w2k4eva

My best/favorite machine is running W2K. It is hardware capable to run XP, Vista, W7, 8 or 10 but I like W2K. Yes there are other newer machines in the house running XP or W7 but they are not as good. It has been down twice for power supply issues, once for HDD failure, and a few shorter outages for power failures, but otherwise has been running W2K continuously since its initial build in 2007. I have a couple others that also run W2K although they are older and do not see daily use any more.

ImgBurn will do everything ISO Recorder does plus a whole lot more - like DVDs and BluRays, authoring, etc, at whatever speed your hardware can support. It is compatible up to W8 (not sure about W10) and even all the way back to W95! I prefer version 2.5.7 (only one version back from current) moreso than the latest since it does not come packaged with the OpenCandy adware. Just scroll a little farther down the page for the older versions. Watch out for checkboxes to be cleared during install, to avoid the toolbars. Way better than buggy old Nero, and free, too. http://www.imgburn.com/

For me what it comes down to is this. Website operators know that users will see those warnings if they don't renew their certs on time, and reputable sites want to keep their reputation for integrity. If they are cutting corners on renewals despite the public embarrassment of being caught at it in this visible area, what else are they not being diligent about that we cannot see, like what they do with their private keys or our credit card numbers? It does raise the question of whether sloppy practice in one area spills over into sloppiness elsewhere and whether they really are serious about protecting the security of their customers - do we really want to do business with such careless firms? Using PaleMoon will cover your browsing by using its own cert store rather than the one managed by Windows. But it will not cover the other uses of certificates - for instance secure email, secure FTP, codesigning, etc. You might be using webmail rather than Outlook Express, or Thunderbird which also uses its own cert store. Maybe you don't use FTP at all whether secured or not. But you will likely still install programs and/or updates or device drivers, so codesigning will be important for those things. And that means needing to keep the cert revocation list up to date for those other uses.

I hate it when "experts" advocate "cleaning" and get a little too delete-happy! First, just because a cert is old or has expired doesn't mean it is useless. If it was used to sign something important during the time it was valid, you may need to keep it. In particular, https://support.microsoft.com/en-us/kb/293781 describes some that expired in 1999 but are still required for W2K, XP and W2K3. Second, for the cases where you really do want to avoid using certain certs, such as some of those foreign CAs you never heard of, or a situation like DigiNotar, deleting them is NOT the best way to go. It not only doesn't solve the problem, but even worse, it leaves many users with a false sense of "security" that they have "dealt with it" when they really haven't. Next time you browse or do something that requires that cert, it will just get re-downloaded in the background and re-installed, similar to downloaded javascript or activex stuff. A much better way to deal with these is to move them to the untrusted store instead. The mmc snapin can let you do this, you probably want to use an admin account to have the choice of "local computer" rather than "current user". It is generally a good idea to backup your existing certs before making changes. Expand the relevant plus signs in the tree pane and click the "Trusted Root Certification Authorities" (or whichever other list) on the left pane then either "Registry" or "Third-Party", right-click and select All Tasks->Export Store, save the file somewhere. Then do the other location. Look through the list of certs in the right pane to find the one you want to un-trust and highlight it, right-click and select "cut". Then highlight Certificates under Untrusted Certificates-Registry from the left pane (the list that appears in the right pane should include DigiNotar and similar entries already un-trusted), right click, Paste. Third, I am a bit dubious of phil3's blanket claim that problems will result from having more than 200 certs in the trusted root store. I have never seen a system with so few and it does not seem to cause problems! The system I am using to type this post has 422 and there is no trouble searching for any of them. (At least for client skus - not many home users run a SSL/TLS server. If you do then KB933430 and/or KB2801679 may be interesting. Microsoft does not say the issue is a limit of 200 certs but rather that the list being sent by the server needs to fit within 16kb.) In any case his concern about KB2661254 is ancient history, that update was issued on Aug 2012 and reissued on 9 Oct 2012, so those old 1024bit certs should have long since been flushed out and replaced by now. Even back then it was only a concern for those in corporate environments that were depending on internally used certs that were not going to be changed out in a timely manner, not really an issue for home users. Now as to whether anyone needs to manually cleanup certificate stores... in theory we should have been able to rely on Microsoft to be cancelling those bad certs through the automatic update system. But as a practical matter it can take way too long for these things to get discovered, and afterward even longer before an update was generated and released, then for the next patch tuesday to roll around, and still longer for users to eventually apply those patches, which is probably why Vista and up default to using the automatic update-on-the-fly method. But now that W2K3 support is ended, the only reason Microsoft has left to generate those updates is for use in disconnected environments that can't use the newer system... but since disconnected networks are considered to be less at risk, those updates might now be generated less often than when they were being used by the older no longer supported OSs. So we may see more situations in the future where we hear about known bad certs but the relevant update is not immediately forthcoming from Microsoft. In those cases manual cleanouts (preferably, un-trusting rather than deleting) could be useful. Even worse, Microsoft is not likely to cancel many of the foreign government certs unless there is evidence of abuse, and maybe not even then, if the perps appear to be part of some state agency. But that doesn't mean we all want the government of Pakistan to decide what websites we here in the US will trust by default. I'd be really skeptical of any tool that claims to clean them out for you. The basic problem is that someone else's idea of what is an undesireable cert may not match your needs - can you really trust someone else to decide for you what is trustworthy? This is one area I would not want to outsource my thinking!

