cluberti

Since your registry is allowed to grow to the size of kernel paged pool memory in XP, even with 1GB of memory it can be upwards of 150MB - so 17MB is pretty small .

You can also enable OS-wide MSI logging by creating the REG_SZ value "Logging" in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer, and setting the data to be "voicewarmup".

You may also wish to check the policy settings in the registry for one of these machines to make sure it's actually being set properly from the GPO.

Ultimately, the only "sure-fire" way to block traffic anywhere is to use a proxy and funnel all traffic through it. DNS bloking will work for DNS names, but someone connecting to the IP address will bypass. However, if you don't have a proxy in place, the DNS blocking should work for most users, at least for a good while. I'd still ultimately suggest a proxy to do things like this, but the DNS workaround will work.

Yeah, srvany.exe is out there. There's also an open-source app that does the same thing called srvstart.exe: http://www.nick.rozanski.com/services_quick.htm

You are correct, there would be the possibility for a security hole using autologon - looks like you're stuck with writing a service if software is too expensive.

Have you considered running ntbackup to backup the exchange store and public folders databases? Just having the exchsrv folder structure will do you no good, ultimately.

Are they on the same, or different, domains? If different domains, definitely exmerge (there are also some 3rd party apps that can move rules, alerts, etc, which exmerge does not). http://www.quest.com/exchange_migration_wizard/

You could use runonceex and autologon (with a forced reboot) as necessary, but there would be no other way I am aware of without 3rd party applications to do this during boot or shutdown. Perhaps you should consider application/update deployment software like SMS or similar.

unless you're actually in the folder where the .exe file is located, no (since that's just file completion). There is no command completion functionality in the command prompt. Perhaps in Monad, but definitely not cmd or command.

Well, check your path environment variable to make sure it contains the requisite Windows directories (\Windows, \Windows\system32, etc), and also make sure your box is clean of spyware and viruses. Getting ntvdm.exe errors when running .exe's (unless they really are 16 bit .exe's) is usually an indication of an infestation of some sort.

Note that most of the things loading behind the splash screen are drivers and system services - also, if you happen to use anything other than an IDE controller to boot Windows (SATA, IDE RAID, SCSI, etc), this will take longer due to device enumeration times. You can always use msconfig or autoruns to disable non-Microsoft services and startup items, but it won't help that much. Have you considered bootvis?

http://support.microsoft.com/?kbid=259670 Note that though the article speaks of an MS DHCP server, setting these options on a non-MS DHCP server work just fine.

