RogueSpear

You need to enable Auditing in the local machine policy first. In order to enable auditing on a local machine, go to Start Menu/Run, type in gpedit.msc. This should give you the Local Computer Policy. Expand Windows Settings, then Security Setting, then Local Policies, and finally click on Audit Policy. Select the kind of auditing you want to enable for all of the audit types. Next you need to enable auditing for a particular resource, like a file, folder, or registry key. For example, right click on a file and select Properties. Then click on the Security tab, then click on the Advanced button, and finally on the Auditing tab. Now you need to add users/groups and actions for which you want audited on that resource. Example: Add the user Everyone and select the action "Read". This will tell you if someone accessed the file in the Security Event Log. Be careful in what you set to audit. If you select an entire subdirectory and audit success and failure of every possible action, you'll slow your machine to a crawl and generate tens of megabytes of log information. And in the end that means you're less likely to find what you're looking for. It usually takes a little time and experience to get the hang of how to fine tune your auditing, but the payoff is huge. I've documented and confirmed many bugs in software this way, proving an error in code or some other issue. Good luck!

Thanks for pointing those out. AutoGK was just a mistake, but it seems that the server does not like the # character very much so the VJ packages have been renamed. If anyone uses my scripts that make use of these two packages, you will have to rename them accordingly.

You would need to find a maintained list somewhere akin to what you are using now for ActiveX. There is a big one out there and for the life of me I can't remember the name of it now. And I long ago deleted the last version I had archived. I used to use it myself, but I found it to be far too troublesome. They were far too inclusive in what was put in the list and it always required massive editing everytime a new list was published. If you support users that need access to MSN, Yahoo, etc. then the list is not for you. What they attempt to do is a add in some degree of ad blocking and cookie blocking by making the list include ad URLs. Nice concept, but terrible execution. Something that may interest you is a freeware product called Proxomitron. It's similar to the eDexter I had described above, but considerably more advanced. Once you have it fine tuned to your liking, it's a snap to deploy.

@BoardBabe, This is all really puzzling to me. When I repackage SpywareBlaster, the captured registry settings are all within HKLM. Why it is otherwise for you is a mystery to me. I'm not saying you're making a mistake or anything like that, I'm just telling you my results from a repack capture project that I went back and looked at last night. What I can tell you is that I always export these three registry keys after updating both Spybot and SpywareBlaster (they both do immunizing) and import the resulting reg during installs, whether they be from CD/DVD or RIS based. And it certainly works because every now and then I get a call from someone complaining that a site they want to visit shows "Restricted" in the status bar of IE. @boggen, While it's true that this can work, I always disable LMHOSTS during setup since I also disable NetBIOS. Further, if you wanted to take an approach like that you might better off populating the hosts file with blacklisted sites. Or even better, use a freeware utility called eDexter which is a really small proxy that uses a hosts like file. The difference is that eDexter's blacklist file can use wildcards where hosts cannot. If you do a google search for "ad blocking hosts file" you'll find a lot out there with something like 14,000 sites it blocks. But this comes at a price and that is major, as in severe, performance issues. That's why eDexter is the better solution for that type of blocking.

This is just about all the reason I need to continue using my ipaq for music playback instead of getting an ipod. What a load of crap this is. The outcry is deafening when Microsoft pulls a stunt like this. Curiously I hadn't heard a thing about this until a few months ago.

Update - 20060110 Updated VirtualDub to V1.6.12 Build 24259 Macromedia Shockwave Player to come soon (been busy) Phase out of RapidShare has begun Anybody who is a regular visitor and downloader in this thread needs to extend the largest Thank You ever to war59312 for hosting many of the files here. I have taken on the hosting of the smaller files, generally under 1MB, but he has offered to host all of the files. I have migrated most of the switchless silent installer files already, and will work on the .msi files in the next few days. With the amount of editing I had to do to the posts, it wouldn't surprise me if I made an error someplace. So please report any broken links and I'll repair it as soon as I can. So for anyone who has been having the strange issues with RapidShare saying you've gone over your limit even though you haven't downloaded anything in a month - you should be able to get these files without any problems now.

