cancerface

@benners Not a problem. I'm sure I can sqeeze a couple more check-boxes in there @Yurek3 Now that's a tough one ... I designed the GUI for 800x600 and it works fine in my setup, but I am afraid that with all the options that are on that screen I can't sqeeze it to 640x480... I'll play around with it however and see what I can do...CF

@all I am glad that you provide the input to improve this little tool I rewrote the renaming function and it now works fine at Txx (tested at cmdlines): the administrator/guest accounts can be renamed and fake ones can be created. The rest is the same ... Updated to v1.2 Rewrote the account renaming function: both the Administrator and Guest accounts can be renamed during Txx (windows setup) Updated first post and uploaded the new version Enjoy CF

I managed to get this to work: the administrator/guest account can be renamed at T12, and fake ones can also be created at that time. As long as you also create a new account with admin privileges that will be set to autologon for the GuiRunOnce part of the setup, the install process does not complain at all and everything goes fine. I'll test this in 2k/2k3, as well as outside the setup and will release the new version as soon as possible Thanks to all for the feedback so far! CF

That's very interesting ... When I tried to do something similar calling NetUserSetInfo from netapi32 the call failed and so I had to disable the user renaming process at Txx, assuming that it is not possible to achieve such a think at this time of the setup process. Maybe the error was attributed to something else. I'll play around with this a bit more, thanks for the info benners As for running the tool in a silent mode, the answer is yes, this has been implemented on some earlier version. All you need to to is set EnableTimeOut=1 and use some small value for TimeOut (like 1 or so) on your INI file. I will probably add some switch for that from the command prompt so that the GUI does not pop up at all. Would it be useful to add multiple UserInfo sections, at least for the user account that is created, and tie them to specific MAC addresses? In this way upon detection of some MAC a specific user could be created, thus avoiding having to use AutoIt to fill in the fields (why not use the INI by the way to fill in those fields, if you already know their values?) CF [Edit] It appears that renuser.exe does the trick at Txx ... It is calling NetUserSetInfo from netapi32 and both the Administrator and Guest accounts can be renamed! I will rewrite the function that handles the user renaming process to include support for Txx

@mazin Wrong. You can't rename the Administrator account at T-12. You can do that from the first RunOnceEx or RunOnce though. Since this is the default account created by windows (unless you use the oobe method to change the name) that would be the first account to login after setup. Hence I use my tool (or any other to be honest, be it a command prompt with net commands or wihu) in order to get a GUI during setup with predefined info and the option to change that info. Agrred. That's why MS has included oobe so that you can change that name to whatever you like. Once you burned it on your CD/DVD though you can't change that. My tool gives an option to change that since it can be interactive at T12. No.This is actually stated on the first page of this post: As for deleting the administrator account I am under the impression that build-in accounts cannot be deleted. To sum it up for you: I use this tool at T12 to automatically create a new account (plus there is a GUI and if I change my mind about how to call that account I can do so) and set it to autologin upon reboot. The password for that account is encrypted and does not appear in the registry. I can also set the computer name, organization, workgroup at the same time. Upon reboot I run this tool again with a different INI and without parsing the first two sections (user and computer info) I rename the administrator and guest accounts and create fake ones. Everything is optional and controlled by the INI. If you can figure out a way of renaming the administrator at Txx (without manually hacking SAMSRV.DLL) I will be happy to implement it. Hope this helps CF

