Must read instructions for keeping your XP x64 install updated
So you want to create a fully up to date Windows XP Professional x64 edition installation DVD ? Well here's how (updated for August).
There are a couple of options as to how to configure your install media, you can:
.. . A) Use Microsoft hotfixes or 5eraph's update pack
.. . B} Integrate IE8 or use 5eraph's IE8 AddOn or integrate IE7 or use IE6
.. . C) Integrate WMP11 using Booogy's Slipstreamer or silent install WMP11 or use WMP10
.. . D) Install .Net frameworks at a level of none, 2.0 SP2, 3.5 SP1 or 4.0 RtM
This guide will list the files needed for the first option given and then note the changes required to use the other options.
So you are going to need some files:
From MediaFire, the Config_XP-64_date.7z file and extract it, this will also setup the necessary directory structure (read \Misc\FileList.txt for contents).
Note on colour codes shown below and in the hotfix lists:
% means that you must directly download this file yourself, it's either an optional component, one of 5eraph's packs or simply huge (Service Pack 2, .Net Framework 3.5 SP1 and DirectX redist).
@ means that the file is available in the 7-Zip archives hosted at MediaFire and as a part of the torent.
# means that in order to save time (honest, it will take forever) and my bandwidth you should directly download this file but it's also in the torent.
▼ is a direct link to the executable
Optional items and groups are described in green (as are their security updates), if you include them as directed then they will be installed
From Microsoft you want:
% ▼ WindowsServer2003.WindowsXP-KB914961-SP2-x64-ENU.exe . 367,964,016 . Only needed if starting from a SP1 source
.. . SHA-1: 7F8E909C52D23AC8B5DBFD73F1F12D3EE0FE794C . . . Service Pack 2 for Windows XP Professional x64 edition
At \Hotfix for direct integration by nLite
Either all the base hotfixes in post 1 of the lists OR % 5eraph's current XP Pro x64 post SP2 update pack
Either all the IE8 hotfixes in post 2 of the lists OR % 5eraph's current Internet Explorer 8 AddOn OR see post 4 for other options
% 5eraph's easily customisable IE8 tweaks but only if using 5eraph's IE8 AddOn . must be compressed
At \WMP11 for integration by the Windows Media Player 11 slipstreamer OR see post 5 of the hotfix lists for other options
# ▼. wmp11-windowsxp-x64-enu.exe .. . . . . . . 27,926,896 . Windows Media Player 11
@ ▼WindowsMedia11-KB929399-v2-x64-INTL.exe 768,416 . DRM - When you design your player to not play ...
@ ▼ WindowsMedia11-KB939683-x64-ENU.exe .. . 684,960 . Shortcut management
@ ▼ WindowsMedia11-KB941569-x64-ENU.exe .. . 696,384 . MS07-068 - Media File Format
@ ▼ WindowsMedia11-KB952069-x64-ENU.exe . 1,865,616 . MS08-076 - Media Components
@ ▼ WindowsMedia11-KB954154-x64-ENU.exe .. . 744,512 . MS08-054 - Media Player
@ ▼ WindowsMedia11-KB954155-x64-ENU.exe .. . 913,288 . MS09-051 - Media Audio Voice Decoder
@ ▼ WindowsMedia11-KB973540-x64-ENU.exe . 6,016,912 . MS09-037 - Active Template Library (ATL)
@ ▼ WindowsMedia11-KB978695-x64-ENU.exe . 1,500,552 . MS10-033 - Media Format Runtime
@ ▼ WindowsMedia11-KB2378111-x64-ENU.exe 5,940,080 . MS10-082 - Reload deallocation
@ ▼ WindowsServer2003.WindowsXP-WindowsMedia-KB2834904-v2-x64-ENU.exe 1,116,360 . MS13-057 - Media Format Runtime
@ ▼ WindowsXP-SP2-X64-WindowsMedia-KB975558-x64-ENU.exe 911,792 . MS10-062 - MPEG-4 Codec
At \RunOnce for installation via nLite's RunOnce / batch files.