Try this line out: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Yahoo.com] "*"=dword:00000004 That should put Yahoo in the restricted sites zone.

So is it working for you under HKLM? I believe that's where both SpywareBlaster and Spybot both place their immunizing registry settings.

What appears under Security Zones in the Internet control panel applet, is anything under HKCU. I prefer, and I think it's the better way to go, to put them under HKLM for two reasons - it protects everyone, including service accounts and secondly, the casual user will not see anything under the restricted zone and therefore won't be tempted to remove anything.

It all depends on what Method you are using, but even if you are using Method 2, the command line version of 7-Zip, 7za.exe, should be copied into your image for you. Method 1 I don't believe needs it at all.

Even though it appears you are from the USA, I can barely understand what you wrote in the second half of your post. Anyway, regarding the one-touch buttons; it all depends on if the "device", meaning the one-touch buttons. If the device falls under the System Devices branch, like the hotkeys on a Panasonic ToughBook, they should install like any other driver. On the other hand, if they fall under the HID branch, like a standard keyboard, then you're screwed. I have a lot of experience with HP-Compaq laptops, all of it bad I might add, and every attempt I've made to integrate these kinds of drivers into the installation routine has ended in failure. I should clarify that statement. The drivers install just fine. Unfortunately they install on any and every computer, not just the model of laptop they were intended for. At one point I had a grandiose idea of making a VBscript that would identify the model of laptop through WMI and then install the appropriate proprietary button driver. In the end I decided this was going to be entirely too much effort to support buttons that nobody I have ever know has ever once used.

Probably the easiest thing to do is export the registry key for restricted sites to a .reg file and then perform the import during your ua. Restricted sites is HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains Cookies (as in cookies to never accept) is HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History and finally, ActiveX controls is HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility I find it convenient to update SpywareBlaster and then export these three keys as they correspond to what SpywareBlaster is actually doing. This way you can import them from cmdlines.txt and know you have at least a minimum amount of protection right from the start.

It always amazes me how I stumble upon these multipage threads that have somehow escaped my attention. Just in time too. I was just going to start making a VBscript that does exactly what this does. No sense in reinventing the wheel, especially when it wouldn't be as good of a wheel Thanks for the great tool.

Well I guess that answers that Thanks for testing it out Bi0haZarD.

@meostro, If you want to fit all of the drivers onto one CD, do the first half of a Method 1 which will cab all of the "cabable" file. You should have plenty of room to spare that way. I usually do this myself every so often and that CD is always in my briefcase.

Glad to know I'm not the only one who experiences that problem with them. You have my sympathies, it can be maddening.

I've noticed that some computers will display hi-res true color backgrounds during setup and others will not. I'm not sure if it's the computer itself or the video adapter, but it's best to design it for the lowest common denominator.

Not sure how I missed this little nugget the first time around, but thanks a million! I never would have thought about doing this on my own. Going to test it out from VBscript in the next couple days. Excellet work. Thread bookmarked.

Yea if I can actually manage to get a test .iso properly put together tonight. Running in too many directions this weekend. If it isn't today, it'll be rather soon.

@BTS, so far as I know there isn't a problem with the KB888111 integration, but I always use RVM on my sources prior to the Driver Packs, so it's already there for me. I have seen Killgore mention that there seems to be an issue with it, however I have not gone through the steps to verify this. What I was mentioning to wrhiltz was that the RealTek drivers seem to have major problems installing (in my experience) if SP2 and/or KB888111 are not already properly integrated into your install source.

@war59312, It sure should be enough. Holy crap, that's a lot of bandwidth. One of the reasons I have been using RapidShare is so I can kind of sort of keep track of how much traffic there is. Most of the installers don't really see that much traffic, SharpReader being a good example. Others like Microsoft AntiSpyware or MSN Messenger have seen over a hundred downloads in a 2 week period. If you want to send me a PM, we could work on some details. @Gedrean, I'll get that up tonight and will update the link in the posting. @All, should have Macromedia Shockwave Player and a new VirtualDub uploaded in the next 24.

