MrJinje

http://superuser.com/questions/308277/is-there-anyway-to-xcopy-just-changed-or-new-files xcopy /d parameter should do the first part of trick, you are on your own to find the permissions aspect. I'll check back later http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/xcopy.mspx?mfr=true /d[:mm-dd-yyyy] : Copies source files changed on or after the specified date only. If you do not include a mm-dd-yyyy value, xcopy copies all Source files that are newer than existing Destination files. This command-line option allows you to update files that have changed.

Any plausibility this only requires a single DLL from search service and not the full feature. Like how with nlite/vlite we only needed to save certain dll's to keep stuff from breaking

Create a folder called "C:\zmountdir" on your C drive and mount your image to it. Here are the mount and unmount commands. http://technet.microsoft.com/en-us/library/dd744382%28v=ws.10%29.aspx Dism /Mount-Wim /WimFile:C:\test\images\install.wim /index:1 /MountDir:C:\zmountdirDism /Unmount-Wim /MountDir:C:\zmountdir /commit

Step 1) DBAN Step 2) Re-install generic XP with your recovery disc, maybe even use the buyers name for them or ask them what computer name they want. etc. Step 3) $$$ Profit $$$ Important note: If you do not have a XP disc to re-install with, do not run the DBAN, it will delete everything. Forget sysprep unless you've used it before, not as easy as dariks boot and nuke + reinstall. If they don't like the generic user name you pick, they can re-install using the product key from your COA sticker.

Here is something similar in powershell as an example for future readers. $FILE1 = Get-Content .\File1.ini$1 = $FILE1[0]$2 = $FILE1[1]$3 = $FILE1[2]$4 = $FILE1[3]$FILE2 = Get-Content .\File2.ini$5 = $FILE2[0]$6 = $FILE2[1]$7 = $FILE2[2]$8 = $FILE2[3]$1+","+$5$2+","+$6$3+","+$7$4+","+$8

Other well known tools are:http://ultradefrag.sourceforge.net/en/index.html http://www.kessels.com/jkdefrag/ Yeah, they don't host it on Disktrix.com anymore, so the only places to find it are on CNET and other download sites. Hadn't seen that 'pro' but don't matter, I like the app, works fine for me. But whichever advanced defragger (also had never seen the other two before) you use, I can verify that normal defragging does not cut it on drives with hundreds of thousands of small files. Things like searches/scans etc take longer because the defragged files are not 'in order'. Meaning when the hdd is jumping one section of the platter to reach the next tiny file it adds milliseconds delay each time. Not noticeable until you have a vast number of files, but things like Anti-Virus can shave off a few seconds / minutes of run-time. Normal Defrag = randomly putting all books on one shelf Advanced Defrag = dewey decimal system. in order, easy to find. $MFT is the card catalog.

Get the DiskTrix free Domain edition and give it a look-see. The graph is easy to read and offers more detail than anything else. http://www.pcworld.com/product/950263/ultimatedefrag-free-public-domain-edition.html I'd give the file/folder defrag (alphabetically and closer to $MFT) to improve performance. Even if your files are 100% defragged, you can be a little faster if the files are re-aligned closer to the master file table.

Good stuff problemchyld, have you seen anything similar for Office 97 Access

Have you tried turning it off and on again.

run cmd.exe type slmgr -ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

Actually, I use a .reg from SetupComplete.cmd, but same effect. regedit /s %~dp0Set-ExecutionPolicy.regstart /wait %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe %~dp0Kicker.ps1Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]"ExecutionPolicy"="RemoteSigned"and have this inside the kicker.ps1 which is running under 'local system' privilege because it is called from SetupComplete.cmd. Set-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0Set-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fSingleSessionPerUser" -Value 0 @max, if it doesn't work, throw a 'start /wait' around it as powershell takes a second to load and we need to wait before calling the next line. Maybe that was why I went with the .reg cause it processed it quicker. (or reg.exe) start /wait powershell -command "Set-ExecutionPolicy RemoteSigned"

because it went through more hops to get there. Each hop reduces the TTL by one. Apparently it is less 4 less hops to get to google than yahoo from your DNS provider.

