cluberti

The streams utility by sysinternals can delete these.

That's fine, but there's no real "automated" way to clean this, it's a one machine at a time per admin deal if you don't want to reinstall. You either spend the time creating / testing an image and deploying it, or spend time (likely the same amount) cleaning as best you can the machines in their current state. There are pros and cons to each approach, so you'll have to determine wich you want to do.

I would check the obvious things first - make sure you don't have any trusts configured against the old domain in sites & services, make sure you don't have any lmhosts or hosts entries on the box pointing to the old domain, and make sure DNS (and WINS, if in use) contains no references to the old domain. Also, any scripts or apps that use AD should also be checked to make sure they don't reference the old domain as well.

Sure - here's one of my .js template files I keep that allows access to specific sites on any protocol, allows access to a specific site only via https, and blocks everything else on every protocol: // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // // // // Very basic proxy autoconfig script // // // // Author: cluberti@cluberti.com // // // // Created: 4/21/2004 // // // // Last Modified: 6/11/2006 // // // // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // function FindProxyForURL(url, host) { // See if we match "google.com" on // any protocol: if (shExpMatch(host, "google.com")) // if so, pass the packets // directly to the internet: return "DIRECT"; else // See if we match "*.google.com" on // any protocol: if (shExpMatch(host, "*.google.com")) // if so, pass the packets // directly to the internet: return "DIRECT"; else // See if we match the URL string // [url="https://mail.server.com"]https://mail.server.com[/url] (with any // trailing page): if (shExpMatch(host, "https://mail.server.com", "*/*")) // if so, allow https traffic to // any subpages on this site (*/*): return "DIRECT"; else // Rules to send all other traffic // to port 4321 on localhost, which // will have nothing listening and // thus will display a "Page could // not be displayed" error in the // user's browser: // http block rule: if (url.substring(0, 5) == "http:") return "PROXY 127.0.0.1.4321"; else // ftp block rule: if (url.substring(0, 4) == "ftp:") return "PROXY 127.0.0.1:4321"; else // gopher block rule: if (url.substring(0, 7) == "gopher:") return "PROXY 127.0.0.1:4321"; else // https block rule if (url.substring(0, 6) == "https:") return "PROXY 127.0.0.1.4321"; else // anything that doesn't match the // rules above, also block: return "PROXY 127.0.0.1:4321"; } You can find more here, too: http://wp.netscape.com/eng/mozilla/2.0/rel...proxy-live.html http://www.microsoft.com/technet/prodtechn...k.mspx?mfr=true http://www.microsoft.com/technet/prodtechn...s.mspx?mfr=true http://java.sun.com/j2se/1.4.2/docs/guide/...xie_config.html

No, that's virtual address space, the virtual address range a process can address (2GB by default, 3GB when your boot configuration includes the /3GB option). This has absolutely NOTHING to do with physical RAM at all, and should not be confused with it. The most physical RAM a 32bit version of Vista can address is 4GB (minus any memory reserved by the BIOS during boot). On a side note, 32bit server versions of Windows can address more than 4GB if /PAE is used, but the OS doesn't use it, and only applications compiled a specific way and that include code for doing their own memory management when compiled can access and use the physical RAM above 4GB via the AWE (Address Windowing Extension) API set - and even then, the OS doesn't do memory management of any memory mapped into the AWE window, the application is responsible completely for management of this mapped view of RAM above 4GB. I'll stop my tangent and point you here - visit the links there before doing anything else. I think a few of you are a little confused about RAM and virtual address space, so hopefully this will educate you further so you'll understand this better and make a more informed decision. If you really want to learn more about memory management in Windows (and a whole lot of other useful info about the platform), consider Windows Internals, 4th Edition, specifically chapter 7 on memory management. It's not what I'd call an easy read, but it's *the source* for this kind of info. Anyway, to answer the OP's question, you need to do some research before going 64bit - check the hardware you plan on using and see if it's on the x64 Vista HCL. If you find that some of your planned hardware devices are not listed here, check the vendor's site for Vista x64 drivers. If you still find devices that aren't listed, consider 32bit - 64bit really is problematic if you don't have drivers (just like 32bit would be in the same scenario), and you should definitely go 32bit in this scenario. However, if all of your planned hardware has 64bit drivers, either from the vendor or on the Vista disc itself (via the HCL), start checking apps you plan on using to make sure they'll either work in x64 in 32bit mode, or have an x64 version you can run. Again, if you find that your apps are not going to run on Vista x64, use 32bit. If you have drivers for your hardware, and x64 software (or compatible with the x64 environment in 32bit mode), 64bit is a really great environment to work in and quite a few of us have gone entirely 64bit (myself included).

