maxamoto

Several ways around this: Give domain user power user rights on local machine Find registry and file locations and adjust perms accordingly make machine a standalone (not added to domain) [OFFTOPIC] I'm slightly inebriated and probably shouldn't be helping anyone at the moment. Thank God for spellcheck =] [/OFFTOPIC]

Try these: http://www.macromedia.com/go/fl_sw_exe_installer http://www.macromedia.com/go/fl_sw_installer The bottom link is an .msi, so silent installs should be pretty self-explanatory

I spent a good 20 minutes at the site you linked, and while digging though the many pages of vulnerabilities, I found that many of them were irrelevant, since they referred to old versions of Opera. It's not very scientific or intelligent to refer to old data. And yes, let's head over to Secunia... and find how many unpatched security flaws? Zero. Yes, there were 5 flaws found (3 moderately critical, 2 Less critical), but all of them have been patched by version 8.01. IE has 30% of it's 82 security advisories unpatched (14% extremely critical), and Firefox 1.x has 32% of its 19 unpatched (0% extremely critical, 14% highly critical). What are you showing by pointing out the flaws in Opera 7? Everyone who bought a licence to Opera 7 got a free upgrade to Opera 8, so the number of users still on Opera 7 is pretty much nil. I don't really like being called a zealot (read more on zealotry), since I actually do take the time to read about security advisories and the problems with operating systems and browsers. I'll agree with you that there are many people who simply say that one is better than the other without giving justification. Also... next time you post a lot of information, it helps the rest of us if you split it up into paragraphs. One big long paragraph makes it look like a rant and most people will just skim over it (I read the whole thing though). <{POST_SNAPBACK}> My basis for referring to old data is that the versions in question (opera 7, FF 0.x, etc) span the release times for IE6.x. In order to do a scientific comparison we have to take into account not only versions, but also release dates and timelines. I don't think it's fair to compare the amount of vulns in product A and product B when product B has only been around for half as long. Besides, it's always good to know where a product stands security-wise, regardless of versions or dates, and this is why I pointed out the vulns with Opera 7.x, since it is still relevant information just like vulns about Win2K is still relevant. Muddy waters, indeed. From Wikipedia: "Zealotry denotes zeal in excess, referring to cases where activism and ambition in relation to an ideology have become excessive to the point of being harmful to others, oneself, and one's own cause." When people make claims such as DakotaSunRunner did ("I use firefox and with all the security issues with MSIE I shall always no doubt use it") or crahak ("IE has so many bugs, so many security issues, and CSS support is very poor at best"), the perception they're giving is flawed and incomplete. And to this end they become harmful to their own cause. For example, if a newbie to the Internet becomes swayed by these remarks and decides to go with Firefox as their default browser but then becomes the victim of a phishing attack, they will undoubtedly tell anyone they encounter about how FF failed to live up to it's promises (promises that, I have to say, were made by end users and not the company that makes Firefox). This will have the effect of hurting Firefox's market share. Example: I work for the Army, it's no secret. Linux had a chance at making inroads into our datacenters thanks to the very vocal endorsements from one of the higher-ups who was, in my opinion, an OSS zealot. After careful consideration by the elements responsible for securing our networks and datacenters it was decided that Linux had no place in our networks because, contrary to the claims of our resident zealot, the Linux kernel has a far worse track record for security than Windows, and when coupled with a 3rd tier vendor such as Red Hat or Suse it actually becomes one of the most insecure, bug-ridden operating system ever pushed upon an unsuspecting hard drive. The evidence was so contrary to what our zealot was claiming that Linux doesn't stand a chance in our organization, and probably won't for quite some time. If our zealot had spoken the truth instead of making false claims and said Linux is a viable alternative to Windows and, if administrated properly, can be just as secure and stable, he might have had a chance. Instead, he killed his cause by demonstrating zeal in excess, just like the definition says. A bit off-topic, yes, but I really didn't intend to hurt anyone's feelings with the zealot remarks and felt like I should at least explain what I meant. Education is my goal, you could say. My apologies about the ramblings in my last post. I'll try to break it up more to make it easier to read in the future.

