fdv

Available now: http://www.microsoft.com/technet/security/...ory/891861.mspx http://support.microsoft.com?kbid=891861

No answer, but while we're posting rhetorically let me say that I truly think MS is stringing us along, torturing Win2k users, because they HATE the fact that we still use this slim, streamlined, FAST running OS that is free of all of the crap in XP. They want us to upgrade, simple. That's why no backported IE 7. Remember Service Pack 7 for NT 4? Me either... They did a rollup for SP6a, then issued something like 50 hotfixes. We'll see the same thing for Win2k. This rollup, then hotfix after hotfix after hotfix after hotfix. All the while, MS will tell us "we polled customers, and they all said that they HATED service packs, and wanted hundreds of hotfixes!!" to p*ss us off and try to force us to upgrade. We know it's not the size of the download... Just look at SP1 for Win2k3!! Do any of you remember being polled about whether you wanted a SP7 for NT4 or not? How about a SP5 for Win2000 instead of a rollup? MS isn't really interested, and this is their way of "telling" us. Methods like yours and TommyP's of hotfix integration buy us users a lot of time and save us aggravation.

Does this work for you?

Oleg2 you should not be getting this error; ierunonce should be on the install cd! it is pretty important that it runs, actually. if an inf file runs into an error, it halts and nothing is done, so one little error means oe will not install. try downloading the file onto your desktop of your finished installation and right-clicking and selecting "install." it should ask you for your windows cd, and read all of the files needed. there is something odd going on b/c i created this inf a while back for nlite users, and never had any reported problems with it... if your right-clicking-selecting-install does not work, pm me the error message and i'll see if i can't create a modded inf for you. strange though that it does not work... uncommenting wab.inf is not necessary; the wab is written into the msoe installer. chm files... yeah, without ie and ie core, html help won't really work. i hate to say it but i have left this alone because so few people ever need help (i know that's a rotten attitude but there you have it, we prefer a system without any html display functonality unless its a third party browser)

Whoops, yeah, yer right, sorry Sorry I was not clear. When burning the new ISO, you'll take care of shortcut creation wizard errors. But since IE has been removed, the operating system still thinks it has to treat URL objects differently than any old, everyday file object. Hence the URL error. So, no matter what, after you install, you want to make the URL object just another object, and they way to accomplish this IIRC is to also delete the URL *file extension* references in the registry. Do this after OS install but before browser installation such as Firefox. You want to make Windows think that there is nothing "special" about a URL object. But I should emphasize the "IIRC" part. It doesn't happen anymore for me but I kind of forget exactly how I fixed it

@zammalabe - odd that you found this! I never thought it would pop up with nLite users. Thankfully I keep some of my notes when I removed IE. APPWIZ.CPL is required to run the "create shortcut" wizard, and it would work even when you remove IE, except for its location. In TXTSETUP.INF, you'll see: appwiz.cpl = 2,,,,,,,2,0,0 So, we put it in system instead: appwiz.cpl = 2,,,,,,,5,0,0 and it will work. BTW, these lines are from the Win2k TXTSETUP.INF. They'll be similar in XP and 2k3. To fix this, copy the file APPWIZ to the system32 directory and see if that doesn't take care of it. Also, when you remove IE and even if you leave the core intact, Windows will try to treat URL objects as IE objects. Your best bet would be to also delete the URL *file extension* references in the registry. edit: added quoted text

@jaclaz - thanks. Wish the guys who develop these programs wouldn't always assume Windows doesn't need them This sample is unfortunately really only for developers to speed up their understanding and deployment. Wish we had some programmers able to run with this; it would also be nice if the Mozilla foundation one day just decided to develop a FF extension... @Oleg_II - no, not cabbed (compressed). They are this way so that they can be edited easily. You can compress them if you want to, but in the interest of ease of use and editing, I chose not to (plus it cuts down on e-mail from inexperienced users who might try to open and edit the files and not really understand the whole compression thing).

