RogueSpear

Since there is no serial number or other type of copy protection involved with this title, the .MST file would not enable anybody to bypass any sort of copy protection mechanism (since there isn't any). Uploading it would be no different than the posting of an AutoIt script that would facilitate an automated installation.

There's some information missing here. Do you plan on having a gateway PC that presumably would have two WiFi adapters running Internet Connection Sharing? Or is your idea to have the AP router use the other router as it's default gateway? The first scenario should work, though I would never arrange things in this fashion. The second scenario would probably not work because I don't think with consumer grade WiFi devices you're going to be able to use WEP and WPA simultaneously, let alone selectively.

Hey BTS I'm your age x2 If you decide to drive in the states I won't pull you over

I've experienced some problems with DEP. Nothing too serious, but it's not perfect either. One issue that is readily recreated it to install Adobe Audition V1.5. For some reason it always throws up a DEP error which crashes the Windows Installer service. Luckily the app is already installed so it isn't a real showstopper, but it does make silent installs problematic. Something I discovered though is that when I made my switchless silent installer for Audition, when I run the installer from svcpack.inf, there is no DEP error. So I'm guessing that DEP is not yet active at that point. In order to get the most of out of DEP, you need to have a CPU that contains the hardware support for running the full version (XP supports a more limited software implementation which is what is installed by default). I think there is potential for DEP to be a good thing, but it really needs further maturity. As it stands now, I don't see much benefit in running it at a level above the default.

Nice work BoardBabe. I don't know if you remember a previous discussion we had where I couldn't remember the name of a list I discontinued using. It was called IE-Spyad. This list you have seems to be much better than the IE-Spyad list which was far too inclusive in what it blocked. I had an idea for your list. If you find that there is a growing list of things that really shouldn't be blocked, but they appear each time the list is updated, you could make a text file of those items that should be removed. Then have a script search out those items (from the text file) in the list and remove them. I had started such a thing with the IE-Spyads list, but they really just had far too many false hits to be practical and my free time was getting short. Anyway, just an idea.. and again, nice job