Umm... look at the link you provided... The latest date there is 2005-02-13 (more than 4 months ago), and it doesn't affect Opera 8... The next one is dated 2004-11-24, and also doesn't affect Opera 8. The only security issue that I've ever heard of with Opera was a URL spoofing issue that actually affected all browsers, and that problem was fixed in Opera 8.01. So I've "educated" myself a little bit, and haven't put my foot in my mouth... As for the "Firefox & spyware" discussion... if Firefox is "immune" to spyware, then how come SpywareBlaster 3.4 still has updates and entries for Mozilla based browsers? <{POST_SNAPBACK}> I also can't let this one go. Had you spent any time on the link I posted, you would have noticed the vulns weren't ordered by date. They were ordered by rank. As I said before, people see what they want to see. My apologies, but did you even bother to look, or did you have your mind made up before my post even hit the boards? Not very scientific or intelligent... Let's head over to Secunia and take a longer look at Opera 8x. There's not one flaw like you mentioned, there are 5 for 2005. Granted, it's not like the list for IE, but it is an example of how people choose to see what they want to see. Opera 7 had 37 in 2004 compared to 34 for IE6.x in 2004. Granted, I was in a hurry to tame the zealots, and that was my bad. For one, zealots will often disregard reality and can be extremely irrational and emotional about the products they choose. Two, regardless of how you break it down all browser products (right up to and including the much-touted and very venerable Lynx browser are affected in one way or another by security issues. Here's one of my favorites, especially for the zealots that are always claiming thst the Linux kernel is more secure than Windows (You'll note that, when cornered by a knowledable person, the oss zealot will generally say two things. One: Linux is just a kernel and Windows is and OS. Two: You have to compare apples to apples if you want an accurate representation of which one is more secure. Apples to apples means we add up all the kernel vulnerabilities from Linux and Windows (I said kernel vulns, not OS vulns. Fair is fair), starting with Linux. First, there's a grand total of 104 vulnerabilities for the Linux kernels version 2.0.x to 2.6.x, roughly covering a time period 2003 - 2005. I know, not really fair, since WinXP came out in 2001. Regardless, there were 81 flaws for WinXP as an Operating System, but only 19 affecting the Windows XP kernel. OSS zealots will be quick to point out that there is no accurate way to compare Windows and Linux (sorry, the Linux kernel), and they'll usually tell you this right after telling you that Linux is more secure than Windows. Zero logic, folks. Anyway, Let's get back to the firefox thing and we'll do an apples to apples comparison of products as best as we can. We'll have to use the period 2004-2005 since firefox wasn't out before then (but Mozilla, which FF is based on, was out way before then. All the same bugs that affect mozilla affect FF, to my knowlege, or at least thats what the Mozilla Foundation is saying. Still, apples to apples, kids), so we'll only be able to tally up the number of vulnerabilities for IE6.x during 2004-2005. Looks like there are 31 for the FF series and 42 for IE6.x. That's an apples to apples comparison. Sure, FF is more "secure", but not by much. It's still riddled with holes like every other browser. My previous post used vulns from the Mozilla and Thunderbird projects as well, because it's my firm belief that the Mozilla foundation changes directions to avoid having any one of it's products scrutinized too much. When Mozilla started getting more publicity, the security folks started coming forward with reports that it was full of holes. Enter Thunderbird, and again, FireFox. Now that FF is under pressure to compete with IE in all areas, including security, let's see how they do it. I wouldn't be surprised if they change names again. Yeah, I guess I am kind of a zealot too, but I'm more of an anti-zealot zealot. So, to all the Firefox zealots out there, your choice still comes down to taste. Coke or Pepsi. For the record, I think all browsers suck B)

yes, the poor memory managment issue with FF is very popular, however there are very simple tweaks available to make it behave. and those who pick on open source code need a life. <{POST_SNAPBACK}> Picking on OSS is one thing, pointing out glaring OSS deficiencies is another. Would you consider me picking on firefox if I pointed out this? Or this? How about this? Then there's the claims that firefox is immune to spyware. Well, this should put an end to those rumors. Finally, you can read about more firefox security issues here, here, here, here, here, here, and here. Aw heck, just take a look at the very long list of issues with Firefox yourself. Head over to www.securityfocus.com and choose Mozilla from the dropdown menu. See for yourself. Oh, sorry. That was just the list of security issues. If you want regular old bugs, check here. That's page 1 of 229. I don't need a life. You need a dose of reality. What it comes down to is that both IE and FF are highly insecure and unstable. With that said, the only other thing I can think of that would set the two apart is the branding. So, it's a Coke / Pepsi argument. And the first person to pipe up with "Opera is so much blah blah blah" can click here and educate yourself a bit before putting your foot in your mouth. Thanks for playing!

No.

Installing Firefox is like putting an extra set of tires on your car... What's the point? If I wanted an insecure, unstable... Wait a second. I already have one. IE =]

Learn a bit more about computers before you blame your lack of knowledge on an OS.

Hmm... I live in Germany where they use BMW and Mercedes as taxi cabs, so not really impressed by those anymore. I support the American economy (being a soldier and all) so I don't buy Ford, Chevy or Dodge (all made in Mexico now), so Toyota is the most logical option. Had a Camry until some fat, dumb cellphone-using bimbo rear ended me at 50MPH while I was at a dead stop. She was driving a Ford and went to the ER. I walked away with very minor bruises and no downtime from work. Anyway, Hondas are good too. Mazda no good; made by Ford in -you guessed it- Mexico. Not that I have anything against Mexico, but the reason they build them there is because the Mexican Govt. has no environmental protection laws, so the car makers can pump all their hazardous waste into their atmosphere. Great idea, until the birth defects started.

Absolutely. Start Here

Check Here

You need to find out which files are required by the audio subsystem (dll, exe, etc) and give users full permissions on them. It could be as simple as finding the audio drivers in the Program Files dir and just granting them full perms on that, but more than likely you'll have to search them out.

