WINDOWS xP SP2

**occir76** · October 4, 2004

hI ALL...

this is my first post,

i am trying to roll out sp2 to a network(dont have sms or stuff like that, so i is from at cdrom) the thing is i dont want the users to have the firewall enabled and i do NOT want them to get that stupid firewall setting when they reboot the first time.

i have searched www.google.com and found no one doing this before me ????

so i guess some ini file og config file where i can do my modifications would be cool..

pls i hope to hear from you..

trying again.. no avable domain controller...

**cazzman** · October 4, 2004

erm, if you roll it out on a network with a domain controller, it gets turned off by default yes ?

//edit: sorry, i thought you meant the Security Center, not sure about the firewall.

**arry** · October 4, 2004

http://unattended.msfn.org/xp/sp2changes.htm

**occir76** · October 4, 2004

if i am not mistaken(and i have been before ) this is winnt.sif file is if you try and make an overlay of winxp, otherwise pls help me understand how to use the winnt.sif file in a win xp sp2 installation..

**Alanoll** · October 4, 2004

What you want are the registry settings that are used to disable the firewall.

[version]
Signature      = "$Windows NT$"
DriverVer      =07/01/2001,5.1.2600.2180

[DefaultInstall]
AddReg=ICF.AddReg.DomainProfile
AddReg=ICF.AddReg.StandardProfile

[ICF.AddReg.DomainProfile]
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List","%windir%\system32\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile","DoNotAllowExceptions",0x00010001,0
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile","EnableFirewall",0x00010001,0

[ICF.AddReg.StandardProfile]
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List","%windir%\system32\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile","DoNotAllowExceptions",0x00010001,0
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile","EnableFirewall",0x00010001,0

That's what you want. You could do it one of two ways. One, extract the SP2 EXE you downloaded, and save all that in netfw.inf and replace netfw.in_ (it's compressed) with it.

Or two, save that as an INF, and after SP2 is done installing (before restarting) right-click the file, and click Install.

**prathapml** · October 4, 2004

occir, more details would be needed.

Are you trying to install SP2 alone to already existing Windows XP PCs?

In that case, alanoll's post above is the one to look up to.

Are you having SP2 merged into your Windows XP CD, and doing fresh (format and re-install) roll-out?

In that case, you can use a winnt.sif setting (much simpler, and avoids headaches of upgrading to SP2 as well).

**occir76** · October 5, 2004

hi all thx for the answers .. i have some problems understading what you write.

there are two netfw.in_ on my sp2

one in

i386\ic

and

I386\ip

guess i am going to use the one i \i386\IC\

next challange, the file i open is in some strange format (properly hex or binary)

so how do i edit that ??

do i remove the the content and copy paste the the content from a user here on msfn board.

Or do i do something completely else.

see my problem... dont know what to do with the netfw.in_ file...

pls advice.

**amiels** · October 5, 2004

If all you need to do is disable the firewall that windows XP SP2 enables by default - all you have to do is add the following anywhere in your winnt.sif file:

[WindowsFirewall]
Profiles=WindowsFirewall.TurnOffFirewall

[WindowsFirewall.TurnOffFirewall]
Mode=0

I do this during the installation, and it works just great!

Let me know if you need further help.

**Alanoll** · October 5, 2004

@amiels

He's not doing an unattended install, he's just installing SP2 over his SP1 systems.

@occir76

Use the one in IC if you have Home Edition, and IP if you have Pro Edition.

To open it, navigate a command prompt to the folder, and type

expand netfw.in_ netfw.inf

Then it should be able to be opened up in Notepad just fine. Make the changes, save.

then

makecab netfw.inf

Both makecab and expand are native to Windows XP systems.

**prathapml** · October 5, 2004

*sigh* Why is this much of struggle..... You can directly edit the netfw.in_ as Alanoll said, or do the other thing he suggested. Steps given below:

1. He gave the code necessary. That file is now attached to this post.

2. Download "firewall.inf" file from this post.

3. Now put SP2 install, and firewall.inf in one folder (on the HDD or CD or wherever).

4. Now when you go to the PC that needs SP2, do the below steps.

5. Install SP2, but don't click OK at the end when it asks to reboot.

6. Right-click on "firewall.inf" in the same folder as SP2, and click "Install".

7. So now, that INF has been applied.

8. Now, click OK in the SP2 setup, to reboot the machine.

That's it - you have it done the way you want it - SP2 is installed, and firewall is not enabled.

firewall.inf

**Alanoll** · October 5, 2004

@prathapml

Assuming he has a good majority of systems.....

say 100. If he made 20 disks to install SP2 on (since he doesn't have other stuff), and stuck them in the system, if it did it on it's own it would be simpler then remember to right-click. So.....you either have to to the netfw.inf trick....or....

TITLE Upgrading to SP2

ECHO Installing Service Pack 2 Now...
start /wait sp2.exe /q /n /z /o
ECHO Configuing Firewall...
start /wait rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 firewall.inf

shutdown.exe -r -t30 -c"Now Restarting System after Service Pack 2 Upgrade"
EXIT

Save that in the root of the CD. Then plop it in the CDROM, and double click the file. Or...

[AUTORUN]
open=install.cmd

Save that and the btch code above in the root of your CD, and call the file witht he[AUTORUN] in it autorun.inf. Then just put in the CD, and it's fully automated.

**prathapml** · October 5, 2004

There it comes again..... The power of ideas....

The last option you said - to get it done thru autorun without lifting a finger... That's indeed the fastest and best, I suppose (for the purpose he wants to use it for).

**occir76** · October 6, 2004

i thank all of you for your answers ...

special thx to Alanoll for understanding my problem.. hehe maybe i am not that specific when i write, try to do better in the future i will.. hehe

just testing the cab file i made.. by the way totally cool , that i can make a cab file..

**occir76** · October 6, 2004

hehe it works JUBIIIII ,

just to get rid of welcome start screen after first boot.

firewall disable like i should...

pls check to see inf my netfw.inf is correct.

[version]
Signature      = "$Windows NT$"
DriverVer      =07/01/2001,5.1.2600.2180

[DefaultInstall]
AddReg=ICF.AddReg.DomainProfile
AddReg=ICF.AddReg.StandardProfile

[ICF.AddReg.DomainProfile]
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List","%windir%\system32\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile","DoNotAllowExceptions",0x00010001,0
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile","EnableFirewall",0x00010001,0

[ICF.AddReg.StandardProfile]
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List","%windir%\system32\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile","DoNotAllowExceptions",0x00010001,0
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile","EnableFirewall",0x00010001,0

;Disable Anti-virus Notifications
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001

;Disable Firewall Notifications
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify"=dword:00000001

;Disable Automatic Updates Notifications
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000001

dont know if the context is is correct in the 3 Notifications ?????

**prathapml** · October 6, 2004

The rest might be okay, but the notifications part won't work.

You'd better do that, because those are .REG entries, and this is an INF - the two work in different ways.

You can use a separate .REG instead.

Sign In

WINDOWS xP SP2

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members