RogueSpear

Working as a security consultant, I can honestly say that overdoing security more often than not results in less security. Keep it simple. If you keep the OS up to date, which is easy to do with Automatic Updates, keep your AV and antispyware utilities up to date, which again should be easy with autoupdating.. well you're 90% of the way there. Instituting all kinds of Rube Goldberg types of solutions will not further your cause in protecting a computer and it's network from various types of threats. I stand by my first post as well. For all practical purposes, the browser you use has little influence on the security of your computer. As time goes on, it's the user who has the most influence on the security of a system, not the software and hardware measures that are put in place.

V1.51 - 01/12/2006 - Corrected a fairly serious bug in which not all compressable files were being compressed. - The location of additional NIC drivers to be integrated is no longer user definable in AutoRIS.ini. - All VBscripts have been updated and there is one less reboot required during the setup now. - There is no more Full and Lite versions. The AutoRIS download now includes all of the VBscripts. - Links are provided for the additional addons and installers. In case anyone is curious as to why I use installers rather than Group Policy for the .NET runtimes, it's because I don't think it's a very good idea to uninstall these things. I know there are plenty of folks who say it's just fine to do that, but I'd prefer to install them immediately and remove the chance of someone "accidentally" uninstalling them with the Group Policy snapin. Also I like to have .NET 1.1 at least installed from svcpack.inf so that any software requiring it will install just fine from a Group Policy deployment.

I made a hypertext application using VBscript that displays a dialog box for the user to enter the computer name, and some usernames and passwords. The basic gist of renaming a computer in VBscript is as follows: Dim strComputer, objWMIService, colComputers, objComputer, strName strComputer="." Set objWMIService=GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colComputers=objWMIService.ExecQuery("Select * from Win32_ComputerSystem") For Each objComputer in colComputers Err = ObjComputer.Rename(strName) Next You can substitue the variable strName with a direct name of "ComputerName". Note that the quotes are necessary if not using a variable. But you can derive strName in any number of ways that you see fit.

The script that I included and the .exe installer itself both need to be placed in \OEM in your distro CD in order for the script to properly function. The main purpose of the script is to determine that the install is taking place within VMware vs. real physical hardware. You don't need the script to use the installer. I just included it for the sake of convenience. As far as changing the screen resolution, I usually call NirCmd to do that. Whether you do it from a batch or in VBscript, it works fine. Here is the format: nircmd.exe setdisplay 800 600 32 EDIT: As far as the compression goes, if I remember correctly, I used 7-Zip with that installer.

I realize that this is a long shot, but do you happen to have KVM over IP capability?

This post by BoaSoft. It's absolute genius. I just love it when a guy with 4 posts comes along and shows me something that I never in a million years would have though to do.

First of all I was referring to vbs when talking about my scripts. Second if you're insistent upon making one single script.. by all means go ahead, it's your network. I guess some people need to learn the hard way.

First of all I should point out that my previous post in here was not aimed at the thread starter. Second point is that asking a question is fine. Asking a question that has already been answered in upwards of a dozen times is a problem. Want a good example? http://www.msfn.org/board/index.php?showtopic=65047 This is a perfect example of why kids should not wear bicycle helmets. We've tampered with natural selection a little too much. The other major point here is that there is no "best way" to make an application install unattendedly. I myself use three different methods and even those vary from application to application. Getting a quick, concise, and easy to digest answer regarding this topic is simply not possible.

jondercik is right, you really should do folder redirection via Group Policy. It's a much cleaner method and then you have control over other things like permissions. I have a machine startup script and a user logon script for each OU in my networks. Those scripts then call a master script for those things that are common enterprise wide. I learned over the years that it truly is better to break things up sometimes into smaller more manageable chunks rather than have one huge unweildy script. If you do chose to go the one big script route and then you have to change something for say one or two groups of people, you rish breaking the script for the entire enterprise. Not good.

The thing I like about using HKLM is that is also protects your service accounts which are often the targets of exploits and have more rights than a restricted user. I suppose if you wanted to go overkill you could import to both HKLM and HKCU and then export HKCU to the Default User profile.