If you are willing to navigate using keyboard shortcuts (arrow keys, Alt-Tab, etc) then the mouse class driver can go too. Especially if you go so far as to replace the shell and eliminate Explorer.

I am also using SeaMonkey 2.33.1 (although on WinXP using en-us), but do not have this issue so it wouldn't be a IPB bug. Maybe something specific to W7 and/or a language specific problem?

I generally remove other languages that I would never use anyway, and maybe get rid of Messenger, for me that is about it. Quicker can be had by disabling unwanted services and startup items, but this doesn't really require NLite. As for safer, you would get some of that by using some other browser that is not IE and does not use ActiveX stuff, there are many to choose from. The missing parts would include Add/RemovePrograms, WindowsUpdate, HTML Help, but these have workarounds so aren't critical. Whether these are considered "ill effects" is debatable and likely depends on who the intended user is. You could use either NLite or HFSLIP but it would be best not to try to mix the two methods. FDV has a fileset to help with the removal. I haven't actually done this myself. You may also want to read http://www.vorck.com/windows/ and-or http://www.vorck.com/windows/xpsp4.html edit - looks like jaclaz typed a little faster than I did...

Well, I finally solved it. Turns out there are TWO settings that needed to be enabled but the error message only mentioned one of them (userdata persistence). The other one is on the same property sheet - "Internet Options" -> Security tab -> Trusted Zone (assuming you have put the MS update website addresses in that zone), click Custom Level. Scroll to the section for ActiveX controls & plugins, find the one for "Binary & script behaviors", click Enable, then OK. Didn't even need to restart IE, just revisit the page and now it loads correctly.

