Jump to content

Windows Server Post Setup Security Updates


Recommended Posts


Hi, welcome to MSFN.

Haven't had this yet (is this a result of installing 2003 with SP1 slipstreamed already?) but it may be a requirement - tho i doubt it.

Surely it is documented in the deployment pack of 2003 SP1 (deploy.chm) although they probably haven't updated the tools & manuals etc yet (well, haven't released them yet) although if they have, can someone post a link?

I'm sure they'll be some setting you can set in a answer file to help unattended installs - which is probably the easiest way (that is if you use a answer file lol).

Regards,

N.

Link to comment
Share on other sites

  • 3 weeks later...

I haven't seen it before, but then again I have slipstreamed W2k3 server yet either.....

With this new feature, once you finish a Windows Server 2003 installation (with SP1 slipstreamed), the server will block all incoming communication through the Windows Firewall until you install all of the latest security updates, to prevent worms, Web attacks, spyware installations and other unwanted elements (Read: dA bAd gUyz) from exploiting and attacking your server through unpatched security holes

I would take this to mean that you don't have all the latest all the latest security updates. If it's a slipstreamed build, then why not just include the hotfixes and refer to them in the unnattend script (or winnt.sif). This screen should go away once updated no?

This can be found here.

Link to comment
Share on other sites

The SP1 Win2k3 have all patchs .. just two patch are available today, Windows Installer 3.1 v2 and Malicious Removal Tools.

But this nag screen will be always here after you install Win2k3 SP1 ... I think Microsoft have an argument/option in winnt.sif .. but today no doc are out.

Goodbye.

PS: If anyone finds solution post here ;)

Link to comment
Share on other sites

  • 1 month later...

Microsoft TechNet: Microsoft Windows Server 2003 TechCenter

Post-Setup Security Updates

Do I need to change my code to work with Windows Server 2003 Service Pack 1?

If you do new installations of a version of Windows Server 2003 that includes a service pack by using an unattended-setup script and you want to suppress Post-Setup Security Updates, it is recommended that you explicitly enable or disable Windows Firewall in either your setup script or by Group Policy. This change automatically suppresses Post-Setup Security Updates.

Edited by Bilou_Gateux
Link to comment
Share on other sites

The SP1 Win2k3 have all patchs .. just two patch are available today, Windows Installer 3.1 v2 and Malicious Removal Tools.

But this nag screen will be always here after you install Win2k3 SP1 ... I think Microsoft have an argument/option in winnt.sif .. but today no doc are out.

Goodbye.

PS: If anyone finds solution post here ;)

Download Windows Server 2003 Service Pack 1 32-bit Deployment Tools

Open "Microsoft Windows Preinstallation Reference" Help File (ref.chm)

Go to Unattend.txt > WindowsFirewall

Settings are documented in this section of the help file:

Example of a User-defined Profile to Disable Windows Firewall

You may disable the Windows Firewall, if you are including a third-party firewall that is active and enabled with your offering. Add the following sections and entries to the Unattend.txt file:

[WindowsFirewall]Profiles = WindowsFirewall.TurnOffFirewall

[WindowsFirewall.TurnOffFirewall]

Mode = 0

Link to comment
Share on other sites

  • 11 months later...
  • 2 years later...
  • 2 months later...
Uhhh, really old thread... SP2 is and has been out for a while... And I don't remember getting this "nag screen"...

You still need that setting in winnt.sif despite it being on SP2.

Well it is on SP2 now but this stupid nag screen still comes up even though the installation had all hotfixes slipstreamed into it. When I visit Windows Update it says that "No high priority updates are needed for your computer".

So the winnt.sif entry and disabling of the Windows Firewall is still the only way to stop the nag screen? I don't believe this nag screen is related to the firewall, the nag screen itself will simply be a 1 that needs changing to a 0 or "Shown" changed to 1 or whatever, the Firewall doesn't dictate whether this nag screen shows and disabling the Firewall is pretty silly IMO just to stop a nag screen.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...