I finally managed to get some time to put together some new features on this little tool. I was planning to include on this version multiple language support (both for the GUI and the messages that pop-up) but I only got a Brazilian and a Greek translation from some friends so far. I expect a German, Italian, French and Hungarian as well and as soon as I get those I will add them to the program. Although initially I was going to add the language strings in a message table on the main EXE (so that people could use resource hacker to add other languages) I decided not to, since the language strings vary in size and then the GUI looks ugly. However if someone is interested in a translation I will be happy to attach the lang strings I am using so that he/she can provide the translated ones in his/her language ... In version 1.1 I added MAC detection making it easier to target multiple computers: A new series of sections can be added to the INI file each one with a specific MAC address and ComputerName, WorkGroupName etc. This makes it easier to deploy in multiple PCs if you know their MAC in advance so that you can predetermine their names and place them into the INI file used by the program. In case you need to run the program using a different INI file, I added a command line option that allows to parse an alternate INI file. Simply invoke the program using CreateUser.exe /INI="<full path to INI file>\<inifile.ini>" Updated to v.1.1 Added command line option /INI="<path>\<inifile>.ini" for custom INI file Added MAC address detection Added new INI section [ComputerInfo_x] based on MAC address detection Localized the creation of the 'fake' Administrator and Guest accounts (working on non english versions as well) Check that the username does not contain , /, \, [, ], :, |, <, >, +, =, ;, ?, * or is terminated by a . Check that computername does not contain leading or trailing spaces or , /, \, [, ], :, |, <, >, +, =, ;, ?. Small GUI improvements and bug fixes Updated first post and uploaded the new version Enjoy CF

@Vampik You could try to create your own installer according to this post CF

The script that is extracted using 7-zip is already compiled and as such it is not something that you can easily edit. There is a thread at the NSIS developer forum discussing this issue. Not to mention that the script you refer to has 7000+ lines of code As for silent installation, doesn't it support the /S switch? How about an autoit wrapper? Only v.4.40 beta did this. This feature was removed after that version.CF

Hi, I wrote a small tool that can change the workgroup and the netbios name. The details can be found in this thread. Although my tool provides a GUI you can use a timeout option to make it work unattended. I think you can change the workgoroup using WMI from a command prompt (not tested): wmic ComputerSystem Set Workgroup= "NewWorkGroup" There is also a utility called compname.exe which changes the computer name but I am not sure if it changes the DNS suffix or just the NetBIOS name. Hope this helps CF

If I remember correctly Pyron's post about WatchDriverSigningPolicy.exe, it is called from presetup.cmd which is in your i386 folder (drivepack base should place it there). Sounds like presetup.cmd is calling \OEM\BIN\WatchDriverSigningPolicy.exe which is not in \OEM\BIN\ inside your CD/DVD/Network share. Check that, and also check the relevant MSFN forum since your questions are probably more suited for the drivers discussion section of MSFN ... CF [Edit] You can find out what Intel chipsets are supported by BTS's drivepacks if you refer to the changelog of the appropriate pack.

Have you checked the Device Driver of this forum? Plenty of ideas and directions there. Look also at BTS's drivepacks CF

@Gigre I am not sure if this is possible (the serial number) but I'll look it up @Joc Yeah, I see the problem. There are different ways unfortunately for dealing with domain accounts, and up until now all the things that this tool can do only support an isolated workstation. It was my intention initially to include support for domain accounts but it turned out to be too complicated. It is on my list of things to do ... For the time being your solution is probably the best way to go, ie to add the domain admin to the local admin group. An option would be to write different INI files (at this stage) using different Parse[]Section directives. For example in order to just change the computer name/details use [Interface] ... ParseUserSection=0 ParseComputerSection=1 ParseSecuritySection=0 ... I think I'll include some command line options so that you can specify at least the name of the INI file to read from ... I have no clue if this is feasible I am also interested in localization so I'll try to figure out a way to have the tool detect the system language and then localize the messages. CF

Hey Joc, I am glad that it worked!Language files ... Hmmmm... let me think about that That's strange ... The tool gets the username, then its SID then checks to see if the SID belongs to the admin group. So I can't really see how a user with admin rights ends up not being there ... I am actually checking if the user belongs to a group, not his/her name. What rights did you have in mind though? Not a bad idea, although it doesn't really follow the initial goal stated on the first page. I guess you can have the unattended mode that you ask if you set the timer to something small (say 1 sec ie Timeout=1000) so that the GUI will not wait for any answer from you. I'll see if I can come up with a better idea though @RogueSpear Yeah, I've been a busy little bee here @Yurek3 I guess you found a bug ... Indeed the timeout was not working, I had a stupid syntax error in there. Sorry for that, will update the first post with a newer version as soon as I fix this one. @Gigre I have been working for a while along those lines and I was going to release something like this that will also include detection of the enet's MAC and then the net details would be automatically set. However I do not have a working version yet ... @all Thanks for the input, I always like to have new good ideas CF Updated to v.1.0.1 Fixed a typo that would not allow a timeout to occur Updated first post and uploaded the new version Enjoy! CF