Oh, it looks like there's a few things I didn't get before... By "boot drive", do you mean C: and is that where you have the dualbooted W98 install - and did you say your W2K is on D: ? Sounds like a REALLY bad installer if it hardcodes drive letters even when the OS is installed on some other partition! The main problem may be about simply running out of space - 36MB just isn't enough for really, anything! Any possibility of clearing out more space? One biggie could be to NOT allow swap to use that partition, instead redirect it to some other partition with more space available. Sometimes this can free up as much as 3GB. Also perhaps move "temp" and/or "tmp" as well (both for your own username and for system, they are generally different), this can be a pretty large amount of space consumed... and, yeah, clean them out first! A tool like CCleaner - or even just Disk Cleanup that is packaged with Windows - might help here. Of course you'll need to be sure there is plenty of space on whatever partitions you redirect these items to. My personal method is after the above are moved, to also move "My Documents" to somewhere else than where the OS is installed since this one folder invariably dwarfs the entire combined other contents of that partition. And yes, even W98SE lets you move those items, at least if you have another FAT32 (or FAT16) partition to move them to. I'm a little confused now - are you installing the Intel drivers? I thought you said it was a DLink adapter? I wouldn't expect the drivers to be interchangeable if the underlying chips don't match. Hmm, that sounds like the service component is the only thing left, so that must be what is hosing the works. The only other thing I can think of to try would be, after install and turning off the startup folder stuff and the startup entries, to also disable the service. Start->Run, type "services.msc" without quotes, and press Enter. Then scroll through the list looking for whatever just got installed, right click it and choose Properties. On the General tab, set the Startup type to Disabled. If that lets you boot, it would confirm that it is the service that is the problem. You could then try re-enabling the other items to see if you can still boot properly without the service. But since the service will be needed to actually use the device, I'm not sure how useful this information will be unless someone else can find more clues. They might, the only way to know is to try them. What router(s) are you using? If it is not a DLink there may also be other clients to try. If the card really is supported under W2K then UURollup shouldn't be needed for this. As for defeating the purpose, there may be another path - have you got a driver for plain old wired ethernet? That might let you DL the rest of the drivers. The other question is whether this whole sequence is backwards. It would be MUCH safer to use some other system to do those downloads, then copy the files onto a CD, DVD, or USB stick, then to the target system. I would NEVER connect a new (or even old!) build to the internet until after drivers are installed, things are updated, and a good firewall is installed and properly configured. If you have not got all your drivers in order that could be part of your problem. Especially important would be motherboard chipset drivers, and anything related to USB. There are also a bunch of USB related updates for W2K that might be needed. I'm not sure from your post whether you are using ONLY the SP4 and official UR1 packages from MS, or something else like the Gurgelmeyer package (which installs only MS files. It includes SP4, UR1, plus hundreds of other updates). If you haven't somehow included them already you may need to add KB843503, KB838417 and/or others. KB890188 - ignore the title, what matters is that it replaces Wzcsvc.dll, Wzcdlg.dll, Wzcsapi.dll, and Wzcsetup.exe KB904711 may be relevant as it replaces winlogon.exe Did you used to use it on this system, or was it on a different one? What motherboard is this? Does it use one of those older VIA-based USB controllers that MS refused to support? If so you may need to disable that and use an adapter card in a PCI slot to have working USB. Maybe previously the drivers and updates were squared away first? It's a bit hit-or-miss, but sometimes people give them away on either freecycle or craigslist free stuff (pick a location, then under "for sale", click "free"), if you have the patience to watch and wait for something to turn up.

This isn't needed. MS does (somewhat - sometimes there are errors) give the bulletin number and supercedence info. Do the search, then simply click on any of those results. The popup window has 4 tabs. The Overview tab will have the "MSRC Number" (at least if there is one) and the Package Details tab will have the replacement info (if any).

My how time flies...my favorite browser addon is now more than 10 years old. Noscript goes a long way toward solving this. Having found it so long ago I simply refuse to surf without it. Makes it possible for even a 16 year old laptop running W98SE with only 256MB RAM to surf comfortably on modern webpages once the bloatware is removed from them. Might also work for PaleMoon but IE users are outta luck. It can also be helpful to supplement this with RequestPolicyContinued. I am using 0.5.29 (the last non-beta version) which works in SeaMonkey and older FireFox and maybe also PaleMoon. But it will have issues with FF versions after 40 when Mozilla starts to enforce the walled garden/jail. In line with this they have (prematurely) pulled 0.5.29 from the addons site, but it can still be had at requestpolicy-0.5.29.xpi Pages definitely load faster with these extensions installed than without either. How much faster varies by site and depends on how much bloat you choose to allow, which is easily adjusted on the fly. A nice side bonus is that those annoying flashcookies and whatnot don't need to do their tracking thing, and malware has a harder time creeping in.

