[rcll]

hi thanks for nice work

is there plans to include some optional scripts to disable network services to a flat minimum?

when i install and patch new win2k i always go mess around in dcomcnfig.exe

and in the network config disabling netbios over tcp then some regedits like HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Start = 4

then in services.msc disabling a bunch of network services that a basic client machine doesnt need

uninstalling messenger and other default load network programs

maybe this is already in newest version as post-install option 'minimal networkservice configuration'?

[-I-]

oke... first of all lets get somthing clear....
what do you mean by uninstalling messenger .....
for windows 2000 doesn't have windows messenger like xp has, and the msgr service (windows service) is not un-installeble other than by hacking the hell out of windows.... (wich you can still do, just create the install cd with NLite add servicepacks - select USP51-basic.exe and do all stuff youd want to do after that...

second of all unless it is to protect users, not any service pack should ever contain treaks that degrade usability of a system, (thats your job, not ours),

perhaps you should have a look at the unattended tweaks section, all those tweaks for win2k will still word after intergrating usp5 (or at least they are suposed to)...

[prathapml]

Yeah, all of the tweaks mentioned in first post, are menat to be done by users themselves, or by the organisation deploying it. Use unattended install to integrate your customizations.
Use nLite to remove the components you dont want.

[rcll]

ok thanks for answer i will try the solutions

what is procedure to make iso slipstream with sp5.1 if iso is already slipstream to sp4? will overwrite ok or is there some concern?

is possible to put date on releases of sp5s at http://www.war59312.com/win2ksp5.php page so can tell what are the last updates included? does sp5.1 include last 2 january critical patch?

thanks again for great work

[rcll]

Ok I tried slipstreaming USP5.1 to SP4iso with /integrate:<path> and everything look good

I was wondering if is possible to include simple .txt file with a list of KB###### patches that are included in the different releases of USP zipfile on the http://www.war59312.com/win2ksp5.php page?

I try /l switch to list patches but it only shows patch that are installed after the USP5.1

After install is it possible to change "Service Pack 4" in System Properties/General tab to say "SP4+USP5.1" or something like that?

Just curious to know what patches are inside each USP, or last date of critical patch updates that are included inside each USP so can know which new patch are needed to download

It is very nice work with USPs thanks for the good work

[-I-]

NO at this mom i dont have a list of all the fixes included into this... SP.
but you migt try looking at release date 15december 05...

youd know that no later hotfixes than that could be included into the SP....

NO it is NOT possible to change the windows version to windows 2000 SP5
(well actualy it is, but it would brake-down any future windows updates)

[rcll]

Thanks for reply, I was just curious about windows version name for a way to check if USP5.1 was installed properly, is there some other way to check manually if USP5.1 is integrated sucessfully?

List of included hotfix KB#'s in .txt file should be easy to do, I hope this is included for next releases so everyone can check what hotfix is included inside the USP

For critical hotfix there is 1 in December

http://www.microsoft.com/technet/security/...n/MS05-054.mspx

Cumulative Security Update for Internet Explorer (905915)
Published: December 13, 2005 | Updated: February 1, 2006
Cumulative Update for Internet Explorer 6 SP1 (KB905915)

Then there is 2 in January

http://www.microsoft.com/technet/security/...n/MS06-001.mspx

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Published: January 5, 2006
Security Update for Windows 2000 (KB912919)

http://www.microsoft.com/technet/security/...n/MS06-002.mspx

Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
Published: January 10, 2006
Security Update for Windows 2000 (KB908519)

Definitely the January critical hotfixes are not in the USP5.1 but is the December critical hotfix inside?

[-I-]

i wil forward a recomandation i read about at ryanvm's XP updates....

they seam to add a regkey to

[htkey_machine\software\Microsoft\windows\updated_by\]
name "Unofficial Service Pack 5.1 basic edition"
version "uPS.51.b18"
by "Gurglemeyer" 
special-thanks "http://www.msfn.org"

How about that?????

