cluberti

After you open the dump, run the following commands (in this order): .symfix .reload !vm !poolused 3

Basically, redistribution of Microsoft's software violates the copyright, so the person doing the file download is violating the copyright just as the person providing the copy is (this definition of violation of copyright has been upheld in the United States, Canada, and the EU countries at the very least that I am aware of). It is indeed illegal to violate valid copyright in almost all countries, and it is in all industrialized countries. Again, in most countries it is legal to have a backup copy of the software (and Microsoft provides this specifically in the EULA to the license owner), and to do with it as you wish on your own PC short of reverse-engineering, I believe the limitation is (meaning making an unattended installation, adding updates/packages, imaging the install, etc). However, you are conferred no rights to copy to or for someone else (hence "copyright") or to obtain any copy from someone other than the vendor or a vendor-authorized 3rd party. Since the discussion isn't about warez software but about legality, this is a perfectly fine discussion and violates no rules. So, to make a long story short and reply to your original post, the "other guy" is wrong. It is *not* legal to use any copy you'd like to install, you MUST use the media obtained from the vendor directly or an authorized 3rd party (usually this means the OEM who sold you the PC, although certain large repair shops have reinstallation media rights as well). As to the comment about not knowing the EULA before you acquire the software, this is covered in the EULA itself - it is online for reading beforehand for most of the folks of the world, but in the event that you can't read it online the documentation that comes with the software itself contains the necessary text to explain that you have an explicit right that if you do not agree with the terms of the license when you acquired said valid copy from an authorized vendor, you can (and indeed, must) return it for a refund. If you do not agree with the terms of the license and copyright, you MUST cease use immediately and return the packaging and media, period. Continued use constitutes acceptance of the license, and again, at least in the US, Canada, and EU, this is legal and binding. You can't just download a copy of Windows and think you're absolved of copyright infringement just because you didn't make the original copy. It's "copying a copy", and it's as much a copyright violation as making the original copy itself and making it available. The tricky bit is that software with a license (as in the case of most commercially-available software programs) is licensed to the license holder, *not sold*. You do not actually *own* the software copy itself, you only hold a license granting you the use of it. This means that most copyright law exemptions for copying or obtaining copies of copyrighted works actually do not apply to software as they do to most other copyrightable medium (and the courts in the US, Canada, and EU have upheld this interpretation of copyright law), meaning that making any copy that does not constitute a singular backup for safe-keeping or making a copy necessary for the use of running the software (aka installing it to the hard disk or executing a copy in RAM) is a violation of copyright, as is obtaining a copy in this same manner. Note that in the EU at least, you *can* resell the OEM software that came with your computer, but only if you uninstall it first, and provide the installation media and any and all other parts of the software package to the seller (and it remains to be seen how recovery media only installations of Windows fall under this, although I don't know how common that is in the EU as of yet). However, the aforementioned *copying* or *providing copies* of software other than for backup purposes for yourself is still a violation of copyright law, and even reselling OEM software in most of the other parts of the world violates copyright as well.

Obviously without symbols I can't say what, but you're definitely failing in the ATI video driver here: 1: kd> .trap 0xffffffffaa6f2340 ErrCode = 00000000 eax=aa6f23c8 ebx=00000000 ecx=00000000 edx=00a7c0c0 esi=e30b5080 edi=e1ecd018 eip=bf039614 esp=aa6f23b4 ebp=aa6f250c iopl=0 vif nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00090246 ati2dvag+0x27614: bf039614 ff7314 push dword ptr [ebx+14h] ds:0023:00000014=???????? 1: kd> kb *** Stack trace for last set context - .thread/.cxr resets it ChildEBP RetAddr Args to Child WARNING: Stack unwind information not available. Following frames may be wrong. aa6f250c bf05aadf e3782a20 e1b755a4 e1b75480 ati2dvag+0x27614 aa6f2554 bf8c6bad e3782a20 e1b755a4 e1b75480 ati2dvag+0x48adf aa6f25ac bf8c716f e3782a20 e1b755a4 e1b75480 win32k+0xc6bad aa6f2870 8054162c 92011338 000000e0 00000000 win32k+0xc716f aa6f2884 7c90e514 badb0d00 0013f64c 00000000 nt+0x6a62c aa6f2888 badb0d00 0013f64c 00000000 aa6f2ab0 0x7c90e514 aa6f288c 0013f64c 00000000 aa6f2ab0 00000207 0xbadb0d00 aa6f2890 00000000 aa6f2ab0 00000207 e23c7000 0x13f64c Since it's a minidump I can't look at any of the pointers on the stack or unassemble, but it's obvious the ATI driver expected EBX to be something other than 0x0 because 0x0 + 14 hex gives 0x00000014, which falls below 0x00001000, and any memory from 0x0 to 0x00001000 (the first 64K of process space) is all marked PAGE_NO_ACCESS and the A/V occurs and your process crashes. I'd suggest configuring for a complete dump and providing the data to ATI support, as it's a driver issue.