% ▼ directx_Jun2010_redist.exe 100,271,992 . SHA-1: F8F1217F666BF2F6863631A7D5E5FB3A8D1542DF
All the hotfixes in post 3 of the lists if using the Microsoft hotfixes method
Please note that the .Net subgroups are incremental and hence you can choose your .Net level (none, 2.0 SP2, 3.5 SP1 or 4.0 RtM).
.Net 2.0 SP2 subgroup (\RunOnce) you must manually block the 132MB KB951847 .Net 3.5 SP1 family patch on Windows Update if you only want .Net 2.0 SP2
% ▼ NetFx20SP2_x64.exe 48,524,296 . Not needed if installing .Net 3.5 SP1 or greater
.. . SHA-1: F8F1217F666BF2F6863631A7D5E5FB3A8D1542DF
# ▼. NDP20SP2-KB958481-x64.exe . 19,282,272 . Application Compatibility Update
# ▼. NDP20SP2-KB2729450-x64.exe 31,280,648 . MS12-074 - 4 Vulnerabilities fixed
# ▼. NDP20SP2-KB2742596-x64.exe 20,742,168 . MS13-004 - 4 Vulnerabilities fixed
# ▼. NDP20SP2-KB2789643-x64.exe 11,963,400 . MS13-015 - XAML Browser Applications (XBAPs)
@ ▼ NDP20SP2-KB2844285-v2-x64.exe 4,959,896 MS13-052 - 5 Vulnerabilities fixed
@ ▼ NDP20SP2-KB2863239-x64.exe . . . 999,560 . MS13-082 - 3 Vulnerabilities fixed
# ▼. NDP20SP2-KB2894843-x64.exe 14,306,016 . ASP.NET
# ▼. NDP20SP2-KB2898856-x64.exe 25,703,128 . MS14-009 - 3 Vulnerabilities fixed
# ▼. NDP20SP2-KB2901111-x64.exe 13,188,312 . MS14-009 - 3 Vulnerabilities fixed
@ ▼ NDP20SP2-KB2932079-x64.exe . 1,234,144 . MS14-026 - Remoting
% ▼ NDP30SP2-KB982524-x64.exe . 30,834,536 . Update Rollup . Not needed if installing .Net 4.0 RtM
.. . SHA-1: DBA96E4CA6F76BD0DD4CE83B2F2E5D69FFFA8289
# ▼. WindowsServer2003-KB968930-x64-ENG.exe 10,334,496 . PowerShell 2.0
@ ▼ vcredist_x86_2005sp1c.exe . . . . 2,707,352 . Visual C++ 2005 SP1 32-bit . Must be manually renamed
@ ▼ vcredist_x64_2005sp1c.exe . . . . 3,175,832 . Visual C++ 2005 SP1 64-bit . Must be manually renamed
.Net 3.5 SP1 subgroup (\RunOnce) cumulative with 2.0 SP2 above
% ▼ dotnetfx35.exe 242,743,296 . Includes and replaces NetFx20SP2_x64.exe from the .Net 2.0 SP2 subgroup
.. . SHA-1: 3DCE66BAE0DD71284AC7A971BAED07030A186918
# ▼. NDP30SP2-KB958483-x64.exe . 17,262,944 . Application Compatibility Update
# ▼. NDP30SP2-KB2756918-x64.exe 38,960,168 . MS13-004 - 4 Vulnerabilities fixed
# ▼. NDP30SP2-KB2832411-x64.exe 35,274,376 . MS13-052 - 5 Vulnerabilities fixed
@ ▼ NDP30SP2-KB2861189-x64.exe .. . 928,904 . MS13-082 - 3 Vulnerabilities fixed
@ ▼ NDP35SP1-KB958484-x64.exe . . 1,472,352 . Application Compatibility Update
@ ▼ NDP35SP1-KB963707-x64.exe .. . . 759,144 . Firefox Assistant 1.0
@ ▼ NDP35SP1-KB2604111-x64.exe .. . 877,680 . MS12-035 - XAML Browser Applications (XBAPs)