If you're behind a Linksys router, I doubt anyone has hacked into his computer. The possibility would exist based on the wireless aspect, but one would have to be in relative proximity to do this. The more likely scenario is some sort of spyware has found it's way onto his computer. It's all too easy for this to happen too. I honestly don't think there's that much of a security issue with him letting IE store his passwords. It's obviously not the most secure way to operate, but I also have never encountered anything where someone had an account compromised based on that. In fact it may be more secure with the proliferation of keyloggers. I think that the Firefox hype is just that - hype. I've been using Maxthon for a while now after growing more and more frustrated with Firefox. Maxthon is actually a broswer that uses the IE core for it's rendering engine and I personally find it to be a much nicer browser. Regardless, I don't think the browser will have much impact on overall system security if the system is properly secured to begin with. It's really of the utmost importance to be running a reputable antivirus solution and a minimum of two antispyware products. I usually stick with Microsoft's AntiSpyware product and SpywareBlaster. SpywareBlaster isn't a true antispyware product, but more of an immunizing product. If you want, Ad-aware and Spybot are good additions. Seeing that you're behind a router, I think that the Windows Firewall should really suffice in terms of a firewalk. There are all kinds of personal firewall products out there, and if you think that he really needs one, a freeware product like the free ZoneAlarm should be just fine. Some of the fancier ones offer more comprehensive ad and popup blocking, cookie management, etc., but I find that the technological neophyte usually grows frustrated with these and disables some or all of the functionality before too long anyway. A fully patched Windows XP SP2 computer that's running AV and antispyware is really much more secure than a lot of so called "experts" would like to admit. What it really boils down to it this: sometimes you just can't protect people from themselves. If your family members insist on visiting questionable web sites, exchange electronic greeting cards, and try out every piece of free software out there that promises the world, then it's only a matter of time before bad things happen. The other important topic for you would be to properly secure your wireless network. That's really a large topic in and of itself and it's one I don't plan on covering in detail here. But the short version of advice would be to not broadcast your SSID, use MAC filtering, use the highest form of security your router offers (hopefully WPA2 personal), change the router's internal IP address to something other than 192.168.1.1, change the default password for the admin login to the router management web page, disable router management over the internet and over wifi so that it can only be managed via hardwire, and finally disable DHCP and manually configure the network configuration on per computer basis. This way if someone somehow did manage to get through all the other security measures, at least they won't be able to DHCP to your network. Overkill? Definately. You can pick and choose what you'd like to do or use. It's all a balancing act where you weight the importance of security vs. the importance of convenience.

I have a lower end Dell PowerVault (I forget the model but it sounds similar). There are two PS2 ports on the back and I have it hooked into a Compaq 8 way KVM. It's billed as a "headless" NAS device, but I think that really just means that it's capable of running headless and Dell intends for you to manage it via the web package they run with IIS. Mine came with Windows 2000 for Appliances, which is essentially Windows 2000 Advanced Server. Anyhow, it'll PXE boot just fine. I actually had to do that once in order to restore it to it's original state when it crashed beyond repair. What you may want to do is get Windows 2003 loaded up into a RIS image and experiment some with VMware first. Then when you get it how you want it, give it a whirl on the PowerVault.

The switchless silent installer links for both files are fully functioning. The links for the .msi files are indeed down and as stated in a previous post, they will be restored within the next week.

Amazing what we'll go through to avoid spam. I know the real way to eliminate spam from the world forever! Find all the knuckleheads who have ever purchased something offered in spam and kill them. Imagine the increase in the quality of the world's gene pool as well. Sounds like a win - win to me

I always find home networking infinately more difficult than corporate. Are you getting the dialog box that asks you for credentials to access the share? Make absolutely certain that both computers are getting the same network settings like the default gateway. Probably using DHCP, but I thought I'd throw it in there in case you've opted to go static. Is NetBIOS enabled?

