the amazing amount of remarks, but they are harmless to noone but the reader What runs directly before the reboot that returns to a 'windows update' runonce window? what are the remaining keys?

you will certainly get more, and more concrete, answers if you can post the actual content of the .cmds.

do keystrokes work or is it dead in the water upon boot? does windows+E still bring up an explorer window? does windows+R still bring up a run box? Would suck to rebuild if explorer.exe is your only problem.

boot normally to the blank desktop ctrl-alt-del task manager file --> new task explorer.exe does it return to normal appearance?

'We all' - being the 5-6 people that responded minus Dave-H and myself? Would not exactly call that a large enough cross section to be concerned, especially when there have been no reported ill effects from removing the cryptic keys. I'd really like to see a hijackthis log from one of the target systems if someone could oblige, maybe it will find some other keys that could narrow the hunt.

your symptom looks an awful lot like #13 on that symantec bulletin. Attempts to download a configuration file using one of the following domains: [http://]www.certdreams.com/cm[REMOVED] [http://]www.certdreams.com/pm[REMOVED] [http://]www.certdreams.com/down[REMOVED] Alternatively, the Trojan may use a domain configured under the following registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\"d" = "[DOMAIN NAME]" Keys under this path do not have cryptic names, with special characters, with no further identifying information. You dont suppose an older version of an antivirus did not contain the logic to clean every entry the trojan made and now that the primary marker is gone newer versions do not recognize an issue?

http://wordprocessing.about.com/od/formatt.../Hiddentext.htm maybe?

Indeed you have a mess of stars, but no concrete examples? I do not believe that you can drop the complexity rules from its current 'ANY 3 of existing 4 rules' to 'ANY 2 of existing 4 rules' by any simple means in gpedit. I believe I would enjoy being proved wrong more than the OP would enjoy getting an easy answer.

congrats whatever420 you have a virus http://www.symantec.com/security_response/...-99&tabid=2 Id be willing to bet most garbage keys you find in that path are malware, have you tried hijackthis to see what it thinks? do a google for HKEY_LOCAL_MACHINE\Software\Microsoft\G HKEY_LOCAL_MACHINE\Software\Microsoft\J HKEY_LOCAL_MACHINE\Software\Microsoft\K you will see many eerily similar entries that other people cannot identify. Everything in this section should be M$ and clearly identified from what i gather. The most nondescript entry i have is the WZCSVC (wireless zero config service).

http://www.msfn.org/board/index.php?showto...0&start=100

for your scenario however, i believe you either have to hack up the passfilt.dll or pay$$ google 'granular password complexity' http://www.specopssoft.com/products/specopspasswordpolicy/