@ ▼ NDP35SP1-KB2736416-x64.exe . 1,532,952 . MS13-007 - Open Data Protocol
@ ▼ NDP35SP1-KB2840629-x64.exe . 1,681,544 . MS13-052 - 5 Vulnerabilities fixed
@ ▼ NDP35SP1-KB2861697-x64.exe . 2,234,504 . MS13-082 - 3 Vulnerabilities fixed
@ ▼ WindowsServer2003.WindowsXP-KB961118-x64-ENU.exe 872,312 . Unsigned PCL inbox printer drivers
@ ▼ vcredist_x86_2008sp1c.exe . . . . 4,479,832 . Visual C++ 2008 SP1 32-bit . Must be manually renamed
@ ▼ vcredist_x64_2008sp1c.exe . . . . 5,207,896 . Visual C++ 2008 SP1 64-bit . Must be manually renamed
.Net 4.0 RtM subgroup (\RunOnce) cumulative with 3.5 SP1 above
# ▼. dotNetFx40_Full_x86_x64.exe . 50,449,456
# ▼. NDP40-KB2468871-v2-x64.exe 28,640,160 . Update Rollup
@ ▼ NDP40-KB2487367-x64.exe .. . . 2,140,520 . MS11-066 - Chart Control
# ▼. NDP40-KB2533523-x64.exe .. . 39,121,768 . Reliability Update 1
# ▼. NDP40-KB2600217-x64.exe .. . 33,566,328 . Reliability Update 2
# ▼. NDP40-KB2604121-x64.exe .. . 40,175,720 . MS12-035 - XAML Browser Applications (XBAPs)
# ▼. NDP40-KB2729449-x64.exe .. . 26,263,520 . MS12-074 - 3 Vulnerabilities fixed
@ ▼ NDP40-KB2736428-x64.exe .. . . 2,324,448 . MS13-007 - Open Data Protocol
# ▼. NDP40-KB2737019-x64.exe .. . 16,049,632 . MS12-074 - WPF Reflection Optimization
# ▼. NDP40-KB2742595-x64.exe .. . 13,309,984 . MS13-004 - 4 Vulnerabilities fixed
@ ▼ NDP40-KB2789642-x64.exe .. . . 4,256,248 . MS13-015 - XAML Browser Applications (XBAPs)
# ▼. NDP40-KB2840628-v2-x64.exe 18,157,704 . MS13-052 - 5 Vulnerabilities fixed
# ▼. NDP40-KB2858302-v2-x64.exe 10,096,264 . MS13-082 - 3 Vulnerabilities fixed
# ▼. NDP40-KB2861188-x64.exe .. . 16,994,424 . MS13-082 - 3 Vulnerabilities fixed
# ▼. NDP40-KB2894842-x64.exe . . . 9,812,688 . ASP.NET
# ▼. NDP40-KB2898855-v2-x64.exe 24,495,832 . MS14-009 - 3 Vulnerabilities fixed
# ▼. NDP40-KB2901110-v2-x64.exe . 9,873,112 . MS14-009 - 3 Vulnerabilities fixed
@ ▼ NDP40-KB2931365-x64.exe .. . . 2,071,248 . MS14-026 - Remoting
# ▼. vcredist_x86_2010sp1c.exe . . . 8,990,552 . Visual C++ 2010 SP1 32-bit . Must be manually renamed
# ▼. vcredist_x64_2010sp1c.exe . . 10,274,136 . Visual C++ 2010 SP1 64-bit . Must be manually renamed
To save on click fatigue 7-Zip archives are available of the smaller hotfixes at MediaFire (A only for 5eraph's pack, A+B+C for the Microsoft hotfixes method), extract them into the same directory that you chose to extract the Config archive into. The archives won't necessarily be updated every month, only when there are changes.