Ok, so here's the guide that so many have asked me to write. It's not quite the secret recipe for Coke but I have had numerous requests for it. Understand this first before anything else: I am not an expert when it comes to InstallShield AdminStudio, 7-Zip, WinRAR, Resource Hacker, or the Microsoft Installer (.msi) technologies. Sure, I know enough to get by and to get accomplished what I set out to do, but a lot of times I know what to do because I experimented long enough to figure it out. This is not to be confused with my knowing how or why it all works, particularly the nitty gritty details. Sometimes I "just know" and you'll just have to take my word for it - or not, it's up to you. This guide was written based on my experience with VMware Workstation and Installshield's AdminStudio Version 6. I am almost totally unfamiliar with VirtualPC and Wise Package Studio, but I'm sure you could translate a good portion of this guide to those products. You will notice a lack of screenshots. I'll try to get some put together and will edit the guide when I do. I am going to try my best to include enough detail so that even a relative beginner can substantially benefit from this. On the one hand you will need to have at least some basic knowledge of what it is we do here at MSFN. If you have never heard of svcpack.inf or have no idea as to it's purpose then read no further. You need to go to the MSFN Unattended Install Guide and take in some of the basics. If you are of intermediate level, then there's the possibility you're going to be seeing a whole of stuff here that you've known for a while already. First things first. You need to get everything setup and ready to start repackaging. The idea here is get everything setup in such a way that you spend as little time and effort as possible on the background chores, maximizing your efforts at the repackaging itself. Repacking applications is not a very difficult thing to do most of the time, but it almost always is a lot of repitive and boring work. Oh, and throw in a lot of waiting for things to happen too. To start out with you will want to set up a virtual machine that's configured especially for our purpose. Preparing the Guest (VM) Computer The computer you install VMware on should have at least 1GB of RAM. Yes, you can do this with less, but you'll find things painfully slow much of the time. Take a Windows XP SP2 source and integrate the latest release of RyanVM's Post-SP2 Update Pack only. No addons and no nLite. We want to have the operating system completely up to date, but we don't want too many extras and we certainly don't want any parts of it missing. Install the following: .NET Framework V1.1 SP1 and V2.0, The latest version of Sun's Java runtime, and Registry Checkup by ParticleG Solutions. You can use whatever registry cleaning utility that you like but I find Registry Checkup to be a nice, simple, small and unobstrusive utility. One benefit is that it isn't overly aggressive at cleaning out the registry, it just cleans up what I want for repacking purposes. Lastly, it leaves only a single registry key and value to clean up later on in the process, but I'll get to that later in the guide. Once you have everything installed, get the interface (meaning Windows Explorer mainly) configured to your liking. Set a static IP address for VMware's AMD NIC. Disable Automatic Updates completely. Disable the indexing service. Do not install any kind of antivirus, antispyware, or firewall software (disable Windows built-in firewall too). If you have a premium hard disk defragmenting utility, you can install that if you like because I also recommend doing a complete offline and then online defrag. In those cases where you need to reboot the VM during the snapshot process, having the virtual hard disk fully defraged will cut down your wait time. Enable the built in folder sharing feature of VMware and define the share on the physical computer as the root of your system drive. Make a shortcut in the VM's Start Menu to the repackager executable on the physical computer. This is usually C:\Program Files\InstallShield\AdminStudio\6.0\Repackager\isrepackager.exe. You will use this shortcut to initiate and then finish off snapshots. Go to Windows Explorer and navigate the tree so that it is exapanded out showing the C drive on your physical computer, but select the C drive on the VM. This way when you restore your snapshot, the tree is already expanded out and you can just click on the drive where your original install .exe files are located. Last step, make a snapshot. Preparing the Host (physical) Computer Go to the AdminStudio Repackager directory, C:\Program Files\InstallShield\AdminStudio\6.0\Repackager, and open the file Options.ini. Scroll to the bottom and change UseHKCUProxy to equal Y and change UseMergeModules to equal N. The first change will make it so that any HKCU settings in an installer will be applied to the current user and any new user profiles created after the install. The second setting will allow your installers be, in some cases, dramatically smaller. I exclusively use the two step snapshot method which means that I'm getting all of the files the installer puts out, therefore having Repackager include merge modules is not necessary. Create a subdirectory on your system drive called "AutoInstall". Inside of that create a subdirectory called "Apps to Repack". Store the original install .exe