Kishiro

Could anyone please post a non-encrypted version of the KB924441 Hotfix? The password posted by rootworm is not valid anymore

This is what I use, it works nicely. REGEDIT4 ;Turn Off System Restore [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters] "FirstRun"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice] "Start"=dword:00000004

That's some great info GrofLuigi! You figured it out. The first file you mentioned, fltmgr.sys (FS Filter Manager), is a new service which came with SP2. From what I can read about it, you don't really need this at all. You can easily disable it like this; REGEDIT4 ; Stop the service from running [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr] "Start"=dword:00000004 ; ..or remove FS Filter Manager alltogether :) [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr] The main problem however, is the Mount Manager (mountmgr.sys) There's two places you need to hack/alter in the file if you want to get rid of the automaticly creating of the SIV\MountPointManagerRemoteDatabase file, 0A10: 5C 00 53 00 79 00 73 00 (...) 9610: 6C 43 72 65 61 74 65 53 (...) But since I'm not a hacker, I wasn't able to successfully to make it work as I wanted. I was able to disbale the creation of the mountpoint(..) file by changing the first of the mentioned addresses of (0A10) 5C 00 53(...) to 5C 00 3F(..) But I was unable to change the automatic creation of the SIV folder, which I think is programmed into the second address (9610). When I tried to change that, I couldn't launch into Windows, bummer I'll leave the hacking to someone who knows what they're doing. However, you can make it work by replacing the mountmgr.sys file, with the pre-SP2 Build, which dosen't contain any aforementioned "always-create-crappy-files-on-my-drive" code as far as I can see. I found my original XP CD, and copied mountmgr.sys (Build 5.1.2600.0) to my Windows\System32\Drivers\ folder, and restarted the machine. I deleted the System Voulme Information folder and have been running my machine for 17 hours. I've also restarted the machine 2-3 times to check if the folder gets back, and it surely does not. It's working like it used to under SP1 I won't reccomend doing any of this, unless you know what you're doing and are willing to take some risks. For your convinience, here's the original pre-SP2 Build 5.1.2600.0 of mountmgr.sys Click here

Add this to your registry tweaks started by cmdlines.txt; ;Change location of temp folder [HKEY_CURRENT_USER\Environment] "TEMP"="c:\\temp" "TMP"="c:\\temp" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "TEMP"="c:\\temp" "TMP"="c:\\temp" Now, c:\Temp will be the default temp folder for all new users. PS Remember to make the follwing folder; $OEM$\$1\Temp, so that the temp folder will be created during install.

If you know that the memory reader always get the same drive-letter during install, just submit that drive-letter from your batch-file. for %%i in (C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z:) do if exist whateveryouwanttodo For instance, if the drive-letter is "d:" , just remove "d:" from the above code.

You have to download the hacked version of "sfc_os.dll". You can get it from RyanVM (http://www.ryanvm.net/) And offcourse you also have to apply the following to your registry. But you've probably allready added this to your hivesys.inf via nLite. If not, you might want to add i to your T-12 registry tweaks. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCSetting"=dword:ffffff9d

I try to disable NetBIOS over TCP/iP in my WINNT.SIF, but it dosen't seem to work. "NetBIOSOptions=2" is there, but after installation I go to my NIC settings, and the WINS tab, and I can clearly see that the NetBIOS option is set to "Default" and not "Disabled". Can anyone see what's wrong here? Here's my winnt.sif; ; ; W i N N T . S i F ; [Data] AutoPartition=0 MsDosInitiated=0 UnattendedInstall=Yes AutomaticUpdates=No [Unattended] UnattendMode=FullUnattended UnattendSwitch=Yes OemPreinstall=Yes OemSkipEula=Yes FileSystem=* WaitForReboot=No TargetPath=\WINDOWS DriverSigningPolicy=Ignore CrashDumpSetting=0 Hibernation=No DisableDynamicUpdates=Yes KeyboardLayout=Norwegian [SystemFileProtection] SFCQuota=0 [WindowsFirewall] Profiles=WindowsFirewall.TurnOffFirewall [WindowsFirewall.TurnOffFirewall] Mode=0 [GuiUnattended] AdminPassword=* AutoLogon=No TimeZone=110 OEMSkipRegional=1 OemSkipWelcome=1 EncryptedAdminPassword=No [Shell] DefaultThemesOff=Yes DefaultStartPanelOff=Yes [UserData] ProductKey=*deleted* FullName=- OrgName= ComputerName=* [RegionalSettings] LanguageGroup=1 Language=00000414 [TapiLocation] CountryCode=47 [Identification] JoinWorkgroup=HELL [PCHealth] ER_Display_UI=0 ER_Enable_Applications=None ER_Enable_Kernel_Error=0 ER_Enable_Reporting=0 ER_Enable_Windows_Components=0 [Branding] BrandIEUsingUnattended=Yes [URL] Home_Page=http://www.msfn.org/ [Networking] InstallDefaultComponents=No [NetAdapters] Adapter1=params.Adapter1 Adapter2=params.Adapter2 [params.Adapter1] INFID=* [params.Adapter2] INFID=* [NetClients] MS_MSClient=params.MS_MSClient [NetServices] MS_SERVER=params.MS_SERVER [NetProtocols] MS_TCPIP=params.MS_TCPIP [params.MS_TCPIP] DNS=Yes UseDomainNameDevolution=No EnableLMHosts=No AdapterSections=params.MS_TCPIP.Adapter1 AdapterSections=params.MS_TCPIP.Adapter2 [params.MS_TCPIP.Adapter1] DHCP=Yes WINS=No NetBIOSOptions=2 [params.MS_TCPIP.Adapter2] SpecificTo=Adapter2 DHCP=Yes WINS=No NetBIOSOptions=2 [Components] indexsrv_system=off AutoUpdate=Off msmsgs=off msnexplr=off pinball=off spider=off WMAccess=Off WMPOCM=Off zonegames=off [GuiRunOnce] %systemdrive%\install\install.cmd

@cybpsych ------------------------------------------------- @echo off bootcfg /raw "/Execute /fastdetect" /id 1 ------------------------------------------------- This disables DEP (Data Execution Prevention) completely. I use it on my unattended WindowsXP CD, and it works like a charm