Thinkster

Wow Thank you Martin, I didn't know it could be done with just a few lines! That's great, but how can I expand that to also include Product Key and store that as %ProdKey% ? Here is a snipit of my Mac.txt file: "00-0B-DB-87-43-BE",Gateway-01,11111-XXYXX-66666-77777-XXXUX "00-0B-DB-87-43-BF",Gateway-02,55555-XXTXX-66666-77777-XXXTX "00-0B-DB-87-43-BD",Gateway-03,11223-56789-00111-555AB-TKETK "00-11-2F-C9-D8-30",Gateway-04,ABC12-MSPRO-XXXXX-USR55-KPWR1

No I don't have to do it from DOS, as it would be running from within the Windows environment (during RunOnce). I just discovered also, that I actually can make use of IPCONFIG /ALL by using: IPCONIFG /ALL >C:\Sysprep\netdata.txt which outputs the information to the text file netdata.txt which happens to contain the 'Physical Address' (MAC ID). Now, a nice little script Possible usage of this one should be able to extract just the MAC ID from that text file and store it in a variable. Then lookup that variable for a match in the "database". BTW, the NIC's on all these machines are Marvell Yukon and all start with a MAC ID: 00 E0 B8 80 XX XX, so I may only be interested in looking at the last two bytes. So possible database format: (Last two bytes of Mac ID, Machine Name, Product Key) 58-DB,Gateway-06,12345-67890-AABBC-DDEEF-00000 57-15,Gateway-05,00000-11111-AAAAA-12345-889B, and so on....

Well, I was able to come up with the second half myself using the following code: @ECHO OFF TITLE Sysprep Customizer SET C1=GATEWAY-06 SET P1=12345-ABCDE-12345-ABCDE-12345 ECHO. ECHO Editing Sysprep.inf ECHO. SET T1=Fedit -add -once -f Sysprep.inf -s UserData %T1% ComputerName=%C1% %T1% ProductKey=%P1% ECHO [userData] section completed... EXIT I'm using the Fedit utility I found in BTS Driver Pack. Of course in this example, the variable C1 & P1 are hard coded. Ultimately %C1% should be a variable pulled from the database as well as %P1%. I don't know a command line way of pulling the current PC's MAC ID into a variable. IPCONFIG /ALL tells me the MAC ID as well as a bunch of other info, but I don't know how that can be usefull in the whole scheme of this..

Actually, username "companyuser" stays the same on each machine. What I want to do is before sysprep is ran, to have the appropriate sysprep.inf file in place. By appropriate, I mean that each machine has it's own unique MAC ID and UUID and each machine has a Product Key Sticker. So the database would be like: 000BDB8743BE,Machine-05,1234-XXXX-5678-XXXXX-91011 000BC56EFA01,Machine-09,5555-XXXX-66666-77777-XXXX (MAC ID, Machine name, Product key) The script would query the machine's MAC ID or UUID (doesn't matter to me), look that up in the database and either modify entries in sysprep.inf or copy 1 of 25 different sysprep.inf files to the sysprep folder. I am not concerned with username as that I have hardcoded in winlogon.

I have been trying to figure out a way to do this 25 machine deployment and I've resorted to using an Install Product key for the installation, running some post installation stuff, then running SysPrep. I know you can pre-fill Machine name and Product Key in the sysprep.inf, but I need to have one of my post installations bat files run a script that will Retrieve the current machines UUID or even MAC ID, look that up in a database (in the Sysprep Directory of current machine) and then modify (add) the appropriate Machine name & Prodcut key entries in the sysprep.inf file. After my post installation reboot, I then want it to run Sysprep and that should take care of it.. Unfortunately I don't know enough on scripting to do this. I'm more of a .cmd/.bat person

Been doing some more reading and It sounds like RIS may actually be usefull here evn though I've never tried it before. Also, the following sounds utilizeable, but I just don't know how to do it: "Answer Files are only useful for installing one machine at a time. If you’re installing 50 machines in one go and you want each one to have a unique identity on the network, you will have to create fifty separate Answer Files – that’s a lot of work. Instead of creating a separate Answer File for each installation, an easier way to go about things it to create a Uniqueness Database File (UDF). The UDF file is used in conjunction with the Answer File and can provide multiple answers for installations done from a single Answer File." I have already created a database with something like the following: Machine-01 | AAAAA-BBBBB-CCCCC-DDDDD-EEEEE (Machine name | Corresponding product key). I still have to add MAC ID's to each of these as well. Any idea how to do this using UDF?

Or you could physically remove the drive from the computer or disconnect the ribbon cable...

Monday is the day. that I have to implement this. Currently they have two Ghost images on the server from the older PC's. I don't really want to go the Ghost way since I'm used to creating my ow UA CD's, but not to deploy to 25 machines! I'm really interested in this boot from network card method or even boot from CD that referes the path to the server. I didn't realize there were many different options (like RIS) to do this. But Martin's method sounds the most promising if it can assign a machine name & product key based on MAC ID.