files here. Create a subdirectory of AutoInstall called "Final". This is the location to where I place Administrative Installation Points (referred to as AIP going forward). Create a subdirectory of AutoInstall called "Icons". This should be relatively self-explanatory as it contains .ico files. I use IconShop for icon extraction, but there must be several dozen other utilities, both freeware and shareware, that will do the trick. Create a subdirectory of AutoInstall called "Repack". This is where I direct the output from AdminStudio's snapshot. As you can see I have prepopulated the "Final" subdirectory with some files that we'll need for later. RunHiddenConsole.exe is my preferred choice of bootstrap for launching .msi installs. It's the smallest I've seen and it's never done me wrong. Feel free to use msistub.exe if you like. I know others use it (including Macromedia among others) and it seems to work for them. Config.txt is the file which will define the single command line action the self extracting installer will take once extracted; more on that later. And finally, 7zSorg.sfx is the 7-Zip self extracting module we'll be using. Mine is hacked. I can't seem to find the thread here anymore and I don't remember who wrote it, but it was an MSFN thread and there were instructions on how to hack this file with Resource Hacker in order to make your 7-Zip installers totally silent. That's what I did to mine. It's completely silent; no progress bar, no nothing. This is fantastic for those installers you launch from svcpack.inf or RunOnceEx, but it's not so great for those times when you burn a CD for someone that has my Microsoft AntiSpyware installer and you have to tell them "just give it 5 minutes, it should be done by then." So I suggest keeping the original around for those times that you actually do want visible feedback. Here's a tip: associate the .sfx extension with Resource Hacker. It will really come in handy later on. Phase 1 - Capturing the Application As an introduction, I'm going to repackage KeePass Password Safe V1.04. This is a pretty "stock" repack with nothing out of the ordinary. I will put together some other lessons of other projects I've done that do include some special circumstances, but for now we'll start out with something easy and to the point. So if you want to follow along make sure you have the KeePass installer file in the Apps to Repack directory and fire up VMware. Restore your snapshot in VMware. When the snapshot is done restoring itself you should see Windows Explorer open with focus on the C drive of the VM but the tree expanded to show the host computer and it's C drive. Click on the C drive of the host computer and navigate to the Apps to Repack directory so that the installer is visible in the file pane. Go to the VM Start Menu and click on the shortcut for the Repackager. when you get the welcome dialog, click on Next. Choose "Snapshot" and click on Next. Then choose "Multiple Steps (Classic Style)" and click on Next. When the Repackager is done reading the system state click on Finish. Now double click on the KeePass installer executable. If you want to change any defaults during the installation, this is the time to do it. Anyone who has used more than a couple of my installers knows that I often deviate from the default. Here I change the install directory to C:\Program Files\Security\KeePass. On a side note: I pretty much NEVER let installer create desktop or quick launch icons. If they make them without asking, I always delete them. In this case I will run the program to change some of the default settings. For instance, I go to the options and select the checkbox for "Minimize to tray instead of taskbar". That's a personal choice thing really. When it comes to security and privacy though I usually go on the side of more secure / more private. In the Setup tab under Options there is a button to create a file association for .kdb files. Click it in order to create the association if you like. Since I use PuTTY, I've checked the box to use it for SSH. Check out the other options and make the modifications to suit your tastes. Another optional step. I go to the All Users Start Menu and rename the KeePass folder to Security and delete the extraneous shortcuts, leaving only the shortcut to the KeePass program itself. Now go to the directory C:\Program Files\Security\KeePass. Delete the files unins000.dat and unins000.exe. Since we're making an .msi file here, we obviously don't need the uninstaller routine which racks up 660KB in this case. while we're at it delete the url shortcut in the directory. Go to the VM Start Menu and run Registry Checkup. Kill the registry entry for the missing uninstaller. Close Registry Checkup and go to My Documents in the VM. Delete the folder created by Registry Checkup. Make sure KeePass isn't still running in the tray. Kill it if it is. Go to the VM Start Menu and run the Repackager. click on Next when the welcome dialog appears. In the next dialog make sure Snapshot is selected and click on Next. In the next dialog Multiple Steps (Analyze system status changes) should already be selected. Click Next. In the Product Information dialog, the only fields I fill in are the Product Name and Version. You can fill them all in if you like. For product name I entered "KeePass Password Safe 1.04". The reason I put in the version is so that you can easily tell what versions of software