All black, still the #1 windows theme.

John Dies at the End.

Norton is big and clunky, see how much effort they put into the timing clock. A better choice might be to use McAfee. Just plug and play.

Use those HTA inputs to modify the local copy of unattend.xml via text replace. Then have your hta call setup.exe pointing to the modified local copy unattended.xml via switches. You'll have to do some digging to find out which folder it is copied to locally (i think panther folder) Anyways, here is the syntax, replace the network path with the C: drive local path and it should be good to go. \\server\share\dvd\setup.exe /unattend:\\server\share\unattend.xmlYou can search google for how to replace text inside an XML, shouldn't be too hard if you have the powershell.cab in your winpe session.

Here is how I ended up creating my first logon command via my unattend.xml. I still do the HKLM stuff via the setupcomplete.cmd, but for HKCU, this is the only way to go. Note that to open powershell and retain synchronicity from FirstLogonCommands, I used "cmd /c start /wait". <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <CommandLine>cmd /c start /wait C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Setup\Scripts\FirstLogon.ps1</CommandLine> <Description>First Logon</Description> <Order>1</Order> </SynchronousCommand> </FirstLogonCommands>You can probably throw in some other powershell options as well, like -sta or cmd /c start /wait C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -nologo -noninteractive -WindowStyle Hidden -command "& {C:\Windows\Setup\Scripts\FirstLogon.ps1}"

There used to be a trick to use the photoviewer.dll (because no .exe existed in W7), still works in W8 / W81, in case any future readers want to test it out. %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

Note to self, remember to set some associations via XML with a signature name, search for registry changes after applying XML via DISM, then see if we can't find the over-riding setting location to avoid this DISM nonsense. Some info's on how associations worked in W7. Update: Did some testing, W81/2012R2 is throwing in a new redirect in HKCR. See here, Windows created an "XXX_auto_file" key and the settings are applied in the redirect. Maybe it's that easy. The hex bits just say "%SystemRoot%\system32\NOTEPAD.EXE %1" Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\.JINJE]@="JINJE_auto_file"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\JINJE_auto_file][HKEY_CLASSES_ROOT\JINJE_auto_file\shell][HKEY_CLASSES_ROOT\JINJE_auto_file\shell\edit][HKEY_CLASSES_ROOT\JINJE_auto_file\shell\edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\ 54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\ 00[HKEY_CLASSES_ROOT\JINJE_auto_file\shell\open][HKEY_CLASSES_ROOT\JINJE_auto_file\shell\open\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\ 54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\ 00When I remember, I'll have to take a look and see what we need to do to make registry switch AVI to MPC.

This works if set via the group policy (or likely via group policy in the $OEM$ folders trick). Create the setting in gpedit.msc, then copy your "C:\Windows\System32\GroupPolicy" folder into your $OEM$ folders @ ($OEM$\$$\System32 folder) gpedit.msc > User Config > Admin Templates > Control Panel > Personalization > Load a specific themeWhen I did it via gpedit.msc, it created 2 files registry.pol and comment.cmtx, and we probably don't need the comment file. FYI, the setting only works prior to first logon, so it won't seem to work if you already logged with an account as it will not change anything, you'll have to delete that user profile and logon again, which will cause windows to go through the 'setting up your profile' magics on first logon. Doing so edits this setting. But you cannot use the .reg HKCU to push the setting because it only occurs during first logon, hence timing paradox. Maybe we could try editing the default user profile @ HKU\.DEFAULT - Or could try it from HKLM and see if it will push across the machine via undocumented setting. Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization]"ThemeFile"="C:\\Windows\\Setup\\Scripts\\SOLID_BLACK_SOUNDS_DISABLED_2012_R2.deskthemepack"http://windows7themes.net/windows-7-theme-group-policy.html