[dirtwarrior]

rcll
I am interested in the tweak listed in your post above in #1.
Thanks

This post has been edited by dirtwarrior: 02 February 2006 - 05:47 PM

[Gurgelmeyer]

Hi

I'll consider a USP Release ID in future releases. I just don't know if you guys want it to show up in the System Properties or not? I ran regmon the other day and found a long forgotten feature which actually allows two further lines of text to appear below the product id. Those entries are leftovers from Plus!/IE on NT4. Could be something like "USP 5.1.19 2006-01-11"

Best regards,
Gurgelmeyer

[the_guy]

http://www.microsoft.com/technet/security/...n/MS05-055.mspx

Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)
Published: December 13, 2005
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)

Another update released in December for Windows 2000.

the_guy

[war59312]

Hello,

I'll do as you guys ask if Gurgelmeyer can hook me up with an official list of all hot fixes included and the official release date, since I can not remember.

In the future if you have any recommendations for the site then please use the contact me link on the top of the site. It makes it eaiser to mange and I'll reply a lot faster. Thanks!

Take Care,

Will

[vci]

dirtwarrior, on Feb 2 2006, 05:47 PM, said:

rcll
I am interested in the tweak listed in your post above in #1.
Thanks

rcll still didnt answer ... hmm ;-\

[-I-]

Gurgelmeyer, on Feb 26 2006, 02:29 PM, said:

Hi

I'll consider a USP Release ID in future releases. I just don't know if you guys want it to show up in the System Properties or not? I ran regmon the other day and found a long forgotten feature which actually allows two further lines of text to appear below the product id. Those entries are leftovers from Plus!/IE on NT4. Could be something like "USP 5.1.19 2006-01-11"

Best regards,
Gurgelmeyer

Do IT

[Gurgelmeyer]

It's done

"USP 5.1 19 2006-03-06" (without the quotes) now shows up in System Properties just below the PID. Btw this is the new USP 5.1 SR-1 that I did yesterday - I might release this, or wait a week longer and have next tuesdays updates included.

Generally - to verify if a particular update is included, check the file versions - WUv6 does just that, because it's the only reliable way. A few updates are flagged as installed in the registry - these are pre-MSURP1 security updates. MSURP1 flags these as installed too.

Best regards,
/G


PS - About listing hotfixes included - it's much more complicated than you guys might imaginge, because they overlap eachother. But if we stick with security updates and other updates available from WU it's very simple - would it be of any use?

/G

[At0mic]

having the version in system properties is a great idea!

BTW, is it compatible with WSUS?

[-I-]

If you mean that it can check if SP5 is installed NO.
if you mean that you can use WSUS on a slipstreamed pc afterwards YES

[Electrician]

Gurgelmeyer, on Mar 7 2006, 11:51 AM, said:

It's done
I might release this, or wait a week longer and have next tuesdays updates included.

I could wait a week. Although if M$ release a ton of fixes, that would require more than a 'bit' of work, you
might want to release anyway?

Gurgelmeyer, on Mar 7 2006, 11:51 AM, said:

But if we stick with security updates and other updates available from WU it's very simple - would it be of any use?

I would think just a note that it includes all WU security as of: <date> would be sufficient.
Crimeny, a list (EVER growing) of all updates would be a bit mutch.

btw Having just returned from an absence myself; Welcome back and Bless you!

[rcll]

Hey nice thread, I was away for a while

I just thought that a list of KB# included in a txt file could be easy to do, if they overlap just list all the KB# that were applied, so its easy to know if the KB#'s patch has been included into the code

Great project I hope you are doing well

[-I-]

i dis-agree. because the Internet Information Service (IIS) is partly dependant on IE files. also IE will have leaks whether you use it or not.

just install the latest SP and use Nlite to remove unwanted stuf. - is inho a way better choice. also in the near future Gurgle will release a servicepack with new Microsoft Data Access Components (MDAC) witch also is a must-go for database driven aplication services.

i realy do think you'd rather want to use nlite to
A strip MS-JAVA
B strip IE (not ie core)
C strip MS Media Player 9 (and maybe 6.4 as was if you dont run media services).
D some other services
E (IIS - if you want apache instead, or dont run webservices at all).
F things you might think of yourself.

WARNING - ALWAYS TEST IT THOUROUGHLY BEFORE USING IT FOR REAL.