are installed just by looking in Add/Remove Programs. Click Next once you have everything filled out. For the path of your project, browse to the AutoInstall\Repack directory on the host computer. Click Start. You should receive a warning that you're about to overwrite an existing project. Click Yes. Once the process is finished click on Finish. Power down the VM and close VMware. Now we'll be working on the "real" computer. Now we have a bunch of stuff in the Repack directory to deal with. There is a subdirectory called PROGRAMFILESFOLDER which contains all of the captured files. Well all but one. KeePass.ini is not in there. This is because any .ini file associated with an install has it's settings captured and placed in the Repackager .inc script file. Let's open up the file "KeePass Password Safe 1.04.inc" with Notepad. Notice that what you name the project is the name of the project and script files. There is nothing that we want to change here, which in all honesty, is pretty rare. Often times there will be system related files that need to be excised. If the repackaging process calls for a reboot, AnyDVD is an example, you will have numerous subdirectories and files to delete. This means you would also have to delete them from the script file. Also take note that the .ini file entries are located in the script file. You can edit these if you see fit. The shortcut definitions are also in the script file. If you are repacking an application that creates advertised shortcuts, you would be well advised to delete the shortcut and create a regular one during the snapshot process. If you don't do this, the shortcut will cause the the build process the error. A two step snapshot will always create a file called Standard.nir. This file contains the registry entries captured. You will become intimately familiar with the registry if you decide to take on repackin apps as a hobby. A tip here is associate the .nir extension with Notepad. Open Standard.nir with Notepad now. Delete the following registry entries: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET] "LastInstallTime"=hex(11):AC,1A,24,A1,34,A5,C5,01This is from .NET 1.1. You will find this and if .NET 2.0 is installed, a similar entry directly beneath it. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Defrag32b\Parameters] "BootLogFileId"=hex(11):52,07,00,00,00,00,03,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{98AF18F1-6693-4D19-BB70-34315C7205C6}] "LeaseObtainedTime"=dword:43D188FE "T1"=dword:43D18C82 "T2"=dword:43D18F25 "LeaseTerminatesTime"=dword:43D19006 "DhcpRetryTime"=dword:00000384 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{98AF18F1-6693-4D19-BB70-34315C7205C6}\Parameters\Tcpip] "LeaseObtainedTime"=dword:43D188FE "T1"=dword:43D18C82 "T2"=dword:43D18F25 "LeaseTerminatesTime"=dword:43D19006I usually find the defrag32 key in there, just delete it. The Tcpip keys are because I didn't follow my own advice above and did not set a static IP. So here you have network settings. Delete these as well. [HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop] "ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,FD,DF,DF,FD,0F,00,04,\ 00,20,00,10,00,28,00,3C,00,00,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,B4,00,\ 60,00,78,00,78,00,00,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,FF,FF,FF,FF,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00 [HKEY_CURRENT_USER\Software\ParticleG\RegistryCheckUp\Config] "LastFixDate"="1/20/2006" [HKEY_CURRENT_USER\SessionInformation] "ProgramCount"=dword:00000001Whenever you see a key with "Bags" in it, that means it's a "most recently used" type of entry and it's safe to delete. The next key is the lone entry you'll find from using Registry Checkup and it's safe to delete. And finally at the end, I get the entry on every snapshot capture. Just delete it. Save and close the file. At this point I like to use 7-Zip to archive the project. You never know when you'll want to get back to it again. What I do is name the archive "Repack - " followed by the name of the project. So in this case it would be "Repack - KeePass Password Safe V1.04.7z" Now double click on "Keepass Password Safe 1.04.inc". Disregard the warning dialog box and click on OK. Now go to the Build menu and then select Build (real intelligent planning there by InstallShield). You will always see the following error in the long spewing list of things done: ISDEV : warning -6261: The property ALLUSERS is defined in the property table. This may result in a setup that is always installed per-machine when it has been advertised as a per-user install. It is recommended that the ALLUSERS property not be defined in the Property table.Ignore this, it's meaningless. Now close Repackager and go back to the Repack directory. Delete all of the files except for the .msi file. Right click on the .msi file and select "Edit with InstallShield". The InstallShield Editor will open and you will see a scary looking tree on the left side. Click on Shortcuts. Now the screen will go triple pane. This is when your shiny Dell laptop with a 1920x1440 screen really comes in handy. Navigate the tree in the center pane to the shortcut for KeePass. Left click on the shortcut and the details for it will appear in the third, or right most, pane. If you notice, the shortcut's property for Advertised is set to Yes. We want to change this to No. I despise advertised shortcuts. They're