I use Symantec SAV and SCS but I deploy them via Group Policy. I am also a long time user of DameWare NT Utilities (and of course the mini remote product). While I've never attempted to push either of DameWare's services across subnets, I believe there may be broadcast and / or ICMP traffic involved in the push install of those services which may be contributing to the problem. I've never had a problem using DameWare or the mini remote across subnets or within a VPN session though. In all honesty I've never inspected the traffic involved with it, but a quick peek with Ethereal or Sniffer should give you the answers your looking for.

If anyone would like to give a little back for all of the installers I've made and posted here, I could use a Messenger Live invite Plus that way I can start to work on making an installer for it and actually test it out too.

The main issue for me is the sheer number of applications that are not compatible or have special x64 versions that aren't quite feature complete yet. I also think that Vista may be the first time I take a serious look at the x64 world. [/offtopic]

I put "Symantec AntiVirus" into the search box and this is what I came up with: http://www.msfn.org/board/index.php?act=Se...antec+AntiVirus Threads 1, 2, and 5 in the listing should yield some results.

I think at this point it would be rather difficult to do as not so many people are using x64 yet for a variety of reasons. Also, I don't know if BTS even has a x64 system available for his use. I'm sure that at some point, and probably sooner rather than later, it will become something that is in high demand. I personally have no experience with x64 at all. I am wondering, does it come with more recent drivers than x32? I know that some of the drivers in the current driver packs are reported to work in x64, but actually nailing down which do and don't could take some time as well.

Ask an advanced question and you'll get an advanced answer. I make a lot of switchless silent installers and I also script a lot of installs for those programs not well suited to the aforementioned method. Believe you me it's no trivial task. There are so many gotchas, so many variables that go into it, that it would be extraordinarily difficult to give an acceptable answer. It took me the last few years of diving in to the Microsoft Installer format, InstallShield AdminStudio, VBscript, AutoIt, 7-Zip, hacking file resources, and on and on.. to get to the skill level that I am at now. To suggest that somebody could post a guide that would be so detailed and inclusive of so many subtopics, that the reader could actually become adept at this overnight, is really living in a dream. This is why people here post their works.. their scripts, their installers, make their own utilities, etc. To make it easier and to make it feasable for the newcomer to be able to put together an unattended installation, look like a genius, and take all the credit for it as well. You know how I got to know all this stuff? Reading! A concept not totally forgotten by all Americans. I read my a** off. I read these forums, the forums over at AutoIt, VBscripting, Microsoft's web site, a couple of dozen books at least. Yea, it actually takes some work. And the reason we all get so annoyed is that the majority of people here don't search. It's completely self evident. I have no problem helping others out at all. People here help me all the time. What I have a problem with is helping someone who is so obviously lazy that they can't even perform a basic search. Next thing you know they'll need someone to wipe their backsides as well.

My guess would be that at that stage of Windows setup, there are probably more than just a couple of services that are not yet available anyway, which would leave less to target. For instance, WMI is not available until after the computer reboots from the GUI portion of setup.

I had to go and open my mouth. Recently I was researching scripting "Quotas" with VBscript and for some reason "Auditing" rang a bell in my head My mistake. But I felt like I should at least try to lead you in the right path after that last post I made promising the sun and more. Amazingly I can't find a single thing. Now I'm guessing that there is a way to do what it is that you want to do, but since it is so easily achieved using Active Directory, nobody has bothered to write about it. Here is another theory I have - the way it would be done is to tap into LDAP/ADSI using VBscript which may not be a feasible way to script this in an NT4 environment (that is non Active Directory). I did some fairly comprehensive searches in the Windows IT Magazine VIP CD, Microsoft's TechNet and MSDN sites, and ExpertExchange. The only hits that are even moderately related seem to be scripting Microsoft MOM for auditing based on events.

You're rolling out 400 machines that are in a workgroup and not a domain? Well best of luck to you there. On the bright side of things, auditing is fully scriptable, in VBscript anyway, so if you've got any experience there it shouldn't be too difficult. If you don't have scripting experience, this is probably not too bad of a project to start with as it should be relatively simple.