Oleg2-yes to the unattended question. just replace the existing msoe50.inf file in i386 with mine. also, be sure to uncomment the msoe50 line (remove semicolon) under [infs.Always] section in syssetup.inf. this also works in nlite, though it takes a little more work (but it still works in the same manner). as for the help system - yes, it can technically be installed but it uses the html dll's the ie uses, so i have (well, we have -- the nlite community) always considered help to be part of ie, since they share this critical library. unless i am missing something. when it installs, it does ask for the windows cd, right? shdoclc.dll is really the heart of ie, and as long as the pc is without this file, ie will not welcome malware and exploits. on the other hand, installing outlook and having the html libraries installed (with help) might be a bit problematic unless you're fully patched (post sp4).

@Oleg_II - Uh-oh... If you need Help to work flawlessly, and IF the xCHM proggie doesn't work... You guessed it. You need IE This INF: http://www.vorck.com/data/msoe50.inf will install MSOE and WAB after you've installed Windows without IE, BTW.

No. NTFS does certain things very well, but sometimes you REALLY want to be able to do a certain thing, and you just can't. I'd love to configure the same thing you're asking for but this functionality does not exist currently in NTFS.

@renzki - as far as I can see, your setup is completely correct. You have no hardware firewall in place to worry about opening the ports in question. The only thing I can think of at this point are DSL provider or switch limitations-- I was curious about this myself so I went searching in a broadband forum. It could apparently be an ISP limitation or some firmware setting you neglected to address in the switch (the latter of which is unlikely it sounds like but I say it FWIW.)

This was just the first thing that came to mind. Win2k's COM has had rollup updates issued because it's really buggy. Did you have the latest COM rollup? http://support.microsoft.com/default.aspx?...kb;en-us;828748 Of course, you've got the whole 'not being able to boot' thing to contend with. ERD commander or doing a parallel installation is one recourse though I am sure at this point you're probably ready to backup your data with a BartPE CD and just reinstall Win2k3sp1

It's all here, but I'm chiming in with my 2cents @victoria - There is no added functionality in terms of updated files that IE 6 will give you over IE 5.5. (There are security updates, media hooks updates, Internet browsing anfd HTML display related fixes, but no added functionality you're missing.) tommyp created an IE6 integrator that no doubt he'll adapt for the post sp4 rollup coming in a few days, so you might want to watch that thread. I have tried the IE6 integration method and it works very well at it stands right now. IMO if you do not ever use IE6, there's no point. Again, IMHO. To rid yourself of IE, tru nlite or my site (referenced both in Oleg_II's post and in my sig). @Oleg_II - Somewhere in my site I have an INF that allows for installation of both Outlook and WAB without IE. If you want I can dig it up; it's something only one or two people asked about a long time ago. All - In win2k, you can still use Daisy at http://opensource.w2k.vt.edu/daisy.php to keep your machine patched without having to visit MS's WinUpdate site.

What registry values did you tweak? Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services, have you added Microsoft's recommended settings? Value Name Value (REG_DWORD) SynAttackProtect 2 TcpMaxPortsExhausted 1 TcpMaxHalfOpen 500 TcpMaxHalfOpenRetried 400 TcpMaxConnectResponseRetransmissions 2 TcpMaxDataRetransmissions 2 EnablePMTUDiscovery 0 KeepAliveTime 300000 (5 minutes) NoNameReleaseOnDemand 1

@voided - there is no advantage to using SP3 unless you are being forced to deal with a compatability issue. If that is the case, try to track down the specific DLL(s) and version(s) you need, because running SP3 is not secure when you're using Internet Explorer. In fact, SP4 isn't either, that's why we're all awaiting the post sp4 rollup.

Sorry if this is obvious! rca.inf exists in syssetup.inf. it's a junk inf with nothing of real value in it. You could conceivably inject the contents of nlite.inf into such a "useless" inf file. (At this point Stolly, you'd expand syssetup.in_ and add "rca.inf,DefaultInstall" under [infs.Always] and rename nlite.in_ to rca.in_ and comment out references to nlite.inf in HIV files, and recompress everything, and maybe more but that's a start, sorry to be so general)

Maybe you've seen this..? http://www.msfn.org/board/index.php?showforum=89 It's an excellent way to tame Win2k3, and you can add your own registry edits to the INF files after you've run the program with very little effort.