OK, I finally finished the dump. Here's what I've got from what's available in the dump: It appears that a java function was being executed at the time of the crash (since LimeWire's a java client application, I'm not surprised), and the following is the call from the stack that's being executed at the time of the crash: awt!Java_sun_awt_image_ImagingLib_init+30bb0 So this is a function in awt.dll (that's what awt tells us, before the bang): 6d000000 6d167000 awt (export symbols) awt.dll Loaded symbol image file: awt.dll Mapped memory image file: C:\Program Files\Java\jre1.5.0_06\bin\awt.dll Image path: C:\Program Files\Java\jre1.5.0_06\bin\awt.dll Image name: awt.dll Timestamp: Thu Nov 10 16:22:06 2005 (4373B9FE) CheckSum: 00152FA8 ImageSize: 00167000 File version: 5.0.60.5 Product version: 5.0.60.5 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Sun Microsystems, Inc. ProductName: Java(tm) 2 Platform Standard Edition 5.0 Update 6 InternalName: awt OriginalFilename: awt.dll ProductVersion: 5.0.60.5 FileVersion: 5.0.60.5 FileDescription: Java(tm) 2 Platform Standard Edition binary LegalCopyright: Copyright © 2004 It appears, however, that the issue that actually caused the crash was being done in the Nvidia display driver - here's the stack showing the driver doing it's thing, then the bugcheck: ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. 94665564 8052202d 0000008e c000008e 6d06a777 nt!KeBugCheckEx+0x1b 9466592c 804de403 94665948 00000000 9466599c nt!IoSetFileOrigin+0x58fb 946659b0 bfa20bfe 946659a4 e297b1c0 e116cd40 nt!Kei386EoiHelper+0x1da 94665a3c bfa73ec0 ae904000 00004000 e2979a00 nv4_disp+0x4cbfe 00000000 00000000 00000000 00000000 00000000 nv4_disp+0x9fec0 Here's the information on the display driver you're loading: bf9d4000 bfd99b00 nv4_disp (export symbols) nv4_disp.dll Loaded symbol image file: nv4_disp.dll Image path: \SystemRoot\System32\nv4_disp.dll Image name: nv4_disp.dll Timestamp: Sat Dec 10 06:38:33 2005 (439ABE39) CheckSum: 003C84D0 ImageSize: 003C5B00 File version: 6.14.10.8198 Product version: 6.14.10.8198 File flags: 8 (Mask 3F) Private File OS: 40004 NT Win32 File type: 3.4 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: NVIDIA Corporation ProductName: NVIDIA Compatible Windows 2000 Display driver, Version 81.98 InternalName: nv4_disp.dll OriginalFilename: nv4_disp.dll ProductVersion: 6.14.10.8198 FileVersion: 6.14.10.8198 FileDescription: NVIDIA Compatible Windows 2000 Display driver, Version 81.98 LegalCopyright: © NVIDIA Corporation. All rights reserved. I'd suggest making sure you're using the latest version of the JRE (and thus the latest version of awt.dll), and also update your display driver to the last stable version for your OS. Since it appears that it's the display driver that's got "issues", I'd say that if the problem continues after running the latest stable driver for your OS, contact Nvidia for support, as it's ultimately an issue with their video driver. At least you can rest assured the likelihood of this being a RAM issue is nil .

The only Microsoft tool that I'm aware of that does this is the File System Resource Manager in Windows 2003 R2 - otherwise, you're stuck with (limited) auditing via a GPO. There are probably 3rd party utilities that can do this, but I do not have any I know of and thus none that I can recommend.

I thought about that as soon as I posted, but I figured I had a 50/50 chance . Sorry you're having trouble with the .iso - I personally use CDRWin to burn .iso's if I'm not using cdrecord, and I've never tried nero, isobuster, et. al as I don't burn many CDs, and find CDRWin and cdrecord to be more cli-friendly .

You could always boot to the recovery console and see if it's there and deletable that way.

Check your PMs.

http://support.microsoft.com/?kbid=307099&sd=RMVP http://support.microsoft.com/?kbid=314859&sd=RMVP http://support.microsoft.com/?kbid=316401&sd=RMVP Basically, it doesn't like your drivers. Are those the ones that came with the motherboard? If so, perhaps downloading the latest WHQL versions from Intel's site may assist?

I'm not sure - I provided him with a copy of my old DOS netboot CD, and I haven't heard anything since .

What is the actual BSOD you see? It is likely a driver issue, but on the off-chance it's not, it'd be helpful to know the stop code, addresses, and module it's complaining about.

True, but if the accounts are in a child domain, and domainprep wasn't run on that child domain, you will get similar errors.

Your computer should have at least come with a recovery CD. If it did not, contact Toshiba to send you one. If you have another OEM version of Windows XP on CD from another system, you can try it (using the COA on the Toshiba CD when asked for your product key, of course), but I can't make any guarantees that it'll work properly.

I second the safe mode attempt. Also, if safe mode does not work, a repair installation will likely be required to get things working again. If safe mode DOES work, use msconfig to disable all non-Microsoft services and all startup items, to see if that helps you boot properly in a regular mode.

You are correct, CTRL+ALT+DEL will bring up a winlogon box after pressing twice, but there's a catch - this only works in XP Pro, not XP Home.