MS is not very consistent or helpful in noting supercedence on these. Here's what compares to my own rather incomplete notes. I do need to eventually get those more up to date so there probably are more replacements beyond these. The first entry KB2656353 listed as "MS12-035" is actually MS11-100 as correctly noted in the second list, it is obsolete but ended up in both lists. I'm not clear that MS10-041 KB979906 is required anymore once XP SP3 is installed. I've never had Windows Update offer this unless SP3 is missing. This could also be down to my habit of also installing KB979904 at that point. MS11-044 KB2518864 is replaced by MS12-035 KB2604092, it also ended up in both lists. MS14-009 KB2898856 is replaced by MS14-053 KB2972214. MS13-004 KB2756918 is replaced by MS14-053 KB2973115. MS14-009 KB2898855 is replaced by MS14-053 KB2972215. MS14-009 KB2901110 is replaced by SA2905247 KB2894842. Missing items: I have KB976576 and KB977354 as a combined substitute for KB982524. SA2905247 KB2894845 .NET 1.1 SP1 update MS12-074 KB2729450 .NET 2.0 SP2 update KB2789643 v2 .NET 2.0 SP2 update KB958481 .NET Framework 3.5 Family update for XP - Application Compatibility Update for the .NET Framework 2.0 Service Pack 2 SA2905247 KB2894843 .NET 2.0 SP2 update (this is not replaced by ms14-009 kb2901111 despite being older chronologically) SA2905247 KB2894842 .NET 4 update There's also the whole bunch for .NET 1.0 - if anyone is using Tablet Edition these are required, the .NET 1.1 will NOT substitute in this case. I think the same may also be true for Media Center Edition but haven't actually used that myself. There are of course MANY more .NET updates issued from May 2014 onward that apply to XP without any modification. They did not stop with XP EOL - had you really meant to skip them for some reason?

A little googling shows you aren't the only one having issues with this card. Maybe try to divide and conquer. Can you separate the driver installation from the client manager portion? I'd try using the latest driver loaded by navigating to the INF file but not installing the client yet, see if that much can reboot. If so, then try the full install, but before rebooting, adjust your startup entries to not autoload the client at boot, see if the error persists, or if not can you launch the client manually when needed rather than every boot no matter what. Another alternative would be use the latest drivers but a different client. There are a couple threads that have links to some potential targets: http://www.msfn.org/board/topic/173922-need-a-wireless-client-for-windows-2000/ http://www.msfn.org/board/topic/144280-wpa-client-software/ In particular, the Buffalo client can work with other cards provided it is connecting to a Buffalo router. Maybe try one from the manufacturer of your router and see if they are similarly tolerant of other makers' cards? I guess if it is a DLink router that puts you back where you started... One thing to note, in post #21, so you may have to turn off the WPA2 option in the router if your card is uncooperative.

But there IS such an option - you just have to add each one to the exceptions list.

Actually it is the "net stop cisvc" that turns it off - the regkey sets the service startup type to "disabled" so it will not restart at next boot. Not sure about adding it to winnt.sif but a simpler way might be to add the key at T-12 via cmdlines.txt as described at http://unattended.msfn.org/unattended.xp/view/web/14/ - they even show an example of using a *.reg file there (which is a handy thing to have - you can just add more keys/tweaks all in one convenient place without mucking around in winnt.sif at all). Oh, almost forgot - are you using HFSLIP? If so you can toss that same *.reg file into the HFSVCPACK folder, where it will be run at T-13 and not bother with $OEM$ or cmdlines.txt either.

You do not need NLite for this, I've actually never used it. HFSLIP works for adding SATA drivers to W2K or XP install CDs, at least for US English. I haven't tried Czech so don't know of any special issues there but lots of people have used HFSLIP for this in other non-english languages generally. Might the missing file complaint have been about 4 files OEMBIOS.DAT, .SIG, .CAT, .BIN? If these were not right that could cause issues with license keys if the source CD was OEM. But this is a separate issue than SATA drivers. Nor do you need the FDV fileset if you don't otherwise want it, though Fred Vorck's guide was rather informative and helpful for me. And yes, his general outline works with drivers having more than one file too. Other interesting threads: http://www.msfn.org/board/topic/84572-integrating-sata-and-raid-drivers-with-hfslip/ http://www.msfn.org/board/topic/63302-integrating-drivers-with-hfslip/ I think the latest version of HFSLIP is likely to be on thomasz86' site: http://windows2000.tk/new/ I think it was Vista and up that finally allowed media other than floppies. For XP and W2K Microsoft hardcoded their install images as floppies ONLY, which is why this was so problematic - the need for SATA drivers came out around the time that system box manufacturers were doing away with floppies so people had no way to add drivers, precisely on the only systems that needed them. This is THE issue that made many people learn about slipstreaming.