Hi, I added an option to rename the 'Administrator' account to a little GUI I made that creates a user in an (un)attended mode. You may want to take a look at it here. It also has an option to create a dummy administrator account, although this feature is localized (ie it works only for english versions of windows until a can figure out a way of getting the Administrator username in other languages from the system) CF

There have a been a couple of interesting suggestions plus I have seen quite a few threads popping up lately where people talk about securing the administrator account, so I decided to add some major enhancements on this little tool. In version 1 I added a new section (SecurityInfo) that allows users to rename the administrator and/or Guest accounts. It will also allow for the creation of fake accounts (Administrator and Guest) that do not belong to any group and are by default stripped of any privileges and disabled. Their passwords are set to a loooong MD5 randomly generated string that would take quite some time to hack. Personally I do not really care about those fake accounts since it would be fairly easy to get their SIDs and check if they are real or not. Regardless this adds some extra security to windows I also rewrote some parts of the GUI and now sections can be completely disabled using the INI file Parse[]Section directives. Here are some piccies: Note that although the renaming of Guest and Administrator accounts is independent of regional settings, the creation of the fake accounts is not. Unfortunately I have not found a way yet to get the names (Administrator and Guest respectively) in a non language dependant way out of the system. The same applies to the description of the above accounts (Built-in account for administering the computer/domain and Built-in account for guest access to the computer/domain respectively). Does anybody know how to get these out of the system? I do not want to query using NetUserGetInfo API calls because the accounts may already have been altered and I need their original names in whatever language the system is using ... Renaming of the administrator account and creation of the fake one is not possible at T13 so if you want to do that in an unattended fashion you should use the tool at T13 to create an admin user and set the autologon flag, then use the tool again at GuiRunOnce with an altered INI file to process only the SecurityInfo section in order to rename the Administrator/create a fake one. v.1.0 Changelog Added options to change the registered owner/organization Added new section - SecurityInfoRename default Administrator account Rename default Administrator account Rename default Guest account Create a fake Administrator account and lock it down Create a fake Guest account and lock it down Hide Administrator account from login list of users (Windows XP only) [*]Rewrote the GUIs dependence on the INI file. Sections will be disabled if the relevant Parse flags are set to 0 [*]Fake accounts work for the english versions of windows ONLY! Updated first post and uploaded v1.0 Enjoy CF

After Joc's comment I realized that the function that checked to see if the user context running this tool has admin privileges was in fact using the user's name. That means that if there are special characters and/or anything unicode then the username was treated as an ascii string and this apparently brakes things I am releasing this small update that hopefully fixes the above problem (I am now checking for SIDs all the way through). I would appreciate it if people with non-english windows versions could check this however as I cannot. v0.91 Changelog - Rewrote the function that determines if a user has admin rights adding non-english language support Updated first post and uploaded v0.91 CF

@DHead It was not my intention to be able to do that but let me think about this ... To be honest I made a small GUI some time ago that does just what you describe, although I never used it since I was happy setting this information in winnt.sif ... @Siginet I was experimenting with some visual style to be honest: a small progress bar that keeps track of the countdown. I'll try to see what I can do with the beeping option CF

At GUIRunOnce I am installing ActivePerl then I am running among other things a rather old Perl script that changes the CD drive letter to R: Upon reboot my cdrom is set to R Since my source is in %cdrom%\setup\wxpsp2 I patch my registry so that windows knows where to find the files: reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup" /v "SourcePath" /t REG_SZ /d R:\SETUP\WXPSP2\ /F reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup" /v "ServicePackSourcePath" /t REG_SZ /d R:\SETUP\WXPSP2 /F reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "SourcePath" /t REG_SZ /d R:\SETUP\WXPSP2\i386 /F You could write something similar in VB if you don't want to use Perl. Hope this helps CF

