I used HFSLIP for Windows 2000 Professional SP4 and the associated security updates about one and a half years ago (in July 2008) and I have been really happy with the results. A lot of people have contributed their efforts here to help make things run really smoothly, for which I am very grateful and I thank you!!! Now, however, I have a dilemma. I have a ton of programs installed and am happy with the status of my O/S. I would prefer just to install all of the security patches that have come up in the last one and a half years manually, instead of creating a new HFSLIPed CD and starting my O/S installation from scratch. So, I'm endeavouring to use TommyP's "green list" as my reference point for grabbing all of the necessary security updates that have come up between the time of my HFSLIP and now. I've used a list of all of the KB values which appear in the following area of the Windows Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\ I've compared those KB values against the KB values in TommyP's green list. Overall, I'm able to see most of the gaps in what I have installed and what's on TommyP's green list, but I do have a few questions that I hope you can help me to answer. 1. Should I be trying to install security updates in any kind of order, say, based on the oldest date first? Perhaps, instead, I can safely install them in any order, with the assumption that no update will contain a duplicate file and that even if different updates do contain duplicate files, an older version will not overwrite a newer version of said file during the installation process? 2. Is there possibly going to be a problem if I install a security update twice? If not, I'd rather be safer than sorry in a few cases where I am uncertain if I included the security update when I made the HFSLIP installation, and just try to re-install in case I didn't install an update in the first place. Should I expect any particular error messages when installing an update twice or would most updates simply just install over themselves without issue? 3.In terms of MSXML, it appears that I have the following dlls under my \WINNT\System32\ directory with "msxml" in their name: msxml.dll msxml3.dll msxml3a.dll msxml3r.dll msxml4.dll msxml4r.dll msxmlr.dll I am going to assume that I therefore have MSXML 4 installed and not MSXML 6 installed, and will thus grab the msxml4-KB954430-enu.exe (MSXML4) update but not the msxml6-KB954459-enu-x86.exe (MSXML6) update. However, I don't see any msxml dll entries with the number "2" in them. Does that mean I do not need the msxml2sp6-kb887606-x86-enu.exe (MSXML2) update or should I install that one, too? Note that if it helps to know, my original source was Windows 2000 Professional without any Service Packs, to which I manually slip-streamed SP4. I used the manually slip-streamed SP4 set of files in my HFSLIP SOURCE directory. 4. In my HFSLIP, I went with Windows Media Player 6.4 instead of Windows Media Player 9. However, I also chose to install the Windows Media Player 9/10 Codec package. It appears that I have also installed one of the WM9/10 Codec updates, WindowsMedia-KB911564-x86-ENU.exe. Can I safely assume that I need to install all of the updates listed as entries on TommyP's green list with a "Notes" value of "WM9/10 Codecs"? Am I likely to run into problems with manually installing some or any of these updates by sticking with Windows Media Player 6.4? For example, just looking at the KB article for one of those security updates: http://support.microsoft.com/kb/941569 I get a little bit leery by reading the following text: ===== MS07-068: Vulnerability in Windows Media file format could allow remote code execution Known issues with this security update Consider the following scenario. You install security update MS07-068 on a computer that is running the following items: * Microsoft Windows 2000 with Service Pack 4 * Windows Media Player version 7.1 or an earlier version of Windows Media Player In this scenario, Windows Media Player might no longer correctly play some media files. For example, Windows Media Player might not play .mp3 files correctly. ===== The other oddity is that the "APPLIES TO" section of the kb article only lists "Microsoft Windows 2000 Advanced Server SP4" and "Microsoft Windows 2000 Datacenter Server" for Windows 2000 versions, without a mention of Windows 2000 Professional. So, does one or both of those oddities mean that I should not install that update? 5. I was thinking of using the "/norestart" switch when executing the security updates from a command line, and perhaps manually rebooting after every 10 or so updates get installed. Does that plan sound good? 6. Do you have any other tips or caveats for installing these security updates manually? 7. Is there any easy way to install a more recent HFSLIPed version of the same O/S with more recent security updates integrated overtop of my existing installation without wiping out the records of my installed programs and other settings? For example, is there some sort of "repair" option for a bootable O/S CD that automatically updates the O/S with all of the newer security updates from the HFSLIPed CD while maintaining everything else in the Windows Registry and elsewhere (registered dlls, etc) that aren't directly affected? I guess I'm probably just dreaming here, aren't I?
