Djé

It ain't necessarily so Maybe if you used the proper (localized) name for the administrators group in your NET localgroup Administrators Jeroeneke /add line, windows automatically 'deleted' the owner account (It has another Admin, so no need for this one). Meaning, 1- you wouldn't need the net user Eigenaar /delete 2- Owner may have been created at anytime during the install (but I'd say it was before T-12 anyway ) Can you check if you have administrator rights? (users from control panel) Also you can check for the exact spelling of the group name (let us know what it is in your sweet language ) by typing net localgroup at a cmd prompt. but maybe also it's not exactly the same behavior depending on the OS . I'll reconfirm at next install (I use XP home), but I'm pretty sure that the owner USER (note that I'm not talking about account) exists in the SAM (security) registry hive together with my newly created admin user up until the first boot (I don't use any net user owner /delete at T-12). At this point, when winlogon (auto-)logs me in, Owner is deleted from SAM while my account is created (again note the difference between account and user). I use BartPE to look into SAM and other hives from outside.

If you can't find those settings, why don't you look for the search tool on this forum? I'd say about the upper right corner of the page...

I see

Good to know about it. However you're a bit unclear and readers might be more interested to know HOW you solved your problem, if ever it also happen to them. Did you solve it using advices given above or was it SOMETHING ELSE that people should know about? Btw, I was wrong casting the fault on nLite. Yes, it is still dirty, but the 'Owner' account will be created by windows anyway if you don't provide a valid administrator account (at least with XPhome) either through OOBE or NET method. Please also note that the group names such as 'Administrators' is language dependant. 'Administrateurs' in french.

So basically, you're saying that blocking IPs or blocking hostnames is not the important bit, but it is rather where you block them (everything OR IE based stuff)? That's precisely the reason why I was asking here. I was seeking specialist's advice explanations. The problem is not to take the advice lightly. it's to understand it. And personnaly I don't take any argument only from authority. It has to be explained -and understood. That's a basic security rule that I'm sure RogueSpear himself would agree upon. Otherwise, the door would be open to some kind of social engineering. Anyway, I learned a lot from his posts. I just have now to adapt his advices meant for security in a company environment (or so I assume) to my case as a private person, not using so much IE and occasionnaly downloading stuff from p2p.

This looks more like a nLite issue than just a standard unattended installation issue. So, if I can't help you, consider posting in nLite Forum. I'd say something is broken at the end of your installation. A 'nlite cmd window', most probably a .cmd file prepared by nLite, is scheduled to be run at each start-up and all the mess are commands in that file. The prog I told you about, StartupCPL, would tell you about what is run at startup. And you'd just have to untick a checkbox in it to get rid of both windows, although this is a dirty fix (you probably want to know what went wrong, and you'll leave stuff on your HD). You may also be wise to start over a nLite CD from a clean source and add/remove less features/programs (I'd say none) at the beginning and then improving from a working base. In any case, you have a great opportunity to experiment and to learn since you just reinstall windows and most probably you backed up your docs before. So don't be frighten of playing with system files!

Thanks for your synthetic answer. I'd understand the fruits thing a bit better if I'd use it (only) for p2p download, but still, according to this PG2 configuration screen it can block Ad/spyware lists together with big brothers' lists. Yet for the ads, they advise to use adblock for Firefox ! And, even for spyware, as you said, it is maybe not the best way. But I'll wait for proper documentation on that issue before making up my mind. Anyway, the comparison I had in mine was not specifically meant with PG2 but with th IP blocking method (as opposed to the hostname method). Btw, one of the great advantage of using a filter prog is the automatic updates of the lists. Also, I got more confused by reading your post earlier in the thread. How is the HOSTS file used by the prog you're linking to, related to this thread's method? Isn't it yet a 3rd method, hostnames based but applying to all trafic, not only IE based? So do we also have bananas in the fruits basket?