No, I don't suggest NVidia, those drivers have earned a special mention in my book. They are the ONLY ones I have EVER found to be so horribly bad that the even older ones packaged on the Microsoft OS install CDs actually work better! I know Catalyst 6.x (most of the files are version 6.14.10.x according to Windows driver details) runs on W2k since I have that running. I think I found it on an install CD that came with an older video card. It does want you to have .NET 2.0 and DirectX 9.0c installed first. The vendor for that card seems to think W2k also works with 7.2 (but I haven't tried that), see http://www.powercolor.com/us/support_driver.asp?byclass=1&PSeries=7&PModel=30 - you might be able to get the CCC out of that package. AMD seems to think CCC ver 8 can run on W2k, at least for some versions of some video cards, see http://support.amd.com/en-us/download/archive/firemv-2k They also have an old DL page for CCC 6.4 at http://support.amd.com/en-us/download/archive/integrated-2k There are more older versions at http://www.oldapps.com/ati.php. But the bigger question might be whether these older drivers will work with newer cards - is this intended for the Radeon R7 260x mentioned in your other thread? Not sure whether http://web.archive.org/web/20141014074132/http://benchmark3d.com/mod-catalyst-driver-to-add-supported-cards might be any help - I haven't tried this either.

I just noticed something, the WEPOS updates MS15-057 KB 3033890 and MS15-069 KB3067903 will install as-is, no modifications needed, in plain XP. For some reason these do not have the same blocking code MS puts into most of the other updates. Maybe that will continue to hold true for future MediaPlayer updates?

I wonder if this is a store-specific thing? I looked yesterday and they did have the Sandisk 16GB sticks, but the price was $6.97 at my local store. Anybody know if it would be worth trying multiple stores? Or how long the sale is supposed to be on for? I too have the no-USB3-systems problem... Amazon has changed their price yet again, now they are $5.98...

Actually there IS a one to one correspondence, it's just that we aren't sure what it is - two extra for LogMeInRemoteUser, and three extra for _ocster_1clk_backup_ makes the five. The *.bak entries in your previous registry snip have cleared themselves up, consistent with the temp profiles going away for LocalService and NetworkService. The ones you have now are different profiles that weren't described in the previous posting. Were they present then even if they were part of the stuff you hadn't posted? And no, I don't really care to see them now. You said you have a user profile for LogMeInRemoteUser, so presumably that folder exists. Do the folders for profiles LogMeInRemoteUser.DELLOPTIPLEX755 and LogMeInRemoteUser.DELLOPTIPLEX755.000 also exist? And presumably the profile folder _ocster_1clk_backup_ exists for those four profiles to share? These seem similar to the earlier screenshots. It wasn't clear from your earlier comments that the Account Unknowns were not for the LocalService and NetworkService accounts. It does seem you have several extra SIDs rather than just multiple backup versions of the same SIDs as described in KB947215 method 1. At the same time I'm not clear whether method 3 applies if the folders indicated do actually exist. I don't know anything about your backup aopplication or if it might be related to the _ocster_1clk_backup_ profiles, nor why there are several that point to the same set of folders. Does the backup app work normally since the problematic update and system restores? Have you even used it since then? Maybe ask about this in one of their forums? The LogMeInRemoteUser ones are not just multiple SIDs but also different (though related-looking) folder names. Have you used this app since those updates, and/or the system restore? Again, their forums might be worth a visit. Not sure what else to say, these other profile questions are at the end of what I know related to that update, and I can't even investigate anything similar on my own system since the cacls fix worked for me.

Gosh, I wonder if this means system restore does something to file/folder/regkey owners or permissions? Just curious, on the machines that did not have this issue, by any chance were the drives formatted as FAT32 rather than NTFS? Or were the profiles not owned by the Administrators group? The date modified is updated since the services now have access to their profiles again, which is why the temp profile folders cleared up. I'm guessing the code that does this cleanup may not have cleaned up the regkeys described in KB947215. The regkeys normally would have a value ProfileImagePath that points to the location on disk for the profiles. The snip you posted had these pointing to the no-longer-existing folders before, do they still point there? Do the regkeys still look like the snip you posted earlier? Also do the file/folder owners and permissions look the same as before? @bluebolt - You didn't say whether you had looked at any file or folder ownership or permissions, or at the regkeys glnz posted, but if you had looked before your system restore - have they changed since then?

