Legorol

Please include KB2964358 in the update list. This is a critical IE8 security update for XP SP3 that Microsoft released on 2014/5/1, despite saying they will not release any more security updates for XP. Security bulletin: https://technet.microsoft.com/en-us/library/security/ms14-021.aspx Update description: https://support.microsoft.com/kb/2965111 Download page: http://www.microsoft.com/en-us/download/details.aspx?id=42588 The update is available for other combinations of IE versions and Windows versions as well.

Thank you. With regards to the Office Compatibility Pack, I also did a test. For sake of completeness, here is the result. I did a clean install of Windows XP SP3. I enabled Microsoft Update. I installed all High Priority Updates for XP and IE, but no optional software or other updates. This cleared the High Priority Updates list. I then installed the Office Compatibility Pack only (FileFormatConverters.exe) and no other software. I then visited Microsoft Update, and were offered these High Priority Updates: Security Update for Microsoft Office 2007 suites (KB2687499)Security Update for Microsoft Office 2007 suites (KB2760416)Update for Microsoft Office 2007 suites (KB2596848)Security Update for Microsoft Office 2007 suites (KB2687311)Security Update for Microsoft Office 2007 suites (KB2596672)Security Update for Microsoft Office 2007 suites (KB2596615)Security Update for Microsoft Office 2007 suites (KB2596785)Security Update for Microsoft Office PowerPoint 2007 (KB2596843)Microsoft Office Compatibility Pack Service Pack 3 (SP3)Note how the list includes KB2596848 but not KB2760591. Out of that list, I installed only the Office Compatibility Pack Service Pack 3, then revisited Microsoft Update. This time, I was offered this list: Security Update for Microsoft Office 2007 suites (KB2878236)Security Update for Microsoft Office 2007 suites (KB2817641)Security Update for Microsoft Office 2007 suites (KB2760591)Security Update for Microsoft Office 2007 suites (KB2827326)Security Update for Microsoft Office 2007 suites (KB2760411)Security Update for Microsoft Office 2007 suites (KB2597973)Update for Microsoft Office 2007 suites (KB2767849)Security Update for Microsoft Office 2007 suites (KB2687499) - note: superceded by KB2767849Security Update for Microsoft Office PowerPoint 2007 (KB2596843)On that list, KB2767849 actually supercedes KB2687499, so the latter can be ignored. All remaining items match correctly with your update list, except for the oartconv update (KB2760411). In conclusion: I verified that the Office Compatiblity Pack updates on your list are now complete and correct.

You are right, there is something weird about the replacement informations. On the security bulletin page, it does say KB2760591 replaces KB2553090. On the other hand, on the component specific page (https://support.microsoft.com/kb/2760591), it says that this update does not replace any other update. This is what you can find on the three relevant update pages: Update File name File version File size Date TimeKB2760591 Oartconv.dll 12.0.6683.5002 8,581,824 13-Aug-2013 10:23KB2596848 Oartconv.dll 12.0.6665.5003 8,581,768 24-Sep-12 20:05KB2553090 Oartconv.dll 12.0.6565.5000 8,578,936 04-Aug-2011 02:17Edit: Note that KB2596848 is NOT a security update, so there is no associated security bulletin. This would explain why MS13-085 references only MS11-072, and it lists KB2760591 as replacing KB2553090. From the point of view of security updates, that is the correct replacement information.

Great work, thank you. It will make it much easier for me to collect all Office 2003 updates now that support is over. However, I noticed that you may be missing an update. Under the Office Compatibility Pack category, you have oartconv2007-kb2596848-fullfile-x86-glb.exe. I beleive that this has been superceded by a more recent update. Here are the details of the newer update: Security bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms13-085 Overview KB article: https://support.microsoft.com/kb/2885080 Component-specific KB article: https://support.microsoft.com/kb/2760591 The new update is oartconv2007-kb2760591-fullfile-x86-glb.exe, available from http://www.microsoft.com/en-us/download/details.aspx?id=40620. Note that you already have the latest update for Excel (xlconv2007-kb2827326-fullfile-x86-glb.exe) released as part of the above security bulletin.

That reasoning is wrong in my opinion. Firstly, that way you are making your work unreliable and useless in a business environment. There are plenty of small- and medium sized businesses still running XP who would find it very useful to be able to easily get all the XP updates in one package. Secondly, there are hobbyists, enthusiasts, diehards and others, not necessarily in a business environment, who use XP with a lot of functionality, including Active Directory. Again, you are making your set of updates unreliable for them. The bottom line is: I don't think you should make a selective decision about which updates your users may or may not want. That choice is your users', not yours. You should create a complete set. As far as I'm concerned, knowing that you are arbitrarily choosing to exclude certain security updates, and that this is not even mentioned anywhere in an obvious place, just made your list of updates completely unreliable for me. How can I even find out which updates you chose to exclude, so that I can manually download those? Do you have a list somewhere? If I hadn't accidentally realised that KB2933528 is missing, I would have never known that some security updates are not included in your update list. I would like to politely urge you to reconsider your policy and include ALL security updates in your list, regardless of what functionality they target. Bear in mind that, as you publish your final XP list, it will become a lasting product that many people will rely on now and in the future.