why would I use both if I don't see any advantage to do so? And how can I see advantage(s) to do so if I don't know the pros & cons of both method? I fully understand the purpose of the apples and oranges metaphor, especially about a nauseating debate, but I'm sorry I can't squeeze all the juice out of it for the above mentionned pros & cons knowledge. A search on the whole forum with relevant combinations of the words 'host', 'ip' and 'block' did not lead to any significant amount of information, not to talk about a nauseating degree. So far, the only approaching POST, not even thread, is Dumpy Dooby's earlier in this thread, which would be in favor of apples only. But later in the thread, (s)he show-up as being also orangearian. The whole thing without so much synthetic explanation. But I may also have missed it. In that case, please provide a link to the nauseating debate. As a PeerGuardian user, I know some advantage of IP blocking. From this thread, I understood that I could achieve the same goal (blocking bad guys to be nasty to me) by another way, namely hostname blocking. But only in IE and other windows progs such as WMP. Oppositely, people going for hostname blocking may have dismiss IP blocking for very good reasons that I am actually missing. Now, I understand that when in doubt, two condoms are better than only one (everybody has its own images). But questions remain: -do the hostnames of this file and the IPs of PG2 match and block the same bad guys? Or, in other words, how much the blocking range of those lists are overlaping? -what is the comparative load on the computer and on the traffic speed of both systems? -in what situation(s) may I NOT be protected by ONE of the methods? -...

I won't assume so. Making one mistake doesn't mean you'll do any mistake. Where/why would (s)he have picked the 'Notepad' name? The 'message' really looks like a textbit. Beside, %SystemRoot%\system32\shell32.dll,-21787 refers to the 'startup' program group in the start menu. It makes me think of a bit of an installer. Any comment, GLO?

Here it is. WPS (wireless provisioning service) API is not well documented.The WPS DDK (which i found) comes with some sample source code but it require Windows DDK (which I haven't) to compile. So I wrote autoWEP, an AutoIt script that automate the filling of the "Wireless Network Setup Wizard" with your SSID and WEP/WPA key. I ran it successfully many times from RunOnceEx, on 2 laptops with different wireless cards. I don't know if it works earlier in the install process. Interestingly, you DON'T even need a wireless adapter to run this, only XP sp2 as it uses the Wireless Zero Configuration. Plug-in your nic later and ... the SSID of your network will be selected automagically! The .rar archive contains - the .au3 script to be compile to a .exe prog with AutoIt, - a .ini configuation file to hold your values and to be used with the exe (please RTFM at the beginning of this file), - an icon ResHacked from xpsp2 to (optionaly) compile the script with. Please note that you should first fill the configuration file. Don't forget to check the 'wizard window title' in your OS language. Currently, only the French title is validated. If you post the title in your language here, I will update the file. AutoWEP0.2.rar

It does not look like a "message". Notepad does not display "messages", it displays texts. Usually from a file. This looks like a .inf or .ini file textbit. What is the title of the window ? just 'Notepad' or is there a filename before it? If it shows up just after logging in it may be in one of your startup stuff. Is it on every start-up, or on the 1st one only? In the former case, get and run StartupCPL and investigate. In the later, take a look at your RunOnceEx.cmd or so.

Hi, I'd like to know the pros and cons of such a 'Domains block list' vs an IP blocker like Peer Guardian.

Attached is a .rar archive with CBin.exe together with an installer .inf file. I made that inf because CBin installer asks for .NET1 while you don't need it if you have .NET2. Beside, It's so much lighter ! Usage: decompress to wherever you want. Right-click the inf and choose 'Install'. It will copy CBin in 'Program files', add a shortcut in SendTo and an Uninstall entry will be added in 'add/remove programs'. I learned & leeched the inf structure from CAB Tool Installer/Uninstaller inf file by Philippe Coulombe. CBin.rar