nothing but trouble. If you want to know more about them, look it up on Microsoft's site. Back in the center pane again. You will find two directories in every .msi file that are generated by an InstallShield repack. Under "CommonFilesFolder" is a directory named "InstallShield" with a subdirectory named "UpdateService". Right click on the InstallShield directory and select delete. Under "ProgramFilesFolder" is a directory named "My Company Name" with a subdirectory named "My Product Name". Right click on "My Company Name" and select delete. Back to the tree in the left pane. Click on "Property Manager". On the right side you will see the properties for the .msi file. These are all standard with .msi file generated from a snapshot. If you open up an .msi file from a vendor, there will likely be most of these standard values, plus some custom entries. Some .msi files don't really follow the rules though (Windows Messenger V5 is a perfect example). The third entry in the list is "AgreeToLicense". I always change this to Yes. It just makes for one less step if someone decides to double click the .msi to install it. Scroll way down the list to the bottom. The fifth entry from the bottom is "RebootYesNo". I always set this to No. This will NOT suppress a reboot however. It only suppresses whether or not the installer should notify the end user whether or not a reboot is necessary. At the bottom of the property list is a blank line and in the left cell it says "Click here to add a new entry." Click there. Enter in REBOOT (all caps) for the property name. Then click in the cell to the right of that and enter in ReallySuppress. This is what will suppress a reboot. Now KeePass doesn't require a reboot, I'm just pointing it out and showing you what to enter in the event that you do need to put it in. Click on the floppy disk button on the toolbar to save your changes to the .msi file. Now you should have an .msi file that is suitable for distribution via group policy. You do not want to make a switchless silent installer out of this however. If you do, you're like to get all of those Windows Installer pop ups which will inevitably fail. I'm not going to get into a long discussion about it. This is one of those "trust me" moments. Phase 2 - Making the Installer Ok so now we have our .msi file. If you want to you could fire up VMware and take it for a spin to see that it installs and behaves the way you expect it to. I always take the .msi file and archive it away for when I might need it for a group policy environment. Now to make the switchless silent installer. Rename the file from "KeePass Password Safe 1.04.msi" to "KeePass.msi". Open a command prompt in the "Repack" directory. This is where the "Open Command Prompt Here" registry tweak comes in handy. Execute the following line at the command prompt: "msiexec /a KeePass.msi" Direct the AIP to install to "C:\AutoInstall\Final". Now let's go to the "Final" directory. Make a 7-Zip archive named "KeePass.7z" out of "KeePass.msi", "RunHiddenConsole.exe", and the "program files" subdirectory. By the way, don't think that 7-Zip is perfect. There have been a few times when my installer turned out to be smaller by using WinRAR. When compressing with WinRAR, leave out the "RunHiddenConsole.exe" file. WinRAR can launch .msi based installs all on it's own. Note: I'm going to pretty much blast through this as it has been covered previously, most notably by Keytotime who did a fantastic job outlining 7-Zip installer creation. I'm including this for the sake of completeness. Double click on config.txt. This is what the contents should be: ;!@Install@!UTF-8! RunProgram="RunHiddenConsole.exe /w msiexec /i KeePass.msi /qn" ;!@InstallEnd@!Save config.txt. If config.txt was not already encoded in UTF-8, then select "Save as" and make sure that the encoding is set to UTF-8. Double click on 7zSorg.sfx (you did associate .sfx with Resource Hacker right?). Expand the "Icon Group" branch, then expand the "159" branch, then right click on 1033 and select "Replace Resource". Click on the button "Open file with new icon" and browse to your desired .ico file and select it. Click on the "Replace" button. Go to the File menu and select Save. Exit Resource Hacker. You can delete the file 7zSorg_original.sfx. Drop to a command prompt in the "Final" directory. Execute the following command: "upx -9 -o7zS.sfx 7zSorg.sfx" (forgot to mention earlier that you will need to get UPX) Now execute this command: "copy /b 7zS.sfx + config.txt + KeePass.7z KeePass.exe" There you have it. A switchles silent installer. Now what you need to do is TEST IT! Don't go posting installers that you haven't tested. There's like 10 million things that could wrong and the first time you post an installer without properly testing it is when one of those things goes wrong. Believe me I've committed this most serious of MSFN faux pas and it ain't pretty. If you plan on advertising this installer as being usable from svcpack.inf, then for God's sake test it from svcpack.inf. I will edit this thread shortly to add in constructing the installer with WinRAR. Also, I will put together more run throughs that tackle some trickier installations and point out more tips and tricks. So stay tuned... The attachment in this post is a 7-Zip archive that contains the 7zSorg.sfx that I use (it's modified for completely silent use), a sample config.txt, and RunHiddenConsole. Guide.7z