Check out my RIS guide for the full scripts. Link is in my sig.

I also nuke all reference to the Location Finder utility from the .msi file. You end up saving a little space too since, in Streets & Trips anyway, it not only installs that little utility, but also a database file that weighs in around 60MB.

The following are bits and pieces of VBscripts I use with RunOnceEx to do this. You can implement them as you see fit. Script 1: Option Explicit Dim ws, fs, wn, sysdrv, compname, colDrives, objDrive, strOEM Set ws = WScript.CreateObject("WScript.Shell") Set fs = CreateObject("Scripting.FileSystemObject") Set wn=WScript.CreateObject("WScript.Network") sysdrv = ws.ExpandEnvironmentStrings ("%SYSTEMDRIVE%") compname = ws.ExpandEnvironmentStrings ("%COMPUTERNAME%") Set colDrives = fs.Drives For Each objDrive in colDrives If fs.FileExists(objDrive.DriveLetter & ":\WIN51") Then strOEM = objDrive.DriveLetter & ":\OEM" Next '** Subroutine; Set the RunOnceEx key with values Sub SetROE Dim strKeyPath strKeyPath = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\" ws.RegWrite strKeyPath & "TITLE", "System Optimization", "REG_SZ" ws.RegWrite strKeyPath & "080\", "Final Hard Disk Defragmentation", "REG_SZ" ws.RegWrite strKeyPath & "080\1", strOEM & "\080_FinalDefrag.vbs", "REG_SZ" ws.RegWrite strKeyPath & "090\", "Setting User Accounts", "REG_SZ" ws.RegWrite strKeyPath & "090\1", strOEM & "\090_ConfigAccounts.vbs", "REG_SZ" End Sub '** Subroutine; Create and configure a temp Administrator account Sub TempAdmin Dim strComputer, strPath, objComp, objUser, objGroup strComputer=wn.ComputerName strPath=("WinNT://" & strComputer) Set objComp=GetObject(strPath) Set objUser=objComp.Create("user", "TempAdministrator") Set objGroup=objComp.GetObject("group","Administrators") objUser.SetPassword "password" objUser.FullName="" objUser.SetInfo objGroup.Add objUser.AdsPath End Sub '** Subroutine; Set AutoLogin for the next reboot Sub SetAutoLogin Dim strKeyPath strKeyPath = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\" ws.RegWrite strKeyPath & "AutoAdminLogon", "1", "REG_SZ" ws.RegWrite strKeyPath & "AutoLogonCount", "1", "REG_SZ" ws.RegWrite strKeyPath & "DefaultPassword", "password", "REG_SZ" ws.RegWrite strKeyPath & "DefaultUserName", "TempAdministrator", "REG_SZ" End Sub '** Run Tasks SetROE TempAdmin SetAutoLogin ws.Run("""%PROGRAMFILES%\Utilities\ntregopt.exe"" silent /noprogresswindow /reboot"),0, False What this script does is create a temporary Administrator user (TempAdministrator) and set the auto logon information for that newly created admin user. It also sets the RunOnceEx settings for the next boot. You must reboot in order to copy the ntuser.dat file of the currently logged in user. I happen to use NTRegOpt, a registry optimizer for initiating the reboot. Here is the next script 090_ConfigAccounts.vbs, which is set for RunOnceEx in the script above: Option Explicit On Error Resume Next Dim ws, fs, wn, objReg, sysdrv, strComputer, strPath, objComp, colDrives, objDrive, strOEM Set ws = WScript.CreateObject("WScript.Shell") Set fs = CreateObject("Scripting.FileSystemObject") Set wn = WScript.CreateObject("WScript.Network") Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & "." & "\root\default:StdRegProv") sysdrv = ws.ExpandEnvironmentStrings ("%SYSTEMDRIVE%") strComputer = wn.ComputerName strPath = ("WinNT://" & strComputer) Set objComp = GetObject(strPath) Set colDrives = fs.Drives For Each objDrive in colDrives