I had this annoying problem of the open file security warning showing up when installing Scite. My friend the Search tool gave me answers as for solving this issue. So far the best post I found about it is here. It is short yet gives 2 solutions. I'm using the 'Download & Policies settings' solution successfuly by importing the keys to HKU\.DEFAULT at T-12. I don't know if it is the best solution (I'd appreciate comments about that) but at least it works for what purpose it has. Moreover, attempts to import them to HKCU at the beginning of RunOnce (just after the first user logs in) failed so far, at least without a reboot after the import. The problem is that now my internet security setting are lowered. As I do NOT fully understand what it exactly implies, i'd like to set those setting back to what they were before. So here is the solution I came to. It is meant to be used in cleanup.cmd at the end of RunOnceEx, just before last reboot. It removes the settings from 3 locations: A- HKU\.DEFAULT where it has been imported B- HKCU where it has been so usefull C- Default User hive where it has transited from the the 1st to the 2nd at default and current users profiles creation time. FEATURE: it tries to find that 'Default User hive' automatically. :************************************************************************* :********** Remove low security settings previously set ********** :********** for installing unsigned programs (namely Scite!) ********** :************************************************************************* :-- Remember those setting you imported to HKU\.DEFAULT at T12 SET KeyDownload=Software\Microsoft\Internet Explorer\Download SET KeyPolicies=Software\Microsoft\Windows\CurrentVersion\Policies :Let's remove them. First the easy ones: :A- HKU\.DEFAULT, where you imported the setting first REG DELETE "HKEY_USERS\.DEFAULT\%KeyDownload%" /f REG DELETE "HKEY_USERS\.DEFAULT\%KeyPolicies%\Attachments" /f REG DELETE "HKEY_USERS\.DEFAULT\%KeyPolicies%\Associations" /f :B- HKCU, where it went, eventually REG DELETE "HKEY_CURRENT_USER\%KeyDownload%" /f REG DELETE "HKEY_CURRENT_USER\%KeyPolicies%\Attachments" /f REG DELETE "HKEY_CURRENT_USER\%KeyPolicies%\Associations" /f :C- But in between, those setting went through the Default User profile. And if we let them there, :they will be duplicated to every new user. So we must load this profile and delete the keys in it. :C1- Get Default User profile's path and Name SET profKEY=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList FOR /F "skip=4 tokens=2*" %%I IN ('REG QUERY "%profKEY%" /v ProfilesDirectory') DO CALL SET ProfilesDir=%%J FOR /F "skip=4 tokens=2*" %%G IN ('REG QUERY "%profKEY%" /v DefaultUserProfile') DO SET DefaultUserProf=%%H :C2- Look for Default User hive and load it SET DefaultUserHive=%ProfilesDir%\%DefaultUserProf%\NTUSER.DAT IF NOT EXIST "%DefaultUserHive%" GOTO:Error_NODefaultUserHive REG LOAD HKU\defaultUser "%DefaultUserHive%" :C3- Remove Reg Keys REG DELETE "HKEY_USERS\defaultUser\%KeyDownload%" /f REG DELETE "HKEY_USERS\defaultUser\%KeyPolicies%\Attachments" /f REG DELETE "HKEY_USERS\defaultUser\%KeyPolicies%\Associations" /f :C4- Clean! REG UNLOAD HKU\defaultUser echo Default User UPDATED........... GOTO:EndCleaningSecurity :Error_NODefaultUserHive echo Default User hive not found :-( !!!!!!!!!!! :EndCleaningSecurity :Thanks to Simon Sheppard for his A-Z Index of the Windows NT/XP command line :available at http://www.ss64.com/nt/index.html :And of course thanks to my best friends: Google and /?The first 'FOR /F ...' instruction was tricky but the rest came smoothly... Anyway, I hope you'll find it usefull. Also, please note that the trick can be used to remove any setting imported to HKU\.DEFAULT at T12 (going to ALL users) but in fact only meant to be used for ONE user (don't use the HKCU removing then) and/or temporarily. Oppositely, if you import those settings to HKCU at RunOnceEx, 1- you don't need A- & C-, 2- I'd like to know about because it did not work for me last time I tried (but maybe I did not do it correctly???)

I'd also suggest a minor modification and an improvement to the "AutomationSample.cmd" inside ShExtDlls_1.1: - adding quotes to adress any location the dll may be (I use Program Files) - Changing the setting from the command file: Of course, an .inf file would be even better. But then, I should just use the installable versions of the extensions and shut my mouth !