Trashed _files_ on the HD, right? Well anyway more info on air bubbles in drive bearing lubricant. IDE drives are known to be far less hardy then SCSI, which I use in an NT4 environment, but with all that, that would be an expensive proposition for you. Not that it would really be all that relevant as long as you have SP6a, but just humor me: you're running all hotfixes, yes? (If so you have my admiration for the patience to apply all, what, 200 of them?) I really want to know is it file corruption or do the drives fail to boot? Boot failure in an IDE, as has been cited many times at Slashdot (like here for example), is due often to heat issues. Heat dissipation on disk drives kind of makes a lot of us old-school guys scratch our heads (well, maybe just makes me wonder) but I had a really hard time believing that drive technology had changed so much since the advent of the "modern" IDE drive in 1988 or so. Perhaps I'm assuming too much when you note you're old school, I dunno. But that aside, have you adjusted for proper cooling of the drives? There is proper airflow of course, but then there is: this or this and then, of course, there's crazy. More random info A Polyester drive lubricant Will we ever see huge capacity flash drives with no moving parts? I've run out of time to search Slashdot but this is I think a good start for you?

Hosted. http://www.vorck.com/data/hfslip.zip In the future, tommyp will insert a version file. watch for version changes at the top of this thread in his edited post. He did fantastic work and went where angels feared to tread... No way would I have tackled this, honestly. The coolest thing for me and fans of IE removal... his method is compatable with my files, with a slight adjustment that he'll be making. B)

well, you kind of answer your own question before asking it... you're right, system ram is system ram, it isn't aggregate swap + physical memory (now, at least. in nt 4 days it was different). it's hardware dependant, not software use dependant, so... it isn't measuring what's used. which is what you said. quite possibly you have simply found a (minor) bug in sp1. or not... in win2k3, system ram is measured a little differently than in other windows versions. example:http://support.microsoft.com/kb/283037 how this can change based on hardware: http://www.microsoft.com/whdc/system/pnppw.../hotaddmem.mspx i am guessing that the dlls used to measure system ram simply measure it differently in sp1 for 2k3. whether that's a bug or what is anyone's guess, which i emphasize i am doing (guessing). another possibility is that you've found that 2k3 sp1 has a memory leak somewhere, though i am guessing you have eliminated that as a possibility as the amount of ram would slowly keep decrementing over days or a few weeks.

Hmmm, I don't buy it. How likely is it that a hacker would insert an attack via the HTML Help system in Quicken, Quickbooks, Norton AV, etc? They'd have to be sitting at your machine! I reiterate, the way that explots _get to_ mshtml.dll is via a "Web-based attack scenario" (see KB below). Let's take a few examples, all of which apply to a Windows 2003 machine. Look at the Vulnerability details in each case. Web-based attack scenarios, in each case, apply to IE. For example, that's the only way a problem with an ActiveX control is going to get passed on to the Windows Shell (Mozilla and other browsers can't do this). MS04-023: Vulnerability in HTML Help could allow code execution. http://www.microsoft.com/technet/security/...n/ms04-023.mspx. "In a Web-based attack scenario"... Microsoft Security Bulletin MS04-037 Vulnerability in Windows Shell Could Allow Remote Code Execution (841356) http://www.microsoft.com/technet/security/...n/ms04-037.mspx "An attacker could exploit the vulnerability if a user visited a malicious Web site." "By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone." "In a Web-based attack scenario"... How to disable the ADODB.Stream object from Internet Explorer http://support.microsoft.com/kb/870669 "Adodb.stream provides a method for reading and writing files on a hard drive. ... when combined with known security vulnerabilities in Microsoft Internet Explorer, it could allow an internet web site to execute script from the Local Machine Zone (LMZ)." Microsoft Security Bulletin MS05-001 Vulnerability in HTML Help Could Allow Code Execution (890175) http://www.microsoft.com/technet/security/...n/MS05-001.mspx See Vulnerability details. "Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX controls and active scripting in the Internet zone and in the Local intranet zone." Microsoft Security Bulletin MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711) http://www.microsoft.com/technet/Security/...n/ms05-002.mspx "An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message....By default, Outlook Express 6, Outlook 2002 and Outlook 2003 open HTML e-mail messages in the Restricted sites zone." Microsoft Security Bulletin MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) http://www.microsoft.com/technet/security/...n/ms05-013.mspx Microsoft Security Bulletin MS05-015 Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) http://www.microsoft.com/technet/security/...n/MS05-015.mspx Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) http://www.microsoft.com/technet/security/...n/MS05-008.mspx In any case, you're right, it boils down to what you like. If you want the bells and whistles, there's no reason to pull IE out. If you want a more secure OS, IMO, some crippling is necessary. In the end, careful browsing and a firewall pretty much solve all of these issues.