For returning users a torent is available containing all but 3 of the Microsoft downloads (all but SP2, .Net 3.5 & DirectX). As (due to my upload limitations) it won't exactly be Speedy Gonzales (expect about 4KB/s, roughly 40 hours for full download), you are recommended to download the larger hotfixes directly (mainly .Net patches).
Run the UpdatePrep.bat file in the \Misc directory before opening the Hotfix torent, this will remove any outdated hotfixes. 5eraph's pack users should disable the downloading of everything in the \Hotfix folder and those items in the \RunOnce folder from post 3 of the lists. The torent is also useful for checking that you have all the downloads and that they aren't corrupted. It is important to note that the tracker's IP address is at least nominally dynamic (and I've been known to forget to launch it), so if you can't connect for more than a day or two PM me. The 7-Zip archives and torent also contain:
AddOns\Grant_Access_1.1.exe . . . . . . . . . . . 141,900 (repacked subinacl.msi)
AddOns\TweakUIPowertoySetup_amd64.exe 164,920 (also available from the next post's attachments)
Misc\update.exe . . . . . . . . . . . . . . . . . . . . . . 978,736 (patched to apply Server 2003 only hotfixes)
Note as to format, the trailing number in italics is obviously file size while the leading number in the hotfix lists is to ensure that they are integrated in the same order that Windows Update would install them. The gaps in number are so that any future changes can be inserted into the hotfix torent without requiring name changes, re-ordering or re-downloading files.
Whether or not you prefer to directly download all the hotfixes, UpdatePrep.bat will rename the files as appropriate. If you've chosen to include all the optionals \Hotfix should have 148 files 375,734,656, \WMP11 should have 12 files 49,085,768 and \RunOnce should have 57 or 50 files 1,021,426,640 or 981,503,521.
Of course you won't get very far without nLite, Boooggy's WMP11 slipstreamer and a Windows XP pro x64 install CD.
Now it's time to fire up nLite
Note that nLite must be run with administrator privileges, you might need to disable anti-virus software and Vista/W7 users should run in XP compatibility mode, also there are screenshots available of the process at MediaFire.
- Locate your source.
- Slipstream service pack 2 then exit nLite (if nLite is open it can interfere with the WMP11 slipstreamer).
Special note for users of 32-bit operating systems. You cannot slipstream Service Pack 2 as is (due to it being a 64-bit executable), instead you must do the following:
- First check that the files in your nLite working directory do NOT have their Read-Only attribute set, if so clear it.
- Extract WindowsServer2003.WindowsXP-KB914961-SP2-x64-ENU.exe with 7-Zip or WinRAR.
- Download from MediaFire the UpdateSP2.7z archive (contains files from the 32-bit version of Service Pack 2 for Windows Server 2003).
- Extract UpdateSP2.7z into the \AMD64\Update folder of the extracted x64 Service Pack 2, replacing the existing files.
- nLite will warn that you cannot integrate 64-bit service packs from within a 32-bit environment, proceed anyway (just say no).
- Finally when integrating the Service Pack you need to navigate to the AMD64\Update folder and select the Update.exe file.
- Whoa there Tex, it's time to get down and Boooggy. The WMP11 slipstreamer is fairly self explanatory, just target your working directory, the WMP11 install file and the 11 hotfixes in the WMP11 directory, then hit the integrate button.
- If you are planning to experiment, now is the time to backup your working directory. Then it's time to fire up nLite again (my session file is located at \Misc, you may wish use it as a base).
- Add all the hotfixes listed in the \Hotfix directory (use Crtl-A, check the order, might need to do it in 2 bites). 32-bit users: Move the following hotfixes to the RunOnce directory first (020, 036, 064, 100, 116, 156, 192, 340, 426, 450, 476, 594, 644, 732, 940)
- Add any drivers you may need, especially textmode SATA & RAID drivers (Intel, nVidia). I've found that 7-Zip will extract some things WinRAR won't (case studies incl ATI vid).