Thanks, it looks like some of your code from the Protect your CD thread could be used along with a "database" or lookup table of MAC ID's containing the equivalent product key and machine name to use. I've seen some .exe files out there that allow you to change the product key on a system that already has one, except that they are interactive. So it would probably be easier then to use a master product key for the initial installation and then during the post install, have it change the machine name and product key according to which MAC ID it detects..

I just found out that all 25 machines will be replaced with new ones which I'm assuming are identical models. That being the case, maybe I might be better off creating a ghost image and somehow get a script to change the PC name and product key depending on MAC ID?? Or I could still do unattended and maybe be lucky enough to find or get someone to make a script to do the machine name/product key change based on MAC ID (like put a table/database file with MAC ID, MACHINE NAME, PRODUCT KEY).. Anyone do anything like this??

That sound like a good idea (ID the MAC address).. Do you have an example or more info as to how you do this?

Here's the Scenario: (25) Gateway All-In-One PC's (Windows XP Pro), (1) Gateway Server (Windows 2000 Server). Active Directory & Server controls DHCP to client machines. Client Machines have machine names of 'station01' 'station02' and so on.. Out of the 25 machines, about half are newer Profile 5.5 models and the other half I'm assuming are older Profile models. What I need to do is to create a "model" image on one of the new machines and one for the older machines for approval and then create an unattended install with source being a directory on the server rather then a CD. I've never done it this way, so I'm not sure how you would get the PC to boot and goto the server, but I would imagine I need some sort of boot disk with server path in it... Now the tricky part is can I somehow create (25) winnt.sif's each with a different computer name and different XP Product key and get it to choose the correct winnt.sif depending on which PC the installation is going to? Or the other option I have is to create the two model images and ghost them, but the problem I see with that is that each half the machines will all have the same Computer name & same XP product key. Ideas please??

Due to the restrictions that were placed, I was forced to crack open a bottle of Corona and relax! Then I thought I had got the admin password, but it didn't work. I guess I'll just have to use the offline password reset or the ERD locksmith...

Well, I tried copying over the Group Policy folder from another machine using ERD, but when user logged in, the same restrictions were still in place. So went back to ERD, used REGEDIT and saw all the restrictions in: [HKEY_USERS\bthomas\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] and [HKEY_USERS\bthomas\Software\Microsoft\Windows\CurrentVersion\Policies\System] and [HKEY_USERS\bthomas\Software\Policies\Microsoft\MMC]. I deleted keys and imported them from another machine all in ERD and Presto, restrictions were gone when user logged in. However, somehow it's still restricting the installation of some software: "The System Administrator has set policies to prevent this installation." I know the best thing to do is login as Adminstrator, but I don't know the admin password and the manager said not to reset the password or change it in case the original computer guy returns from out of the country. So another dilema... any ideas to decrypt the password in a quick manner?

So if I copy the GroupPolicy folder from one of the machines I setup (minimal restrictions) over the GroupPolicy folder on the 'restricted machines', then that should take care of it? or is it computer/user specific? I can use Winternals ERD to do the the folder/file replacement if this is the case.

Where can I download this Adminpak.msi ??

I cannot logon as administrator as I do not know the password as I did not setup these systems myself. There were these four to begin with and I added 8 more machines that contain my custom build that I have no problem getting into. Being that these four "restricted machines" already had users, they are able to login with there personal logins which fall under the local group policy. I tried running regedit, gpedit.msc and those were both restricted. I goto explorer and I can see the A: drive and the CDROM, but C: is Hidden. However, I can goto Start--Run and type C: to get to it. Also going to control panel, it only shows Display and a few other non-useful items. I do have a boot disk (Winternals) that I can get to the registry and system folders and such with, and I already copied the C:\WINDOWS\system32\GroupPolicy folder to a USB drive. Inside the user subfolder, there is a Registry.pol file. I'm assuming that is the policy then? If so, is there a way to edit the .pol file from another machine? Or is it better to just delete the the contents inside the User and Machine subfolders of GroupPolicy?

I have several Windows XP Machines that have some sort of local group policy on the user account. Now these machines need to be unrestricted. In other words, without creating a new user account and without formatting/reinstalling XP, I need to be able to either edit the group policy file (offline) or maybe replace the group policy file with a non-restricted one. So where is the group policy file for a paticular user located and how can I edit or replace it?

Exactly! There are still many dial-up users out there and even though I have instructed them initially to do weekly live updates and scans, 9 out of 10 of them DONT! nor have they done so in months. And same with the yellow shield, they simply close out the message thing saying updates are downloaded and ready to apply. I guess these same kind of people also never do oil changes on there car and ignore that yellow 'check engine' light that's on for no paticular reason as far as they are concerned.