From the Microsoft documentation on that error, it sounds like your computer/server is telling you that you have a hardware error: Without the actual .dmp file we can't tell you what, but your hardware vendor likely would be able to do so - I'd suggest contacting them and letting them know your system is failing and have them find out what. Usually a WHEA error like that is far more than a failing hard drive or stick of RAM - it's usually something on the motherboard or one of the CPUs themselves, although running a memory test is always a good idea just in case.

I'm not familiar with Ghost anymore, as I've not used it in about 10 years. However, I'm using SCCM 2007 and WDS and it is fully automated. I'm sure you could find some vbscripts out on the 'net to configure computer names from a database, etc. That might do what you want.

Great .

Well, then we'll need to see some perfmon data, as Task Manager isn't exactly accurate and doesn't show you what you'll need to know. Start > Perfmon to run perfmon, and then right-click on the "Performance Monitor" option in the left-hand pane and select "New > Data Collector Set". Give the set a name, click Next twice, and then click Finish. Then, expand the "Data Collector Sets" node in the left-hand pane, expand "User Defined", click on the collector set name you created, then right-click the "System Monitor Log" entry in the right-hand pane and select "Properties". Click "Remove" to remove the default processor counter, then click "Add". Scroll up to and click on "Memory" under the "Available counters" listing, and then click the "Add >>" button. This should add the "Memory" object with a "*" underneath, to let you know that it is adding all counters. Click OK twice to save. Reboot, log back in, and then re-open perfmon. Now, right-click the data collector set name in the left-hand pane (again, under "User Defined"), and click "Start" to start the data collector. Let it run until you see memory usage climb to unacceptable levels, then come back into perfmon and right-click the data collector set name and choose "Stop" to stop the log. By default, the log will be stored in "%systemdrive%\PerfLogs\<user>\<data collector set name>\<filename>.blg". You can open the file with perfmon to look, or you can compress it and upload it somewhere and we can have a look (or, obviously, both).

No, but the RIS part is the key. It was the RIS server that was handling the variables, NOT the XP setup engine. By the time XP's setup got it, it had already been changed in the temp SIF file RIS places down. XP's setup doesn't handle variables, but RIS does.

Correct - it doesn't accept HTTP/s requests, but it will still honor FTP requests.

It still works, I've used it to get into my own FTP many times from a remote machine. I just tested it to make sure.

Anything that's an .msi package can be installed by any user, without any security checking. So, conceivably, someone could wrap some malware or virus in an MSI and a non-admin user can install it.

First, are you assigning the package, or publishing it? Also, make sure you're targeting the computer account with the package, not the user account. If you HAVE to assign or publish it to the user, there are some things to think about that won't apply if you're assigning it to a computer account. First, if you are assigning to a user, you will likely need to have the Windows Installer "Always Elevate" policy enabled in both the computer and user GPO(s) that apply to this user. The stub is loaded via the system account's msiexec, but the install actually happens in the context of the user (even from a GPO), hence this policy, if needed to be configured, must be set to always elevate in both the computer and the user portions of policy that apply to this user. Note that this is a security risk, so it's not a recommended method (but can be used if needed).

Only thing I can say is you get what you pay for. I looked at the TrendNet options, all of them - definitely not what I'd call top-flight stuff... I'd rather run Netgear if I was gonna go workgroup switching than TrendNet, honestly, as at least their gear is quality for the money. Otherwise you suck it up and get HP ProCurve or Cisco kit and be done with it, and they'll work rock-solid forever and give you good management options. The most important thing to remember when buying a workgroup unmanaged switch is that you will get what you've paid for. When you shell out for something with quality switching fabric and a beefy backbone, and a good OS underneath, you also (should) get what you pay for. I'd say the smart switches from Netgear would be your best upgrade if they balk at a "real" managed switch, as you'll definitely get better performance and some management, which is always better than none. As to managed switching, there's a reason those things cost so much - switching packets isn't something simple when you start to get heavy traffic, and it can really come down to the quality of the underlying OS and the way it uses it's switches horsepower (not to mention whether it's "smart" or "dumb") that makes a difference in performance on a utilized LAN. Considering the network guy didn't know you couldn't use link aggregation with an unmanaged switch, I'm not surprised you weren't able to convince the purchasing department to spend money on good (hardware) help either. Good luck to you, you might be the only one with a clue where you work...

Since you've nLite'd the install, I'm moving this to the nLite section for more eyeballs seeing this that are familiar with nLite.

Most Windows binaries are updated cumulatively - if you have a newer version of a binary from a newer patch level, then that patch supercedes an older patch that updates the same binary. However, with WinSXS, dllcache, and the potential for having multiple versions of files on the same machine, it is possible for a vulnerability scan to detect missing patches when a quick glance at a binary on the box (for example, a .dll in system32) shows it's newer than an old patch - a vulnerable version may still be located on the machine. WSUS would indeed care for proper deployment and versioning, as it uses the same AU engine that Windows Update, MBSA, etc all use when scanning and patching machines. Yes. Most KB articles for patches have an "IT Professional" link that points to the technet page for the article. This will contain a list of updates the patch supercedes. Note that this can also be found in WSUS when looking at a specific patch.You are right to worry about installing older patches though - they can "break" newer patches depending on how far back they go. It would probably be wise to consider that it may be easier to simply install SP3 and use WSUS to handle the rest. Considering all support for XPSP2 will end in July 2010, it would make sense to have them start planning for an upgrade to SP3 now rather than wait, given the current patching situation. SP3 has been available since April 2008, there's really no reason that they should still have app compat issues that would require SP2 at this point, these (if they exist) should have been mitigated in the last 17 months. Otherwise, you can try to introduce WSUS into the current situation and hope it's able to "catch them up". You'll probably have a stray machine or 3 that simply won't install a patch that WSUS insists they're missing, and you'll have to handle those one-off instances as they come up.