- Unattended settings, this is the most important one. Your RunOnce file should look like this:
TimeOut /T 40 CMD /R %Source%Run1_XP-64.batYou should also set it to autologon twice to an administrator class account (read the note), fully automated mode would be an excellent idea Smithers. The TimeOut is to avoid a "Device not Ready" error. If you need to load drivers from a floppy then read the note on the general tab about OEM Preinstall.
- Make any tweaks you want, then run the process.
- Copy all the files and folders that you have downloaded, except those at \Hotfix, \Misc and \WMP11 to your nLite working directory, maintaining the directory structure (\AddOns contains optional files).
- After you drag n drop anything else that you may want / need, go ahead and burn that image / DVD.
If you have gone for the fully unattended option, then all you have to do is let it be for roughly 4 hours (assuming lots of AddOns). The system will be ready for use when a logon box is waiting for your input. The only high priority download available will be the "Malicious Software Removal Tool" (none if using 5eraph's pack). If at all possible use a parallel IDE attached DVD drive as SATA drives have been known to result in install errors in some cases.
Application AddOns: (do not place multiple versions of the same application in \AddOns)
nLite supports the use of application addon .cab files at the hotfix integration step, however I do not recommend their use as the file associations don't register with XP x64 (OK with x86 Windows). You should instead edit Run1_XP-64.bat or Run2_XP-64.bat to call the standard enduser installer with the appropriate silent install switches. Currently the following applications will be installed if they are copied to \AddOns, unless otherwise noted they will work with minimal rights (guest account) and maximum DEP (Always-On), 7-Zip strongly recommended:
Kels x64 CPL bonus pack for 5eraph's update pack or Microsoft hotfixes method (most require Admin rights, FixWin N/A)
Tweak UI (requires 7-Zip)
7-Zip x64 needed for Daemon Tools, Tweak UI, VirtualBox & VMware drivers
Windows Desktop Search & patch
Tool Tip Fixer
Opera (turbo mode now called off-road)
Google Chrome .msi version
Flash Player plugin for Firefox, Seamonkey & Opera << direct link
Shockwave Player plugin
Silverlight Player plugin must use 32-bit version
Java Runtime Environment 7 both i586 & x64
Windows Live Essentials Messenger, Mail (requires Contacts) & Photo Gallery (requires .Net 3.5 & SQLServerCE)
Libre Office requires Java 7
Microsoft Office 2007, please read Misc\Office2007.html from the config file
Foxit Reader . FTP site (for menu based UI - Help>>Change Toolbar Mode)
GIMP "en_GB" help files folder renamed to "en" for easy access
Mihov Image Resizer
nLite (requires Admin rights)
WMP11 Slipstreamer << direct link
Virtual PC 2007 SP1 (rename to VirtualPC2007x64setup.exe) & patch & patch
Virtual Box Oracle extension pack supported, use 4.3.12 as 4.3.14 is buggy
VMware Server 1.0.10 << direct link, you will need to edit Run1_XP-64.bat inserting your registration key (any DEP level except AlwaysOn)
Google Earth use version 188.8.131.5213, not the current beta
Skype 184.108.40.206 << direct link as the latest version is not DEP compliant
FileZilla 220.127.116.11, last version to officially support XP x64
Vuze x64 . download
Daemon Tools Lite (requires 7-Zip or SPTD)
ImgBurn requires Nero BurnRights for non-admin accounts
CDBurnerXP x64 .msi version, requires .Net 2.0 or greater
VideoLAN Player x64
K-Lite Mega Codec Pack lots of stuff option, see here if you want to create your own config files
BOINC Screensaver x64
UltraDefrag x64 one pass of boot time defrag (requires admin rights)
Enhanced Mitigation Experience Toolkit description . download requires .Net 4.0 & Admin rights (all EMET tested applications protected)
Microsoft Security Essentials x64 use version 4.4.304.0 Detection update integration supported, replaces Windows Defender and Avast Anti-Virus
Windows Defender x64 . Detection update integration supported
Spybot: Search & Destroy 1.6.2 . Detection update integration supported (requires Admin rights)
Avast Anti-Virus, see below
Comodo Firewall, see below
VirtualBox Additions (requires 7-Zip)
VMware Tools (requires 7-Zip, seeing a pattern?)
