Jump to content


  • Posts

  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country


Everything posted by Kishiro

  1. Could anyone please post a non-encrypted version of the KB924441 Hotfix? The password posted by rootworm is not valid anymore
  2. This is what I use, it works nicely. REGEDIT4 ;Turn Off System Restore [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters] "FirstRun"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice] "Start"=dword:00000004
  3. That's some great info GrofLuigi! You figured it out. The first file you mentioned, fltmgr.sys (FS Filter Manager), is a new service which came with SP2. From what I can read about it, you don't really need this at all. You can easily disable it like this; REGEDIT4 ; Stop the service from running [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr] "Start"=dword:00000004 ; ..or remove FS Filter Manager alltogether :) [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr] The main problem however, is the Mount Manager (mountmgr.sys) There's two places you need to hack/alter in the file if you want to get rid of the automaticly creating of the SIV\MountPointManagerRemoteDatabase file, 0A10: 5C 00 53 00 79 00 73 00 (...) 9610: 6C 43 72 65 61 74 65 53 (...) But since I'm not a hacker, I wasn't able to successfully to make it work as I wanted. I was able to disbale the creation of the mountpoint(..) file by changing the first of the mentioned addresses of (0A10) 5C 00 53(...) to 5C 00 3F(..) But I was unable to change the automatic creation of the SIV folder, which I think is programmed into the second address (9610). When I tried to change that, I couldn't launch into Windows, bummer I'll leave the hacking to someone who knows what they're doing. However, you can make it work by replacing the mountmgr.sys file, with the pre-SP2 Build, which dosen't contain any aforementioned "always-create-crappy-files-on-my-drive" code as far as I can see. I found my original XP CD, and copied mountmgr.sys (Build 5.1.2600.0) to my Windows\System32\Drivers\ folder, and restarted the machine. I deleted the System Voulme Information folder and have been running my machine for 17 hours. I've also restarted the machine 2-3 times to check if the folder gets back, and it surely does not. It's working like it used to under SP1 I won't reccomend doing any of this, unless you know what you're doing and are willing to take some risks. For your convinience, here's the original pre-SP2 Build 5.1.2600.0 of mountmgr.sys Click here
  4. Add this to your registry tweaks started by cmdlines.txt; ;Change location of temp folder [HKEY_CURRENT_USER\Environment] "TEMP"="c:\\temp" "TMP"="c:\\temp" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "TEMP"="c:\\temp" "TMP"="c:\\temp" Now, c:\Temp will be the default temp folder for all new users. PS Remember to make the follwing folder; $OEM$\$1\Temp, so that the temp folder will be created during install.
  5. If you know that the memory reader always get the same drive-letter during install, just submit that drive-letter from your batch-file. for %%i in (C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z:) do if exist whateveryouwanttodo For instance, if the drive-letter is "d:" , just remove "d:" from the above code.
  6. You have to download the hacked version of "sfc_os.dll". You can get it from RyanVM (http://www.ryanvm.net/) And offcourse you also have to apply the following to your registry. But you've probably allready added this to your hivesys.inf via nLite. If not, you might want to add i to your T-12 registry tweaks. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCSetting"=dword:ffffff9d
  7. I try to disable NetBIOS over TCP/iP in my WINNT.SIF, but it dosen't seem to work. "NetBIOSOptions=2" is there, but after installation I go to my NIC settings, and the WINS tab, and I can clearly see that the NetBIOS option is set to "Default" and not "Disabled". Can anyone see what's wrong here? Here's my winnt.sif; ; ; W i N N T . S i F ; [Data] AutoPartition=0 MsDosInitiated=0 UnattendedInstall=Yes AutomaticUpdates=No [Unattended] UnattendMode=FullUnattended UnattendSwitch=Yes OemPreinstall=Yes OemSkipEula=Yes FileSystem=* WaitForReboot=No TargetPath=\WINDOWS DriverSigningPolicy=Ignore CrashDumpSetting=0 Hibernation=No DisableDynamicUpdates=Yes KeyboardLayout=Norwegian [SystemFileProtection] SFCQuota=0 [WindowsFirewall] Profiles=WindowsFirewall.TurnOffFirewall [WindowsFirewall.TurnOffFirewall] Mode=0 [GuiUnattended] AdminPassword=* AutoLogon=No TimeZone=110 OEMSkipRegional=1 OemSkipWelcome=1 EncryptedAdminPassword=No [Shell] DefaultThemesOff=Yes DefaultStartPanelOff=Yes [UserData] ProductKey=*deleted* FullName=- OrgName= ComputerName=* [RegionalSettings] LanguageGroup=1 Language=00000414 [TapiLocation] CountryCode=47 [Identification] JoinWorkgroup=HELL [PCHealth] ER_Display_UI=0 ER_Enable_Applications=None ER_Enable_Kernel_Error=0 ER_Enable_Reporting=0 ER_Enable_Windows_Components=0 [Branding] BrandIEUsingUnattended=Yes [URL] Home_Page=http://www.msfn.org/ [Networking] InstallDefaultComponents=No [NetAdapters] Adapter1=params.Adapter1 Adapter2=params.Adapter2 [params.Adapter1] INFID=* [params.Adapter2] INFID=* [NetClients] MS_MSClient=params.MS_MSClient [NetServices] MS_SERVER=params.MS_SERVER [NetProtocols] MS_TCPIP=params.MS_TCPIP [params.MS_TCPIP] DNS=Yes UseDomainNameDevolution=No EnableLMHosts=No AdapterSections=params.MS_TCPIP.Adapter1 AdapterSections=params.MS_TCPIP.Adapter2 [params.MS_TCPIP.Adapter1] DHCP=Yes WINS=No NetBIOSOptions=2 [params.MS_TCPIP.Adapter2] SpecificTo=Adapter2 DHCP=Yes WINS=No NetBIOSOptions=2 [Components] indexsrv_system=off AutoUpdate=Off msmsgs=off msnexplr=off pinball=off spider=off WMAccess=Off WMPOCM=Off zonegames=off [GuiRunOnce] %systemdrive%\install\install.cmd
  8. @cybpsych ------------------------------------------------- @echo off bootcfg /raw "/Execute /fastdetect" /id 1 ------------------------------------------------- This disables DEP (Data Execution Prevention) completely. I use it on my unattended WindowsXP CD, and it works like a charm
  9. @prathapml Here's some of my registry tweaks that dosen't seem to be in the compilation of yours; *please post large amounts of text/code as attachments ie_zones.txt
  10. Thanks Raja I'll give it a spin and report back with my findings.
  11. Have any of you guys experience in changing Registry permissions with a script using "regini" or "RegDACL" or other utils? What I would like to do on my unattended CD, is to remove the "full control" permission for all users from the following key "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\" and also disable the "Inherit from parent the permission entries that apply to child objects(..)" on the aformentioned key. Do anyone know if it's possible to create a script that do this on the first logon? Any help would be appreciated. (For anyone who wonders what this do to the system, it forces the Start Menu and Favorites to always be alphabeticly sorted.)
  12. That's the same conclusions I've come to. I've file monitored my machine for 96hours, and the dirs aren't coming back, unless I restart my machine. It's really annoying, and now it's the only problem I haven't manage to solve in my wonderfull cuztomized unnatended XPSP2 CD.
  13. @lpl My bad, use this instead; [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments] "SaveZoneInformation"=dword:00000001 However, it should work without this key. This key only tells Windows not to store information at file level (applies to ntfs only) about in which "zone" you got the file you're trying to open. (Yes I know it's confusing that SaveZoneinformation=1 actually means don't save, and SaveZoneinformation=0 means save... stupid MS Logic... ). So, If you added the other values as you said, it should work perfectly. Remeber to restart the machine after adding. Also, if you're using these reg-settings in an unattended setup, remember that many of the HKEY_CURRENT_USER keys must be added at the very end of the installation. Run regedit to check that they were applied correctly.
  14. This should do the trick ----------------------------------------------------------------------------------------------- REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download] "CheckExeSignatures"="no" "RunInvalidSignatures"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments] "SaveZoneInformation"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] "LowRiskFileTypes"=".exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;" -----------------------------------------------------------------------------------------------
  15. @Benners Did you figure anything out ? I've tried myself to solve this puzzle, but I can't seem to figure out which process is making the MountPointManagerRemoteDatabase files. The information on the net seems to be rather sparse. However during my testing I've discovered that the files aren't really used or written to. I've disabled System Restore, The Indexing Service and The Distributed Link Tracking Service. If i delete the "System Volume information" folders, they're recreated at startup. If I create the MountPointManagerRemoteDatabase file myself, clear the archive attribute and notes down the timestamp, restarts the machine, I can see that the timestamp has not been changed and the archive-bit is still off, hence no writing to the file. So some process is checking if the file exists, if i dosen't it's recreated, but it seems the file itself is useless.

  • Create New...