Hi ironside, , I did NOT adress the quotes problem in the previous modified file (you read too fast: I only talked about !). So you still need a single double quote at the end of the file name but NONE at the begining (msi files only).As I said, I find this quote quantity question quite inquonsistent B) but did not change it since my purpose was only to improve functionality. I did not wanted to take over a development issue without consent from ktool developer (Kennedy). Since for now (s)he seems busy somewhere else, and provided people are interested, I may adress this issue in a second modification. If I do, it will be in the following way: ktool won't add anymore any quote anywhere. It will leave it to the user to do it in its .ini file. Do NOT expect me to take over or fork ktool development in any way, though. If I'd do, I would transform it into something like WPI or WIHU!!! Who would need that? Btw, I take the opportunity to thank you back, kelsenellenelvian, you did far more usefull things (and if i may, where does this name comes from? I'm so currious...). As for Arjanv error: Most probably you're just lacking the double quote at the end (ONLY) of your file name: MSI = Antispyware\Windows_Defender\WindowsDefender.msi"add /qn as shown by ironside to install silently. Also, I don't see anywhere Windows Defender in your profiles. How are you using ktool ? with or without GUI ? (Give us the command line you use to run ktool). And Please, if you still have the problem, translate the error message. Note: .ini files (such as yours) made for standard version of ktool work as well with the modified version. Opposite is not true. If we modify again ktool to adress the quote inconsistency, compatibility will be completely broken !

@arjanv read my post a bit earlier in the thread about geting around this. Item #3.

@discountpc I don't know if you solved all your problems but I read you're trying to register a new user called 'Owner'. Why not but if you want to debug something about user registration, I would strongly advise to use something else than 'Owner' as a user login: this one is used by windows anyway if you don't provide a user: no Net user xxx /add in your scripts AND bypass OOBE in winnt.sif (don't remember if it is 'skipwelcome=yes' or 'unattendswitch=yes'). Use another name if you want to know what is happening. With that one, you'll never know if it comes from your script or from windows' default.

Thank you very much Spiritpyre. I happen to check this thread today for the 1st time since posting and you've just replied. Lucky Strike ! Your extensions are now working like a charm. My C: drive can now look spotless clean at will May I now request a "CMD prompt here" extension for the folder background? And also, just another localisation trick: If you want to change the somewhat cryptic "[un]RegSvr32" texts in the dlls menu to something friendlier you can add a default value to each of the shell key like: [HKEY_CLASSES_ROOT\dllfile\shell\RegSvr32] @="Your text here" As an example here is my version of RegSvr32 & UnregSvr32.reg to perform this: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\dllfile\shell] [HKEY_CLASSES_ROOT\dllfile\shell\RegSvr32] @="&Référencer" [HKEY_CLASSES_ROOT\dllfile\shell\RegSvr32\Command] @="regsvr32.exe \"%1\"" [HKEY_CLASSES_ROOT\dllfile\shell\UnregSvr32] @="Dé-ré&férencer" [HKEY_CLASSES_ROOT\dllfile\shell\UnregSvr32\Command] @="regsvr32.exe /u \"%1\"" Aren't all those accents cute? I had to f***ing type the words in WORD to check the spelling!

Two precisions to go further, sorted out from Felix' guide (see that post earlier in this thread): 1 - if you need some other specific features in your task bar, such as autohide, you also need the following key: {HKCU}\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2 In regedit, it should be just below the ...\Explorer\Streams\.. key used in this method. If you don't have it after having prepared the task bar the way you want, you probably don't need it. I am not sure if you need it for a 2 lines taskbar (...\Explorer\Streams\Desktop should be enough). - I did not find necessary the other values used by Felix in ...\Explorer\Streams\Desktop (Default taskbar, etc.). A comment, Felix ? And of course everybody should use its own data for the values. 2 - [Edited] Importing (REGEDIT /S quicklaunch.reg) into HKCU at T-12 (cmdlines.txt) will set the Taskbar this way for ALL users, through the HKU/.Default hive and the Default User Profile. If you want to import it only to your profile (the ONE you first log in to), Import the settings from RunOnceEx (to HKCU, of course). Importing won't work anymore later, after Explorer is launched & loads the taskbar settings from your hive (HKCurrent_User). Whatever change you make to these settings (I am talking specifically of those taskbar settings) in HKCU while Explorer is running will be overwritten by explorer on logoff.