@Ge0ph - If you check out existing IE exploits, they can only happen if they can get to the HTML rendering engine. If you use Mozilla, for example, that can't happen. That said, I do not have shdoclc.dll or mshtml.dll on my home machine (it works fine). I can get by without Windows Help, that's my choice, but if someone wants to keep Help, keeping mshtml.dll isn't a big deal, because the exploits need a vehicle to _get_ to mshtml.dll, and that's IE, OE, or Help. Checked out the link... people saying IE can't be removed in 2004 just haven't been paying attention, IMHO. They pin everything on mshtml.dll, and Windows runs without it. One must also remove mshta.exe, mshtml.dll, mshtml.tlb, mshtmled.dll, and mshtmler.dll (among a dozen others). Finally, a true core Windows file, shdocvw.dll, makes calls to IE, so it's often mistaken for an IE file (if IE isn't there, it simply can't call). BTW I run Office XP just fine. I didn't know about Quicken, no one who uses my fileset has reported using that. I'll have to borrow a copy from someone for testing out. In any case, to anyone reading generally, my files and nLite allow you to run without IE. Check it out on a Virtual Machine. If you like running without it, cool. If not, everyone's okay with that too.

Br4tt3 and Ge0ph, I have some questions. I want to understand better the reasons people hesitate to remove IE. Br4tt3: "I can ensure that lots of intgrated security / features that are shared between win32 and the IE components wont work anymore... as MS has carefully integrated IE components into Win32 so that u for the specific purpose shouldnt remove it (otherwise it wont work correctly = as in all features)" If you're removing IE, what security features are you worried about? If you remove IE, why worry about it not working correctly (in other words, it's removed, it shouldn't work at all, because it's not there). Ge0ph: "Yes you can remove a lot of the IE wrapper but if you remove the mshtml.dll and the other supporting files" In the nLite forums, we make a distinction between core OS files and IE files. BTW, my version of this file is 5.0.3700.6699, unpatched SP4, from 6/2003. No problems, because you have to visit a malicious website with IE or get a malicious HTML message in OE. If you analyze hotfixes you see that without IE, the exploits cannot take hold in a system, per "vulnerability details." (For example ONLY, because I know we're talking about 2003 here, here's a list of Win2k hotfixes to read about at http://www.vorck.com/wu.html) Ge0ph: "you can remove it but you will have such a mangled mess" What did you find mangled about your nLite installation? If you remove IE and leave the IE core, how is this a "mangled mess"? As I said, I am genuinely curious about why people are so afraid of removing IE when it's been established that it can be done in the nLite forums (and I've run Win2k without it for 4 years). I run no Norton software, as their packages are known to look for IE. I have not found other software that will not run on my IE-free machine.

"No you can't remove it." ??!? http://nuhi.msfn.org/nlite.html

(obsolete) Linked to modified DLLs that are no longer required