The command to use to disable UAC (if UAC is on, must be run from an elevated command prompt) is as follows (watch for word wrap, as this should be run as one long command line): C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f You can disable the security pop-ups by clicking the red security icon, and clicking the "Change the way security center alerts me" link on the left (choose don't notify me and don't display the icon if you so desire).

By default, Windows can only remember folder views in the registry for a set number of folders (the article applies to Vista as well, but I'm not sure about the actual # - it's probably the same or close to the limits listed there, though). You can increase this, also via following the article linked. I'm not sure I know what you're talking about, as this sounds like a spysweeper function and not a Windows function. Perhaps you could elaborate on this? The lsass.exe process (Local Security Authority Subsystem Service, lsass) is invoked any time security permissions need to be accessed or modified, meaning something on your box is doing something dealing HEAVILY with authentication or security permissions during these times. Are you on a domain, or have anything running in the background that would cause higher-than-normal authentication requests or communications with a domain controller? The only time lsass.exe would see high CPU would be during periods of security checking, modification, or actual auth requests to or from the box.

Are you able to force the use of a proxy autoconfig script? If so, you could bypass the proxy and only allow access to the whitelisted sites in the script. Otherwise, you'll be stuck with a firewall that can proxy with an appliance.

Yeah, dumps would be great but you'll have to use the debugger to actually launch Windows Media Player to capture these: cscript C:\Debuggers\adplus.vbs -crash -quiet -o c:\adplus -sc "C:\Program Files\Windows Media Player\wmplayer.exe" This will catch it when it crashes, if it crashes. Just run the above command and it'll attach the debugger, launch Windows Miedia Player, and dump it if it crashes. Keep running the above command until it crashes (don't close the open windows yet, though, for any that didn't crash - we don't want those dumps!), and zip up C:\adplus and post it. Once you've zipped up C:\adplus, you can close any open WMP windows that didn't crash.

A second vote for using mount points.

Everytime I do I get a crc error on extraction - can you extract the original rar file on your box without error?

It's pretty slow when searching the hard disk, I've found the same behavior to be quite normal.

The first 4 registry listings are normal for Win2K, so I wouldn't touch those. The d3r7prt listings are from daemon tools, and I can't see enough about the last two to make any determinations about what those files are - although they're in temporary files, so they can probably be killed without too much fanfare.

We sure can - again, I'm confident the nvidia driver is causing the crash, but I have no real proof. However, if you can't replace the driver, using a different application that is compatible with it (like azureus) might help.

There are links here that can spell that out for you.

Unfortunately, just like XP, driver support on release stinks from some vendors (*cough*Nvidia*cough*).

Read the fine print on the packaging - the industry has switched to 1GB = 1000MB.

I'm pretty sure it's the nvidia network access manager causing it, or the network driver itself, but I don't have any real proof, just circumstantial evidence (like the dump output above).

Hmmm - that status code is ERROR_INTERNAL_ERROR. Do you have the msi logs of the installation?

Neither of these dumps is of the process crashing, but terminating. We'll need to try again, it seems.