See if this post helps you. MAK / KMS keys are a little different than Retail / OEM keys in Win7, unlike Vista. Since 2008R2 is Win7, you'll need to modify your unattended xml to have the key in the specialize pass (not the WinPE pass) for it to work.

Try mapping a drive to it with a different user name from the command line (net use) and see if that does it. I thought it was stored in the keyring (was in XP), although they did change to credman in Vista >.

You need to run the following from a Run dialog (Win+R), not the default start search bar: control keymgr.dll This will show you the saved keys and creds on your box, and you can remove it from there - I believe this is where these are stored in Vista/Win7.

They aren't, but SBS isn't meant to have a failover - it's meant to be standalone, and if you want clustering/failover you pay the price for an Enterprise set of licenses. You could concievably use backup software or a program to replicate settings from one machine to the other, but that's about the only way you'll get two SBS boxes on the same domain with exactly the same settings. It's just not something the software is designed to do, but the higher-up license options do allow clustering and failover which would achieve your stated goals. What your client wants is an Exchange cluster, but they haven't paid for it.

Should be fixed - if it continues, please post back.

If you've got a PS/2 keyboard attached to the system (or it's a laptop), you can follow these instructions and get a memory dump of the entire system the next time you can make it hang. The resulting .dmp file very well might tell us what is happening, and what's hung.

You can't really lock that down, as IE settings are mostly in HKCU and are changeable ultimately by a user. However, something like Windows Steadystate might accomplish what you want to do and have other beneficial uses for an internet cafe as well.

I would agree - imagex that ships with Win7 is a bit different than the version that ships with Vista's WAIK, and I've never tried capturing a Win7 image with a Vista imagex.exe. It's worked in the reverse, but with the wimgapi changes from Vista to Win7 I'm not sure Vista's imagex is capable of imaging a Win7 drive.

That reg entry only affects sub folders, so if it only happens in the root and not subfolders then you've actually done nothing to help yourself. Well, yes, but technically it's not a permissions issue causing the delay, it's the fact that the number of requests is so large - the permissions issues don't help, but they're not gonna make it a heck of a lot faster if you fix them either. The problem is the client is requesting tons of data over SMB, and SMB is not an efficient protocol. Instead of messing with permissions on your server (unless you're sure they're incorrect or problematic), I would instead suggest making the following changes on your XPSP3 machines (XPSP2 require hotfixes that are included in SP3, so if you're running SP3 you don't need some of the specific hotfixes you'd need on SP2 to allow these reg values to work) to reduce the amount of SMB traffic and lookups required to do regular tasks: Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Value: UseDesktopIniCache Type: REG_DWORD Data: 1 Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Value: NoRemoteRecursiveEvents Type: REG_DWORD Data: 1 Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Value: NoRemoteChangeNotify Type: REG_DWORD Data: 1 Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Value: StartRunNoHOMEPATH Type: REG_DWORD Data: 1 Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Value: NoRecentDocsNetHood Type: REG_DWORD Data: 1 Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Value: NoDetailsThumbnailOnNetwork Type: REG_DWORD Data: 1 Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters Value: InfoCacheLevel Type: REG_DWORD Data: 00000010 (hexadecimal) Key: HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\CryptoSignMenu Value: SuppressionPolicy Type: REG_DWORD Data: 00100000 (hexadecimal) Key: HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32} Value: SuppressionPolicy Type: REG_DWORD Data: 00100000 (hexadecimal) Key: HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03} Value: SuppressionPolicy Type: REG_DWORD Data: 00100000 (hexadecimal) Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SCAPI Value: Flags Type: REG_DWORD Data: 00100c02 Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager Value: SafeDllSearchMode Type: REG_DWORD Data: 1 Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager Value: SafeProcessSearchMode Type: REG_DWORD Data: 1 You should also consider making the following change on the file server or servers as well: Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters Value: InfoCacheLevel Type: REG_DWORD Data: 00000010 (hexadecimal) Once any machine that has the changes above made to it is rebooted, you should see a performance increase and a reduction of SMB traffic on your LAN or WAN. You can roll some of these back if you find you need the features you've disabled (for example, NoRemoteChangeNotify being set to 1 will disable automatic refresh of remote SMB shares, so a user won't see a change made to the share if it is currently open on that user's workstation unless the user explicitly refreshes the view or closes and re-opens the share - it reduces traffic to disable, but if shares change frequently while users are actively browsing them this may have side-effects you may not want).

There is a sticky at the top of this very forum on how to do this.