Yup, Sumatra is lighter than Foxit, the only drawback is not filling in pdf forms. Current version can be had from http://www.sumatrapdfreader.org/free-pdf-reader.html Older versions at http://www.sumatrapdfreader.org/download-prev.html, alternate builds at http://www.zeniko.ch/#SumatraPDF for W2k supposedly either 1.6 or 2.1.1 was the last for W2k but some people say 2.4 works even though no longer officially supported, both will need gdiplus (kb915052) installed

Okay, so whatever it was must have been after 4/8/2015 10:57:43 but before your next boot (not visible in the eventlog screenshots). From your next post it looks like you are headed in that direction already. Did you install anything or do any updates during that time window? Change any file or folder permissions? Change any registry keys/permissions? Yes, he does say they are Dells. My own formerly problematic box is a vpr matrix, this brand was formerly owned by Best Buy, who has since gotten out of the OEM business. I have no way of knowing whether vpr matrix may have bought their factory install image either from Dell or from whatever place Dell got theirs from. But it isn't yet clear that my box had the same situation as glnz does, or that yours exactly matches either his or mine; the eventlog entries have a wide variety of possible causes. I do sometimes get those eventID 1904's. They always seem to come in pairs (as yours do), whenever I open some sort of help file. I've forgotten if it was the *.hlp format vs the *.chm format that does it, or if both do. It looks like you opened three helpfiles (or pages within a helpfile?) within a few minutes of each other. I used to get them before applying the KB3021674 update, and continue to have them after my cacls fix, so I don't think they are related. Should be an easy enough thing to test, first look at the eventlogs on the non-Dells, see if they have these entries, or if opening help files (of either format) causes them. Then see if there are more of them at other times on any of the Dells. Eventually try opening a help file on one of the Dells that still has the eventID 1511 entries, to see if the 1904 shows up. Then reboot and see if the 1511 etc persist. If that test doesn't resolve it, you'll need to look a little farther for whatever may be different. At least most of yours are Pro rather than Home, which makes checking permissions a little easier.

Yes, if you download the W2k3 version of that update, it will install as-is on XP, and you are correct that the updates about root certs are important. Unfortunately MS has put blocking code into the time zone updates issued post-EOL. So this leaves you with three choices if you want them. 1) Look through the KB articles to find what was added, then adjust your time zones manually. Or copy the relevant registry entries, possibly from a newer machine that has the update installed... rather a pain. 2) Use the POSReady registry hack, then get the POSReady version of the update either from Windows Update or the Update Catalog. But be aware that this path is something of a one-way street - once the reghack is applied, you probably won't be able to reverse it from within Windows, you would need an offline registry editor. 3) Modify the updates to work on plain XP. This is the path I am using. Instructions can be found at http://www.ryanvm.net/forum/viewtopic.php?p=115464#115464 . I generally start from the WEPOS version rather than the W2K3 ones, although for timezone updates that are basically just regkeys the difference may not matter. Do be aware that the resulting update won't have the usual sanity checks about versions etc so you must be selective about finding a suitable source file and how it is applied - you wouldn't want to have an IE7 update applied to a system that has either IE6 or IE8, for example.

Check out post #28 over there, the link to download ClientMgr3 may be what you need. I own an old Buffalo card and the CD that came with it includes a slightly older version, ClientMgr2, with versions for W98/98se, WMe, W2k, and XP on the old CD. I haven't tried it on W2k since the laptop I use that card for only runs W98SE but I know it does work there. The interface is kinda hokey by modern standards, but even the older ClientMgr2 does WPA and I don't remember ever seeing a complaint about a too-short key (although I haven't really tried to use a short key either). If you want the entire CD, manuals etc they can be had at http://www.buffalotech.com/products/wireless/wireless-g-125-high-speed/wireless-g-125-high-speed-notebook-adapter