Looks like it could be nvappfilter.dll (Nvidia network access manager) causing heap corruption (svchost crashes due to a debug breakpoint on a heapfree call on a heap that nvappfilter just wrote to, causing a status c0000374 - "STATUS_HEAP_CORRUPTION"): 0:047> .ecxr eax=00000000 ebx=00000000 ecx=777b14cd edx=03e0f99d esi=01c50000 edi=01c59ec4 eip=777d2ea8 esp=03e0fbec ebp=03e0fc68 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206 ntdll!DbgBreakPoint: 777d2ea8 cc int 3 0:047> kb *** Stack trace for last set context - .thread/.cxr resets it ChildEBP RetAddr Args to Child 03e0fbe8 7783f19c 03e02d22 01c59ec4 01c50000 ntdll!DbgBreakPoint 03e0fc68 7783fcef c0000374 7785cf50 03e0fcac ntdll!RtlReportCriticalFailure+0x2e 03e0fc78 7783fddd 00000002 03e02de6 00000000 ntdll!RtlpReportHeapFailure+0x21 03e0fcac 77802c89 00000009 01c50000 01c59ec4 ntdll!RtlpLogHeapFailure+0xa1 03e0fcd8 773d7a7e 01c50000 00000000 01c59ec4 ntdll!RtlFreeHeap+0x60 03e0fcec 10004f7c 01c50000 00000000 01c59ec4 kernel32!HeapFree+0x14 WARNING: Stack unwind information not available. Following frames may be wrong. 03e0fd74 77123891 00000c78 03e0fd90 773d7374 nvappfilter+0x4f7c 03e0fd94 6e23b372 00000c78 03681d5c 03e0fdb8 ws2_32!closesocket+0x85 03e0fda4 6e23aa4e 03681d5c 03681e28 03681d5c iphlpsvc!TeredoDestroySecondarySocket+0x2d 03e0fdb8 6e22cb94 03681d5c 03681488 03e0fddc iphlpsvc!DeviceStop+0x1f 03e0fdc8 6e23479c 03681d5c 00100002 03681488 iphlpsvc!TeredoStopDevice+0x21 03e0fddc 6e238807 03681488 777a3324 00000000 iphlpsvc!TeredoHibernateClient+0x53 03e0fdfc 6e238c18 00000001 777b371c 022e8da8 iphlpsvc!TeredoClientTimerCallbackUnderLock+0x180 03e0fe10 777a32fb 03e0fe70 03681488 022e8da8 iphlpsvc!TeredoClientTimerCallback+0x8d 03e0fe34 777fa2b8 03e0fe70 022e8e08 03e02e16 ntdll!TppTimerpExecuteCallback+0x14d 03e0ff5c 773d3833 002c66a8 03e0ffa8 777ca9bd ntdll!TppWorkerThread+0x522 03e0ff68 777ca9bd 002c66a8 03e02ee2 00000000 kernel32!BaseThreadInitThunk+0xe 03e0ffa8 00000000 777fa044 002c66a8 00000000 ntdll!_RtlUserThreadStart+0x23 I think enabling pageheap on this svchost.exe would be a good idea: 1. Download and install app verifier: http://www.microsoft.com/downloads/details...;displaylang=en 2. Run app verifier, and select File > Add Application - type "svchost.exe" in the box (minus the quotes) and click "Open" 3. Select the "svchost.exe" image name from the list, and on the right hand side make sure everything is UNchecked under the "Basics" tree, then check the "Heaps" option. 4. Exit app verifier, and restart the computer. 5. Run the following command from a command prompt: cscript C:\debuggers\adplus.vbs -crash -pn svchost.exe -quiet -o C:\adplus The next time the issue occurs, adplus should generate another folder under C:\adplus, and this will hopefully catch the process or binary that actuallly corrupted the heap.

Wow, that box should not be considered safe for use .

Follow the instructions here, and see if Office installs afterwards: http://support.microsoft.com/default.aspx?...kb;EN-US;939399

You won't be able to do it in Windows, as it's limited to only one install of IE at a time. You could use a virtual machine to have a second Windows copy and IE version, but I don't think that's what you were looking for.

That's all you need to do. You will need to change it, as Windows only dynamically assigns it once on the initial build. Photoshop uses the Windows paging file, so no worries there - as long as you have one, it uses it (wherever it is).