It should be obvious, but installing these applications is completely optional, for instance there is very little point in installing 3 different PDF readers. Another possibility is to strip the actual executable out of the various AddOns created by others (copying the file to \Addons) and then adding the appropriate command to the batch files. The executables have usually been repacked as silent installers, but be sure to read the entries*.ini file to confirm this. If you don't intend to include any of these applications (vanilla install disk), then you only need to autologon once at step 7 (don't copy Run2_XP-64.bat across at step 9).
You can have as many application install reboot passes as desired. To do this simply set the system to auto-logon (in step 7) as many times as required and place the appropriate number of batch files in the root directory of your install media. The first 5 batch files are already written (at \Misc) with the needed handover command, but if you need more they are fairly self explanatory. Be sure to install security software last.
Avast Anti-Virus was the first free Anti-Virus product to support x64 windows and is still quite popular, however the latest version (2014 v9.x.x) breaks IE8 x64 and doesn't support silent install so you should use the older v8.0.1497 instead. Detection update integration is supported. If you want to install additional languages (such as Pirate Talk) run the installer again and select them, any other method will result in your copy being "upgraded" to Avast 2014.
Comodo Firewall: The latest version installer doesn't support install switches, breaks Deamon Tools and has the "modern" UI so you should use the older version 5.12 x64 .msi installer which has a fairly extensive list of pre-approved applications (which you may not want) or the last of the 3.x x64 series with a very basic push-the-buttons AutoIt script.
Optional components (currently GrantAccess/SubInACL & TweakUI):
Any small (<2MB) but useful optional components will be placed in the \AddOns directory. The batch files will be written to support their installation if \AddOns is copied to the nLite working directory.
SubInACL is a command line utility meant for network administrators, but it can be useful to us mere mortals as it makes running as a limited user possible. Using the "Access *" shortcuts I only have to logon as the Administrator about once a fortnight. Since I started setting up my friend's computers this way I haven't had to deal with the "I cancelled a print job and now my printer is gone" (they deleted the printer) or "Why do I get all these annoying pop-ups" (opened Amazing_Photos.vbs) type service calls. How many of us can truly say they have never clicked the wrong button or typed the wrong command? Remember, the neck you save might just be your own.
TweakUI is a unofficial Microsoft powertoy that acts as a one stop shop for User Interface configuration. This is the (hard to find) x64 version, digitally signed though. As there are no silent install switches, you must include 7-Zip for automated install.
I use VirtualBox (4.3.12) for testing purposes, highly configurable regarding choice of emulated hardware and also good for virtualizing Linux (some tricks needed for Windows 98se), however hardware virtualization support is required for 64-bit guests (AMD-V or VT-x).
- Silent installation of Virtual Machine extensions is supported, once VirtualBox is installed there will be a file "VBoxGuestAdditions.iso" at "\Program Files\[Sun|Oracle]\VirtualBox", copy it to \AddOns in your nLite working directory (requires 7-Zip).
- On the System settings page leave I/O APIC and VT-x/AMD-V enabled (default settings).
VMware Server 1.0.10 hints:
- Silent installation of Virtual Machine extensions is supported, once VMware server is installed there will be a file "windows.iso" at "\Program Files (x86)\VMware\server", copy it to \AddOns in your nLite working directory (requires 7-Zip).
- To enable sound you will have to integrate the VMaudio driver (3rd party signed version) with nLite at step 6 of the process AND once you have completed the New Virtual Machine wizard, choose VM >> Settings >> Hardware >> Add >> Sound Adapter.
- When booting up the Virtual Machine click your mouse inside the VM and hit F2, this will allow you to access the VM BIOS, you can then alter the boot sequence so that it always boots off the CD first.
Edited by Kurt_Aust, 15 August 2014 - 08:29 PM.