I realize I can alter the scan times, but it's hard to predict when the user will have his/her computer on. I kind of like the idea of a "Nag" message that will go away once they have done what they have been instructed to do. Kind of like a reward system. Comply and no nag. Don't comply and you will continue to get the "nag". I have created two registry files (one that contains LegalNoticeText and one that has LegalNoticeText blanked out), now It's just a matter of coming up with a check routine to toggle between the two .reg entries. Or if I have to, a schedule to toggle these two every two weeks.

OK, that is true that Norton AntiVirus and Microsoft AntiSpyware both can update them selves automatically assuming the user has a consistant internet connection like DSL/Cable and leaves there computer on like I do. But it seems for dial-up users and those that always shut down their computer when they are done with something, this does not apply. People see the message saying that their definitions are out of date and click on the "Remind me in xx days" button rather then update. I know it is their fault, but hopefully a continued reminder will force them to "obey"... Norton AV defaults to a virus Scan on Friday's at 8pm and Microsoft Antispyware at 2am. I wish all the users had their systems on at those times and it would not be a problem, but most people think that they are supposed to shut down the computer as soon as they are done with something as though they are wasting electricity otherwise. Maybe it's just a loosing battle trying to get these people to conform!

Here's sort of an example of what I want to create. Of course this isn't an actual working script, but simply shows the logic of the check routine: REM ** CHECK ROUTINE ** REM * REM ** Check NAV2005 Status ** If FullSystemScan_Date >= 2weeks from current date then goto MSG IF VirusDefinitions >= 2 weeks from current date then goto MSG REM * REM * Check Ad-Aware Status * IF LastScan_Date >= 2weeks from current date then goto MSG IF Definition File date >= 2weeks from current date then goto MSG REM * REM * Check Microsoft Anti-spyware Status * IF LastScan_Date >= 2weeks from current date then goto MSG IF Definition File date >= 2weeks from current date then goto MSG :ClearMSG HKLM\Software\Microsoft\Current Version\Windows NT\CurrentVersion\Winlogon LegalNoticeCaption="" LegalNoticeText="" EXIT :MSG HKLM\Software\Microsoft\Current Version\Windows NT\CurrentVersion\Winlogon LegalNoticeCaption="IMPORTANT REMINDER" LegalNoticeText="It appears that one or more of your Anti-Spyware/Anti-Virus applications is either not up to date or you have NOT done a full system scan in a while. You must run Live update/Web update for each of the applications as well as do a full system scan. Once completed, this message will no longer appear." EXIT

I've been noticing that after I setup user's systems and explain to them the importance of updating Norton Anti-virus as well as Ad-Aware and Microsoft Anti-spyware and to do weekly or bi-weekly scans, that they NEVER do! 3 months later, they will complain that they got a virus or are infected with spyware and when I check to see the last time they updated or did a scan, I find that it was the date that I initially did it. So I'm trying to figure out some way to have a reminder pop up on their screen every two weeks to remind them to LiveUpdate/ Webupdate all the programs as well as do a full system scan. What would be really slick is to somehow have a checker routine to check the last update date for each of those programs as well as the last date of a full scan and if it isn't current, how that message keep popping up till they complete the tasks. I was thinking of maybe utilizing the LegalNoticeCaption in Winlogon of the registry where the checker routine can either add the reminder message or remove it. The only problem I can see with this whole thing is that it may trigger Norton or Microsoft Anti-spyware if it's a script trying to run. Any ideas on this??

Yes, I either want it to autologon the user that was entered in the "Your User Name" field when my unattended install finishes and starts the Animated OOBE (I think that's what it's called) And it says "Let's take a few moments to setup your computer" then get's to the part "Who will use this computer" and let's you enter up to like 5 or 6 usernames. Whoever I put at the top (User 1) I want it to autologin to that account and NOT the administrator account if possible...

I used to have: AutoLogon=Yes AutoLogonCount=1 in my Winnt.sif but NOW, I don't want it to try to automatically logon as administrator after I have completed the Welcome/Setup (Where It asks if you want to register with MS, detect internet connection and setup users). When it gets to the point of entry where it says: Your User Name: 2nd User: Etc.. I want to enter something like 'John' for Your username and have it automatically login to that account after I press Next... Here's my current GuiUnattended portion of Winnt.sif: notice NO autologon entries: [GuiUnattended] EncryptedAdminPassword = No AdminPassword = "password" TimeZone = 04 OEMSkipRegional = 1 OemSkipWelcome = 1 What it does right now is it attempts to logon as Administrator but the Admin name is greyed out and the password box is blank. It gives an error message saying Can't login, Then gives me the option to click 'John' and login. How can I fix this?