He's installing it from RunOnceEx, not svcpack.inf. I install both .NET 1.1 and Office 2003 from svcpack.inf and don't have any issues like that so I don't think there's a conflict in that regard. You may want to make an administrative installation point of Office 2003 and try installing it that way. msiexec /i pro11.msi TRANSFORMS=unattended.mst /qn If you do decide to install from svcpack.inf, you'll need to edit the .msi file. The registry entries regarding error reporting must be removed.

You mention Office 2003 as an example. Well Office 2003, like many other applications, install using the Windows Installer. As such it conforms to a set of command line switches. If you take a look at the MSFN Guide to Unattended Installations, there is an entire section dedicated to the various installer technologies commonly in use today. So if you can determine what installer an application uses, and the guide will show how to make this determination, then you can apply the standard switches. That sticky in this forum for switches is good, but it's also not the only resource out there on the topic. As muiz stated in the previous post, try a little searching.

Now we're talking. This would be insanely cool. I love that idea.

If you are refering to scripts run from a web page, Microsoft AntiSpyware can block them rather effectively. Too effectively for my tastes in fact.

One thing that people often overlook when taking on a project like this is that a restricted user account will use less system resources than an administrative account. What I have done with my desktop computer is move some of the autorun entries from HKLM\Software\Microsoft\Windows\CurrentVersion\Run to the user hive for the administrator. This way they don't execute for the restricted user, only for the admin account. As far as services go, I find that most of the services that are safe to disable, can really just be set to Manual instead. This way they don't start even for the administrator account. If I need one running, I just go and start it. Of course you can really take this pretty far, but you also need to weigh the advantages of disabling every single little thing and the time that takes vs. the ability to easily disable most things with relatively little effort. I will say though that you have come up with a pretty slick idea there. And this isn't the first one you've had either.

The defrag scripts are generally pretty small. I used to expand the environment strings and use them whenever possible there, but I found things just got a little too convoluted. See there's a difference between fs.FileExists and ws.Run. FileExists is much more flexible in that spaces in paths/filenames don't seem to matter, where as Run follows the rules of a command prompt. For the sake of readability and consistancy I just used the environment variables. Like any programming languages, there's preferred methods, but also there's more than one way to do a lot of things also.

Let me know if you'd like me to host it for you.

People are posting my stuff all over the place and for the most part it doesn't bother me, furthermore there isn't really anything I could do about it if for some reason I did want to be Grinch. But it is nice when somebody bothers to ask. The whole reason I make the installers, well besides for my own use, is to make life a little easier for others. mad_mattx PMed me and I said it's fine. The only thing I ever ask of people is that they link back to the originating thread so that people can get any of the particulars regarding the install, like where it installs to, shortcut creation, and the like).

Update - 20060118 Added GrabIt V1.5.3 Build 909 Added Windows Live Messenger V8.0.0365 I'm seriously starting to get burned out on this, not to mention I'm way behind at work and on some other projects. I'm going to finally start work on Nero 7. My plan is to make 3 or 4 installers for Nero. The main installer that just installs Nero Burning ROM itself, and then others that would require the first be installed already. I'm thinking one would have NeroVision, Cover Editor, and Wave Editor. Another would be InCD only, and the last would be everything else except BackItUp and ImageDrive (both useless in my book). This way there are some choices as to what you want or don't want, but I'm not going to deviate and make custom packages for people. I'm not even certain that I'll be able to do right what it is I want to do.

I gave up on sysprep years ago. Just way too many issues in my opinion. Especially when you can have a totally clean install.

Yea this based on the new 7.0.4 QuickTime and I think Apple is having problems with it. They released an uninstaller / downgrader so that people can go back to 7.0.1 I think. I'm going to hold off and see if they release a "fixed" 7.0.5 which should then spurn the release of a new QuickTime Alternative.

Strange, it doesn't do that for me. I've used it almost a dozen times on as many different machines too.

lol.. it's because they're collecting your IP address for their blacklist. That's why I turned off the update checking in the switchless silent installer that I made.

Just to clarify things.. the downstairs computer is a multihomed machine acting as a gateway for the other computers? Do you have any autoupdating security software on the downstairs computer? It sounds like an access issue where something is either blocking a protocol or the web site ended up on some sort of black list (like in the restricted zone in Internet Explorer). What web mail service is this?

Yes I saw you were from France. It could be any number of countries. What I was suggesting was simply a possible explanation as to why some of us have no problems getting there. I suppose another issue could be DNS. Maybe point your DNS settings to a US DNS server just to see if there's a difference. Another thing to try would be one of the many anonymizing web browsing services. That way your connection would likely come in from somewhere other than where you are.

From the sounds of it, I think the easiest way to go about this would be to take the user in question and add him to the Domain Admin group, then in his user record restrict the workstations he can log into to only the one computer. This of course would make it so he can only log into one and only one computer, but off the top of my head I don't really see how you could accomplish exactly what you're looking for. You could always create a second account for the user to log in at other workstations.

Wow, talk about a nice little bit of info there. Thanks from me too

Perhaps he's blocking access to certain countries? Like if there have been a lot of hack attempts out of Russia (hypothetical), he may block all incoming traffic from .ru.

Tried http://www.nirsoft.net/ just now and it came right up.