occir76 Posted October 4, 2004 Posted October 4, 2004 hI ALL...this is my first post, i am trying to roll out sp2 to a network(dont have sms or stuff like that, so i is from at cdrom) the thing is i dont want the users to have the firewall enabled and i do NOT want them to get that stupid firewall setting when they reboot the first time.i have searched www.google.com and found no one doing this before me ???? so i guess some ini file og config file where i can do my modifications would be cool.. pls i hope to hear from you.. trying again.. no avable domain controller...
cazzman Posted October 4, 2004 Posted October 4, 2004 erm, if you roll it out on a network with a domain controller, it gets turned off by default yes ?//edit: sorry, i thought you meant the Security Center, not sure about the firewall.
occir76 Posted October 4, 2004 Author Posted October 4, 2004 if i am not mistaken(and i have been before ) this is winnt.sif file is if you try and make an overlay of winxp, otherwise pls help me understand how to use the winnt.sif file in a win xp sp2 installation..
Alanoll Posted October 4, 2004 Posted October 4, 2004 What you want are the registry settings that are used to disable the firewall.[version]Signature = "$Windows NT$"DriverVer =07/01/2001,5.1.2600.2180[DefaultInstall]AddReg=ICF.AddReg.DomainProfileAddReg=ICF.AddReg.StandardProfile[ICF.AddReg.DomainProfile]HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List","%windir%\system32\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile","DoNotAllowExceptions",0x00010001,0HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile","EnableFirewall",0x00010001,0[ICF.AddReg.StandardProfile]HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List","%windir%\system32\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile","DoNotAllowExceptions",0x00010001,0HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile","EnableFirewall",0x00010001,0That's what you want. You could do it one of two ways. One, extract the SP2 EXE you downloaded, and save all that in netfw.inf and replace netfw.in_ (it's compressed) with it.Or two, save that as an INF, and after SP2 is done installing (before restarting) right-click the file, and click Install.
prathapml Posted October 4, 2004 Posted October 4, 2004 occir, more details would be needed.Are you trying to install SP2 alone to already existing Windows XP PCs?In that case, alanoll's post above is the one to look up to.Are you having SP2 merged into your Windows XP CD, and doing fresh (format and re-install) roll-out?In that case, you can use a winnt.sif setting (much simpler, and avoids headaches of upgrading to SP2 as well).
occir76 Posted October 5, 2004 Author Posted October 5, 2004 hi all thx for the answers .. i have some problems understading what you write.there are two netfw.in_ on my sp2one ini386\icand I386\ipguess i am going to use the one i \i386\IC\next challange, the file i open is in some strange format (properly hex or binary)so how do i edit that ?? do i remove the the content and copy paste the the content from a user here on msfn board.Or do i do something completely else.see my problem... dont know what to do with the netfw.in_ file... pls advice.
amiels Posted October 5, 2004 Posted October 5, 2004 If all you need to do is disable the firewall that windows XP SP2 enables by default - all you have to do is add the following anywhere in your winnt.sif file: [WindowsFirewall]Profiles=WindowsFirewall.TurnOffFirewall[WindowsFirewall.TurnOffFirewall]Mode=0I do this during the installation, and it works just great!Let me know if you need further help.
Alanoll Posted October 5, 2004 Posted October 5, 2004 @amielsHe's not doing an unattended install, he's just installing SP2 over his SP1 systems.@occir76Use the one in IC if you have Home Edition, and IP if you have Pro Edition.To open it, navigate a command prompt to the folder, and typeexpand netfw.in_ netfw.infThen it should be able to be opened up in Notepad just fine. Make the changes, save.thenmakecab netfw.infBoth makecab and expand are native to Windows XP systems.
prathapml Posted October 5, 2004 Posted October 5, 2004 *sigh* Why is this much of struggle..... You can directly edit the netfw.in_ as Alanoll said, or do the other thing he suggested. Steps given below:1. He gave the code necessary. That file is now attached to this post.2. Download "firewall.inf" file from this post.3. Now put SP2 install, and firewall.inf in one folder (on the HDD or CD or wherever).4. Now when you go to the PC that needs SP2, do the below steps.5. Install SP2, but don't click OK at the end when it asks to reboot.6. Right-click on "firewall.inf" in the same folder as SP2, and click "Install".7. So now, that INF has been applied.8. Now, click OK in the SP2 setup, to reboot the machine.That's it - you have it done the way you want it - SP2 is installed, and firewall is not enabled. firewall.inf
Alanoll Posted October 5, 2004 Posted October 5, 2004 @prathapml Assuming he has a good majority of systems.....say 100. If he made 20 disks to install SP2 on (since he doesn't have other stuff), and stuck them in the system, if it did it on it's own it would be simpler then remember to right-click. So.....you either have to to the netfw.inf trick....or....TITLE Upgrading to SP2ECHO Installing Service Pack 2 Now...start /wait sp2.exe /q /n /z /oECHO Configuing Firewall...start /wait rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 firewall.infshutdown.exe -r -t30 -c"Now Restarting System after Service Pack 2 Upgrade"EXITSave that in the root of the CD. Then plop it in the CDROM, and double click the file. Or...[AUTORUN]open=install.cmdSave that and the btch code above in the root of your CD, and call the file witht he[AUTORUN] in it autorun.inf. Then just put in the CD, and it's fully automated.
prathapml Posted October 5, 2004 Posted October 5, 2004 There it comes again..... The power of ideas....The last option you said - to get it done thru autorun without lifting a finger... That's indeed the fastest and best, I suppose (for the purpose he wants to use it for).
occir76 Posted October 6, 2004 Author Posted October 6, 2004 i thank all of you for your answers ... special thx to Alanoll for understanding my problem.. hehe maybe i am not that specific when i write, try to do better in the future i will.. hehejust testing the cab file i made.. by the way totally cool , that i can make a cab file..
occir76 Posted October 6, 2004 Author Posted October 6, 2004 hehe it works JUBIIIII , just to get rid of welcome start screen after first boot.firewall disable like i should... pls check to see inf my netfw.inf is correct.[version]Signature = "$Windows NT$"DriverVer =07/01/2001,5.1.2600.2180[DefaultInstall]AddReg=ICF.AddReg.DomainProfileAddReg=ICF.AddReg.StandardProfile[ICF.AddReg.DomainProfile]HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List","%windir%\system32\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile","DoNotAllowExceptions",0x00010001,0HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile","EnableFirewall",0x00010001,0[ICF.AddReg.StandardProfile]HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List","%windir%\system32\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile","DoNotAllowExceptions",0x00010001,0HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile","EnableFirewall",0x00010001,0;Disable Anti-virus Notifications[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify"=dword:00000001;Disable Firewall Notifications[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirewallDisableNotify"=dword:00000001;Disable Automatic Updates Notifications[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"UpdatesDisableNotify"=dword:00000001dont know if the context is is correct in the 3 Notifications ?????
prathapml Posted October 6, 2004 Posted October 6, 2004 The rest might be okay, but the notifications part won't work.You'd better do that, because those are .REG entries, and this is an INF - the two work in different ways.You can use a separate .REG instead.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now