MerijnB

congrats on your beta release! sleep well

wLite had also come across my mind before I read it here, +1!

Hey nuhi, Good to hear from you. I'm positively surprised about the new info. I would be very willing to pay for a license looking at the time saved by nLite in the past, besides, looking at the time you put it, it's only fair Can you tell something about the ideas you have with regards to free vs pro (what are the pro features) and pricing? Looking forward to a possible public beta!

I was looking for a way to do this up front at first, but didn't find it, interesting information. I understand HIVESYS.INF, but can you please explain why the changes in LAYOUT.INF? Furthermore I'm mostly looking for something which can be done from an nLite setup, without making manual changes in the middle of the process, not sure if this could be automated in. Thanks for info!

It seems I've cracked it. Changing the registry before the administrator account as set in nLite is created doesn't seem possible, so I continued with the app which tries to do the trick afterward. It's not possible to make something which can be used as an addon in nLite, because if you try to change a password (needed for the process) at the moment the addons are run, you get error #1351, which (according to Microsoft) means: so that's obviously too early in the installation process. So this tool should be run using RunOnce in nLite and should do everything automagically. Keep in mind that it only works for the administrator account. The app can be used freely, I don't think it's worth its own thread, so I attached it to this post. Suggestions and questions are welcome of course! Thanks for thinking with me. NoWeakPasswords.zip

John, The only thing I see in the nlite.in_ file is this: HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","AutoAdminLogon",0x00000000,1 HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","DefaultUserName",0x00000000,"Administrator" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","DefaultPassword",0x00000000,"password" Is this what you mean? This seems like it has to do with autologin only, and won't be there if you don't have autologin enabled.

Hi johnhc, I'm my own research I'm doing something similar. I'm trying to write a small app which I will include as an addon: [general] builddate=2010/02/18 description=Prevents Windows from generating easy to crack password hashes language=English title=No weak password hashes [EditFile] SVCPACK.INF,SetupHotfixesToRun,AddProgram [AddProgram] weakpass.exe This app will do a few things: - Locate the winnt.sif file on the nlite cd and extract the admin password from it (GuiUnattended -> AdminPassword). - Make the appropriate registry changes. - Change the admin password to "temp". - Change the admin password back to what was read from winnt.sif This has the advantage that it's quite transparent, you can just enter a password you wish to use in nLite. I'll post here if I get any further with this. Can you tell me if the admin password is always visible in the winnt.sif file made by nLite, or for example only if autologin is used? Thanks for lending some brains Merijn

Hi all, I'm looking for a way to avoid that XP has easy to crack passwords, see: http://www.windowsecurity.com/articles/Protect-Weak-Authentication-Protocols-Passwords.html To achieve this, I've made an addon which looks like: [general] builddate=2010/02/18 description=Prevents Windows from generating easy to crack password hashes language=English title=No weak password hashes [registry_addreg] HKLM,"SYSTEM\CurrentControlSet\Control\Lsa","lmcompatibilitylevel",0x10001,05 HKLM,"SYSTEM\CurrentControlSet\Control\Lsa","nolmhash",0x10001,01 This works nice, but there is a problem. After these registry values are set, the passwords still need to be changed before XP 'forgets' the lm hash of the previous password. So it seems that during installation first the admin account is created with the password set in nlite, and after that this addon is run which changes the registry entries. So in short: Is there any way to move the adding of these registry entries forward, so they are done before the admin account as defined with nlite is created?