What's the reason for making security updates for Active Directory an exception? It seems to me that this makes the updates incomplete and hence the list unreliable for use in a production environment. If there is some deeply rooted explanation, I would love to know. Edit: KB2626416 is also a security update for Active Directory Application Mode, yet it's included in your list.

The 2014 March 11 update of the list is missing the new update KB2933528 applicable to Windows XP SP3, released on the same date: https://support.microsoft.com/kb/2933528 This new update replaces KB2626416 (currently included in the list) and KB2801109 (currently not in the list).

@wimb: Yes, it looks impossible to affect the contents of boot.ini during text-mode setup, so I have given up on it. Booting to Recovery Console once isn't a horrible solution. I don't think this would work. For starters, these are just the options that come at the end of a line in boot.ini, I don't see how this could affect the ARC path. Also, the options in txtsetup.inf are for setupldr.bin, and are a bit different from what ntldr accepts.

I could get the $OEM$\$1 working and got it to copy files during text mode (although it wouldn't work without a winnt.sif with at least some entries). Unfortunately it has the same problem as any attempt before: Setup overwrites boot.ini right at the end, just before reboot.

@nimb: That is very interesting, I will try your suggestion out with $OEM$. @nilkanth: It sounds to me like you are mixing two entirely different sets of procedures up. If you have a winnt.sif file, that means that you have used winnt.exe or winnt32.exe to start preparing the installation, but you are trying to follow my procedure for installing from USB, which is a different procedure. Some explanation: When you use winnt.exe or winnt32.exe, a set of temporary folders are created, which setup will look for later on. However, you didn't copy those to your USB drive (you only copied the i386 folder), and so you are running into problems. The instructions I posted in the first post are NOT using winnt.exe or winnt32.exe to start the installation. There is no winnt.sif involved with my procedure, nor any temporary folders. Also, you seem to have a misunderstanding about what "text mode setup" means. "Text mode setup" is all the steps that take place on the text screen with blue background and white letters. The text mode setup includes: computer boots, blue screen with white text is displayed, setup loads a set of drivers, setup examines your disks, you are prompted to accept the EULA, you are offered a choice of disk to install Windows on, and finally a yellow progress bar shows a large number of files getting copied over. The text mode setup ends when a 15-second countdown with a red progress bar appears saying that your computer will reboot. EDIT: couple of other points: Looks like you are trying to perform a fully unattended setup. My procedure was not developed for that. Are you by any chance trying to use a product key and/or CD for an *upgrade* version of Windows XP, and not a full retail or OEM version? My procedure requires that you place the modified copy of txtsetup.sif in the *root* directory of your USB drive (for example, D:\), not in the I386 folder. Otherwise it won't get read by setup.

Based on jaclaz's ideas, I tried a few experiments out to get BOOT.INI to have the correct entry, without any success. I concluded that Setup inspects BOOT.INI when it starts (or at least no later than the start of the file copy part), adds an entry to it and then writes an entire BOOT.INI out after the file copy part. Therefore, the contents of BOOT.INI can't be affected by actions during the file copy part. That was the last remaining avenue I was going to investigate in this topic, so as far as I am concerned I'm finished with this "mission". :-)

Thanks, that makes sense.

I see, but isn't EHCI the name in Windows XP? XP supports all three of the standarsd: OHCI, UHCI, EHCI. Of these, EHCI is the one that supports USB 2.0. See here: http://en.wikipedia.org/wiki/EHCI#EHCI If you don't install the EHCI service, doesn't that result in the USB drive/stick working very slowly? Edit: Or is there something special about the "REM 2000" tag? Do these lines execute on XP but not on 2000?

Great work on this tool! It works very nicely. I was poking around in the files, and I have a question: in files\winsetup\setup.cmd, I noticed that all entries relating to EHCI are commented out with "REM 2000". This includes both the Services and CDDB registration. Why is this? Edit: version is 1.0-beta 7

@jaclaz: I can hopefully get around to testing some of your ideas, they are interesting. @ilko_t: Thanks for the links! I have seen the first one already, I used it to my advantage. I realise that what I was doing is not new, and in fact all the issues in it have been fixed long ago :-) There are nice tools out there. I was trying to make sure I have a good understanding of what I read, and to have a go at doing things manually, as simply as possible. I agree that the drive letter D is a big limitation. It's not too bad if you can predict it beforehand, since Setup assigns drive letters in a documented way, but it can definitely get tricky. I liked the idea of using a drive letter because once you are done partitioning, that doesn't change, whereas ARC path does if you change what you boot from.