Good trick Max, I can't beat auto-it (because of the way Control Panel hwnd's are handled) but here is the powershell alternative. The caveat being it cannot activate the personalization window. C:\Windows\Setup\Scripts\BLACK_SILENCE_NO_SCREENSAVER_2012_R2.deskthemepackStart-Sleep 5[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic');[Microsoft.VisualBasic.Interaction]::AppActivate("Personalization")[void][System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');[System.Windows.Forms.SendKeys]::SendWait("%{F4}")Updated snippet with VBS style AppActivate method. http://technet.microsoft.com/en-us/library/ee221101.aspx http://technet.microsoft.com/en-us/library/ff657834

and here is the reverse setting, forcing ownership back to TrustedInstaller language independently. Useful if you have taken ownership of a system file and have some unknown reason to set it back. Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\*\shell\runas]@="Force Ownership""NoWorkingDirectory"=""[HKEY_CLASSES_ROOT\*\shell\runas\command]@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:F""IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:F"[HKEY_CLASSES_ROOT\Directory\shell\runas]@="Force Ownership""NoWorkingDirectory"=""[HKEY_CLASSES_ROOT\Directory\shell\runas\command]@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:F /t""IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:F /t"forceownership_trustedinstaller.reg

What I am doing on Windows Server 2012 R2 is creating my custom theme from inside an installed OS. I open up Personalize, change my desktop background, sounds, screensaver, etc, right click on the unsaved theme, and save the file on my desktop as a .themepack. Then from my first logon script, I run this command under each user account and it applies the theme, which I kept in the same folder with my setupcomplete.cmd for simplicity. Partial contents of my 'FirstLogon.ps1' script. C:\Windows\Setup\Scripts\SOLID_BLACK_SOUNDS_DISABLED_2012_R2.deskthemepack.Not sure what OS we are talking about, but it should work on 8.1 the same way. Haven't tracked down the way to alter the default theme OEM style yet, but it's probably plausible depending on the source of the default theme (if registry based, yes easy, if DLL hardcoded in a signed block, maybe harder)

Yeah, I think a powershell way would be easier, I've found some useful Hex bits at sans.org. http://www.sans.org/windows-security/2010/02/11/powershell-byte-array-hex-convert Looking at my 8.1 machine the first 24 bytes are garbage, then begins plain text path, followed by hundreds of zero's padding. Header7a,c3,01,00,c2,87,00,00,05,01,00,00,f1,00,00,00,dc,\ b4,b1,18,d5,ab,ce,01,Header is slightly different each time.7a,c3,01,00,e4,ef,00,00,80,07,00,00,b0,04,00,00,aa,\ ab,d2,f1,28,b5,ce,01,The goods. This is the path in plain text (as hex)5a,00,3a,00,5c,00,53,00,68,00,61,00,72,00,65,00,64,00,\ 5c,00,4b,00,72,00,79,00,74,00,65,00,6e,00,2d,00,52,00,65,00,64,00,44,00,77,\ 00,61,00,72,00,66,00,2e,00,6a,00,70,00,67,00"TranscodedImageCache"=hex:7a,c3,01,00,c2,87,00,00,05,01,00,00,f1,00,00,00,dc,\ b4,b1,18,d5,ab,ce,01,5a,00,3a,00,5c,00,53,00,68,00,61,00,72,00,65,00,64,00,\ 5c,00,4b,00,72,00,79,00,74,00,65,00,6e,00,2d,00,52,00,65,00,64,00,44,00,77,\ 00,61,00,72,00,66,00,2e,00,6a,00,70,00,67,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\I guess the simple way from VBS would be to skip over the first 24 bytes when you run your loop. Start a counter, i = i+1, then make an if i = less than 24 skip to next byte.

Check your standby ram. I find my ram cache holds junk I don't need anymore, flushes slowly for some reason once I reach zero available free memory and this seems to help. http://www.google.com/search?as_qdr=all&num=100&q=EmptyStandbyList.exe+magicandre1981 @andre, would this be possible to be re-written to Powershell, where would I start looking if I wanted to re-create the effect via script. FYI, looked in the source codes of wj32's process hacker, it's a big project not sure what I am looking for, or if it can even be manipulated via powershell, what you think ?