Indeed, this Method DOES work with Windows XP sp1 slipstreamed to sp2. I just did it a couple of times today. But it may work only for Royalty OEM computers. At any rate, my (successful) case was as follow: Toshiba laptop shipped with xp home sp1 on a recovery cd (ghost image) only. I extracted back the image and then slipstream sp2 and latest hotfixes in the i386 folder of the hard drive, before doing the usual unattend preparation things (among them this method to recover activation) and burning back a fresh CD. Installed and no need to activate (no network so i'm sure it did not activated in my back). The important point to get (at least the one at which I was stuck for a while because it is not explained in the unattended guide) is that not only do you need those oembios files, but also the CORRESPONDING product key, which may NOT be the one written on the sticker on your computer but ANOTHER one which is coded in the registry. That is why that getkey.vbs is the important script to RETREIVE the GOOD product key to put in your winnt.sif. And not the dummy one from the sticker. So to get it, you must be running the original os from the recovery CD and not any installation you may have done later. @KRYOGENIUS: No offense, but before posting such information you should check it better and not only beleive/propagate the rumor. Or at least be less affirmative (Journalists do also like rumors but they carefully use conditional). I almost gave up because of such posting as yours but thanks to my not liking undocumented statements, I eventually managed.

@spiritpyre: Thanks for those great extensions. Here are a couple of issue resolving: - [edited] As for the refresh Hotkey (e), I'd go with Donbi saying that we, 'localized' aliens, have different hotkey for similar functions (in the french case, the 'e' doesn't refresh anything but opens the 'customize' tab of the properties dialog). That is specifically true for those underscored letters hotkey like this 'e'. I just read somewhere else that you tried the F5 key and it didn't work (I just tried also and neither did it here). So yes, a Registry entry for that would be much needed so we can localize and use these extensions. - second thing, IMHO, in the 'Add RegSvr32 & UnregSvr32.reg' file of your beloved 'ShExt DLL Package 1.0', the \" (escaped dblequote) are misplaced : @="\"regsvr32.exe\" %1" should read @="regsvr32.exe \"%1\"" You don't need them arround the regsvr32.exe but depending on where is the dll, you might need it arround its path (%1). Anyway, Thanks again for that great stuff.

Why don't you just rename Notepad2.exe to Notepad.exe ? Am I missing something ?

Well, let me try ! Do you use nLite (even only for slipstreaming stuf in your CD)? It looks like this prog -however cool it is otherwise- is still a neglected little boy and leaves its dirty hand-marks in a few places arround. One of those marks (although -shame on me, the blamer with no clue- I don't remember where) may be this 'owner' user (I had to deal with a 'Propriétaire' one for a while). So anyway, to remove it you may need to use the /delete option not on the accounts but on the user: net accounts Yourf***inOwnerHere /delete net user Yourf***inOwnerHere /delete Wah! Big brother is watching me! My u c and k have been censored! Twice! He's really over me! Help! Help! Hel*******

Hi, Attached should be a modified (from v1.1a) version of ktool script, to compile with AutoIt. Also included in the archive is a sample ini file (only the [config] section of it is relevant to these modifications). Improvement that I felt necessary in my case: 1- A 'Replace' option in the [Config] section of the .ini file It's a bit like the 'Append' option but the provided value ('CD' works as well as with Append) will replace all instances of the '%KTREP%' substring INSIDE a Run/RunWait/DOS/MSI/REG/WaitProcess/WinWaitClose command string (although I can't see any use for the 2 last ones). This allow for more flexibility (see .ini example provided) than just the 'Append' option. It could even replace it (but both can be used right now). Also, using this, WPI would be able to make a better use of ktool, not just using the RunWait command. 2- A 'ListTitle' option in the [Config] section of the .ini file If provided, it will replace the titles of the GUI and progress windows. Useful to identify successive runs of ktool. 3- in Func GUI (), I replaced all (5) 'GUIRead' function calls by 'GUICtrlRead' calls to have compatibility with latest AutiIt compiler versions (3 something and beta). If ktool developpers find it useful, please feel free to integrate those little extras. My 0.3 cents. Also, but not adressed in this file, I found somewhat inconsistent the way ktool deals with " (dble quotes) in commands: it add BOTH of it arround file names in REG command, only ONE at the beginning of file names in MSI command (so you have to put the last one after your file name), and none in other commands. I feel that it should leave it to the user to add it or not. And also state this in the manual so you don't have to look to the source/log-file-in-temp to see how ktool deals with those quotes. That's All, Folks! [Edit] I've posted an even more improved version of kTool further in the thread. kTool_modified.zip