If fs.FileExists(objDrive.DriveLetter & ":\WIN51") Then strOEM = objDrive.DriveLetter & ":\OEM" Next '** Subroutine; Process the built-in Administrator account Sub ProcessAdmin Dim objUser1, objUser2, objGroup1, objGroup2, flag Set objUser1=objComp.GetObject("user","Administrator") Set objGroup1=objComp.GetObject("group","Debugger Users") Set objGroup2=objComp.GetObject("group","Guests") objGroup1.Remove objUser1.AdsPath objGroup2.Add objUser1.AdsPath objUser1.SetPassword "password1" Set objUser2=objComp.MoveHere(objUser1.ADsPath,"Jerry") objUser2.Description="" objUser2.SetInfo If objUser2.AccountDisabled="False" Then flag=objUser2.Get("UserFlags")+2 objUser2.Put "UserFlags", flag objUser2.SetInfo End Sub '** Subroutine; Process the built-in Guest account Sub ProcessGuest Dim objUser1, objUser2 Set objUser1=objComp.GetObject("user","Guest") objUser1.SetPassword "password2" Set objUser2=objComp.MoveHere(objUser1.AdsPath,"Kramer") objUser2.Description="" objUser2.SetInfo End Sub '** Subroutine; Create and configure a fake Administrator account Sub FakeAdmin Dim objUser, objGroup, flag Set objUser=objComp.Create("user", "Administrator") Set objGroup=objComp.GetObject("group","Guests") objUser.SetPassword "password4" objUser.Description="Built-in account for administering the computer/domain" objUser.FullName="" objUser.SetInfo objGroup.Add objUser.AdsPath If objUser.AccountDisabled="False" Then flag=objUser.Get("UserFlags")+2 objUser.Put "UserFlags", flag objUser.SetInfo End Sub '** Run Tasks ProcessAdmin ProcessGuest FakeAdmin fs.CopyFile (sysdrv & "\Documents and Settings\Administrator\ntuser.dat"), (sysdrv & "\Documents and Settings\Default User\ntuser.dat"),True If fs.FolderExists(sysdrv & "\Documents and Settings\Administrator") Then fs.DeleteFolder(sysdrv & "\Documents and Settings\Administrator"), True objComp.Delete "user", "Administrator" objComp.Delete "user", "ASPNET" objComp.Delete "user", "HelpAssistant" objComp.Delete "user", "SUPPORT_388945a0" objComp.Delete "user", "TempAdministrator" If fs.FileExists(strOEM & "\090_NameSettings.hta") Then ws.Run (strOEM & "\090_NameSettings.hta"),1,True WScript.Sleep(2000) ws.Run("""%PROGRAMFILES%\Utilities\ntregopt.exe"" silent /noprogresswindow /reboot"),0, False This script does a little management of the builtin accounts for better security. Of interest to this thread is towards the bottom of the script, where the ntuser.dat file is copied over to the Default User profile. Also note that at this point the computer is logged in under the credentials of TempAdministrator, but you can still delete the user account from the computer prior to rebooting. Right at the end, I run an hypertext application that I made (my very first one) that brings up a dialog for the user to specify the name of the computer, the name and password for an Administrative user and the name and password for a Restricted user. I'll include it in case anyone wants to check it out and use it. 090_NameSettings.7z

Generally what I do with my installs is copy the ntuser.dat file from the Administrator profile to the Default User profile. It's always towards the end of the install routine so most of the settings I care about are already in there. The scripting gets a little bit convoluted, but after you've been doing for a little while it makes perfect sense. To get an idea of what I'm doing you can check out the VBscripts I use with RIS installs in the thread for my RIS guide (see my sig for the link).