@Joc You may be right about the localization being the problem. I'll look into it as soon as I get home and will let you know @Aserone Glad you like it @razormoon Yeah, I think WIHU came up a few posts ago. Nice app, I am still using it to deploy my software (although the development stopped a while ago) + it allows for multiple user creation CF

Glad you like it blinkdt Not at all. You would have to provide a new NewUser.ini file for each user that you wish to create. Set the EnableTimeOut to 1 and the TimeOut to something like 1000 (1 sec) then write new values for the [userInfo] section and execute the program again. Don't forget to add ParseComputerSection=0 after the first execution (you don't want to change the computer name/workgroup again!) It is the Users group or whatever name that group has in the system language. My idea was to use an encrypted password at WINNT.SIF for the administrator which means that autologon would not work, but then run the program at T12, create a new admin account and enable autologon so that the new password would not appear in the registry. This is not perfect of course since the password would still be as plain text in NewUser.ini (for now, at least).Although my intention was not to create a tool that would handle multiple, accounts this suggestion has come up twice so far. I am only creating one account at T12 with admin privileges and then RunOnce occurs in that account's namespace. The point of having the GUI is to be able to change that account's information in case I wanted to install on another computer. If however I had a list of standard users to be created I doubt that I would be using a GUI. I would go with oobe or with a simple batch script that would use net.exe commands to create the users. Another idea would be to leave the GUI with the option to generate one admin account and at the same time to add a switch that would force the program to parse yet another section (or sections) that would contain the details of other users to be created (who would belong to the Users group), without asking for these details via the GUI. I am open to suggestions CF

I liked ZileXa's suggestion to add support for joining a workgroup so I uploaded yet another version of this tool bringing it to v0.9 v.0.9 Changelog - Added new option to join the computer to a workgroup - Generate secure autologin password for non admin users (ie no clear text passwords in the registry) - Removed the 'ForceNewName' switch (not needed) - Fixed error that occured when enumerating users at T12 - Rewrote the administrator check code - Added an option to disable the timeout Updated the first post and uploaded version 0.9. Enjoy CF

@DarkShadows No, I am not that fast ... That thread has been up for some time and this is why I responded to your question here in the first place: I liked the idea of getting rid of the clear text password for autologon so it was a good opportunity to get into that as well. I'll wait for your comments on either thread CF

@ZileXa That's on my list of things to do I am using NetJoinDomain to add the workstation to a workgroup. I have to test a few things in non XP systems and then I'll release a new version. I am also working on including a list of known MACs in the INI file with references to specific computer names so that a name will be automatically picked up if a MAC address is detected ... CF

@illusions Why not just remove the %SystemDrive%\Documents and Settings\Default User\Favorites folder? When anew user is created he/she inherits everything that has been set within %SystemDrive%\Documents and Settings\Default User. Beside, all you want to do is avoid getting the standard favorites for every new user so there is no point in removing the default hive. As Nois3 pointed out it is not a good idea to completely overwrite the registry hive for the default user as most of the entries are kept in such a way so that they will be redirected to the correct place once the new account is active. There are guides that tell you that this is fine, as MOONLIGHT SONATA pointed out, so it is up to you to try and see how each method affects your system/settings. In my experience with 2k distribution of profiles, there are going to be plenty of references to the 'Administrator' if you overwrite the default user hive with the administrator's hive. There is a nice article to read about the default user profile. The same principles hold for an isolated workstation, although that guide was written with a domain in mind Still I think that removing the above folder/emptying its contents is the best way to go ... CF

ControlPanel->System->Computer Name->Computer Description It's the description that appears when you browse a network for a certain computer ... Can you elaborate a bit more on that? As far as I can see here my tool changes both the Physical NetBios and DNS hostname ... I am calling SetComputerNameEx for ComputerNamePhysicalNetBIOS and ComputerNamePhysicalDnsHostname ...Are you referring to a fully qualified domain name? Something like mypc.somewhere.com? CF