Simple TCP/IP services don't have anything to do with file sharing, rathar it is a collection of tools, albiet outdated, designed to help admin connectivity. And, even with the computer browser service disabled you will still be able to map drives from the command line; you just won't see any other computers in Network Neighborhood. Here are some commands you can try to ensure both PC's are on the same page, so to speak, assuming that you have everything else set up correctly (Subnet, workgroup name, user/pass, etc): Try nbtstat -R, and nbtstat -RR (make sure the R's are caps). This will sort out the name-to-IP mappings your computers will have (much like DNS) for the WINS service. Let me give you a quick example of why this is important: You have a network with 2 computers, BOXA and BOXB. BOXA comes online and gets an IP via DHCP of 192.168.0.10. BOXB then comes online and gets assigned 192.168.0.11. Transparently, both machines go through a browser election to see which one is going to maintain a list of computer names and what their current IPs are. BOXB wins the election and now has 2 mappings in its table. BOXA->192.168.0.10 and BOXB->192.168.0.11. Now, let us suppose that BOXA gets rebooted, and the DHCP server decided to assign it 192.168.0.12 (unlikely, since BOXA should have sent a DHCP_RELEASE right before going down, but with all the cheap hardware out there I have encountered more than one router/DHCP server device that ignored the DHCP_RELEASE and kept the IP in it's assigned tables, so it thinks that there is already a client on the network with that IP). Another browser election occurs and now BOXB has 2 IP mappings for BOXA, each one different. This can definitely cause issues when trying to browse remote shares, for obvious reasons. BOXA should tombstone the record on BOXB, but this doesn't always happen. For this reason, I always try and use static IPs on small networks and map drives using IP addys. Of course, this becomes impractical after about 5 machines, and you're forced to spend a lot more time maintaining the junk, but that is a story for another day...

Turn off offline files and folders

You CAN NOT authorize router DHCP server in AD ... so run DHCP from your Win2k3 box ... <{POST_SNAPBACK}> I'm not sure not being able to auth a router's DHCP service in AD would affect anything, since clients would still be able to grab IPs from any DHCP server on the network, including a router. It would, however, affect being able to use RIS, since I'v personally had issues with using non-AD DHCP servers and RIS. I'm sure there are ways to provision an AD network so that clients refuse anything except AD DHCP packets. I'd actually be interested to hear if anyone has ever done this

To activate Windows XP/2003 using an unattended installation procedure, add the following information to the Unattend.txt file or the Winnt.sif answer file: In the Unattended section, type AutoActivate = Yes Under the UserData section, type ProductID = "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX" I know this isn't what you were asking, but maybe if you make the procedure transparent, you'll achieve part of your objective?

Try flashing the BIOS on the offending machine. I also found this on Bink's website: "I figured it out for my system. Maybe this will help someone else. I am using RIS to install windows server 2003, standard embedded version, and I saw the blue screen with the message, "An Initialization error occurred while attempting to boot from the network" The fix mentioned earlier did not work for me. The Fix: I found the drivers that shipped with my server for the onboard Intel GigE ports, and manually placed the e1000325.inf and E1000325.sys files in the RIS image directory under i386 (i.e. r:\RemoteInstall\Setup\English\.......\win-2k3-embsys\i386) used the following two commands to restart the services (without the quotes). probably not needed, but did it anyway: "net stop binlsvc" "net start binlsvc" no more blue screen."

Actually, you don't need to have a different image for every model out there. Just like with the unattended CD/DVD project, you can incorporate drivers for all your organization's models into a base RIS image and allow PNP to sort it out at install time. The HAL isn't an issue, either, since PNP will detect and install the correct version. AD+RIS+GPO+Application Assignments will make your life much easier. B)

Highly recommended that you run DHCP+DNS from the Server2003 box. Just make sure you secure your DNS against cache poisoning and other things. Check Technet DNS best practices for a good DNS primer.

Yeah, I hear ya. We eventually caved and went with roaming profiles and a few batch files to capture whatever the roaming profile feature left behind. That helped immensely with upgrades and maintaining user data. My troubleshooting is flawed to begin with, unfortunately. I'm in the Army, and we have pretty much unlimited funds to throw at our problems. I have to constantly remind myself that not every company out there is as lucky as we are when it comes to finances

Don't know if this will help or not, but if you are running Active Directory, RIS might suit your needs better. I know it has far less issues than sysprep, and it's a much faster install if you have a 100Mbit network and can afford the bandwidth hit you'll take deploying images. Anyway, hope this helps =]

I'm guessing it was a SID conflict, especially if all the computers are the same name prior to joining. There's probably already one PC in the domain with the name all the others are trying to join with, which would explain why it appears to accept the domain joining but bombs after setup is complete and is requiring an admin to intervene and manually join with a different name. Of course, FQDN and DHCP could be a problem as well. I'm interested to see what solved the issue

DoOldStyleDomainJoin is for backwards compatability, like if you have a NT domain. Ok to leave it. What Martin Zugec said, must be FQDN, and your DNS server must be set up correctly, as well as your DHCP server, if you're using one. Also, change CreateComputerAccountInDomain to yes, otherwise it's not going to create a computer account in Active Directory (I'm assuming this is the domain model you're using...?)

Wnr, Thanks much!

Just wondering if the WPI theme is available for download yet. I didn't see it in the forum yet. Or maybe I'm retarded and missed it