Security Rollup Package
Posted 31 January 2002 - 05:40 AM
im wondering if itz possible to like.. slipstream it into the os just like the service packs?
Posted 02 February 2002 - 05:19 AM
will the patches in the SRP1 b also included in the upcoming win2k SP3?
Posted 04 February 2002 - 05:51 AM
change into the folder
( [SRP1ROOT] is the root folder where you have unpacked the SRP1, if you haven't you can't execute update.exe )
and execute "update -l" (this is a lowercase "L" not an "I")
it shows (on my system)
"SP2SRP1 - SP3"
so its either likely that this unofficial SP3 or it will be included in SP3
Posted 12 February 2002 - 11:46 PM
was wondering if itz possible coz i saw this artice http://www.winnetmag...articleid=23994
and m not sure of what he meant by "If youre creating new systems, you can put all 22 hotfixes in one slipstream directory and easily install the most recent and secure version of the OS from that directory. "
tnx again! =)
Posted 07 February 2002 - 11:01 AM
Make a SVCPACK folder under i386. Copy all hotfixes (and *.cat file you can extract) with a short name into that folder.
You have to use the latest sp3.cat in order for it to work.
Then make a file called svcpack.inf in the i386 folder. Here is the contents in my case:
Q252795.exe -q -m -z
Q276471.exe -q -m -z
Q282784.exe -q -m -z
Q285156.exe -q -m -z
Q285851.exe -q -m -z
Q296185.exe -q -m -z
Q298012.exe -q -m -z
Q299553.exe -q -m -z
Q299687.exe -q -m -z
Q299796.exe -q -m -z
Q300980.exe -q -m -z
Q301625.exe -q -m -z
Q302755.exe -q -m -z
Q303392.exe -q -m -z
Q308508.exe -q -m -z
Q310510.exe -q -m -z
Then you have to extract all Q*.exe files and substitute all files the they contain (except symbols, hotfix.exe, hotfix.inf,
spmsg.dll) with the same files in the i386 folder, usually *dll and *.exe files.
In the svcpack folder you have to use the sp3.cat with the latest version number.
Then you get a installation CD with all the latest pre SP3 files (it works for me anyway). I think I have all the files that you
can slipstream in the picture above (let me know if there is some file missing)
Please let me me know if this helped any.
A Later email Peter sent to me:
I will try to slipstream the w2kSP2SRP1.exe into the w2kSP2 package and let you know if I succeed. I think I forgot one cruicial information from my earlier mail. The slipstreaming starts with putting svcpack under [OptionalSrcDirs] in the dosnet.inf file, otherwise none of this works.
The benefit of slipstreaming also the pre-SP3 hotfixes into the installation is that you can install optional components later without installing the hotfixes again. Another thing is that you can use the -n switch and not create any uninstall directory for the hotfixes which makes your original installation smaller. The uninstall should not be needed in a clean install. Another benefit is of course the time it takes to install, no extra shutdowns.
I also sent an email to the author of the article mentioned above. I will post any reply that I get.
Posted 06 March 2002 - 05:32 PM
Just signed up. Peter is my name but nickname Fjellu.
I have the package slipstreamed into a booting CD. I have followed the multiOS thread for some time now but I just use the info to make a CD with all the goodies I need for a single install.
OK, so down to business:
1. Use a slipstreamed W2KSP2.
2. Open dosnet.inf and add svcpack to [OptionalSrcDirs]. it should loke like this:
3. Create a folder named svcpack under the i386 folder.
4. Put w2kSP2SRP1.exe into the svcpack folder.
5. Change the name to SP2SRP1.exe (8.3 limitation)
6. Unpack w2kSP2SRP1.exe to a temp folder.
7. Copy the catalogs dtcsetup.cat and empty.cat to the svcpack folder.
8. Copy sp3.cat from the update folder of the unpacked w2kSP2SRP1.exe to the svcpack folder.
## The following could be done several ways ##
9. Copy everything from the temp folder where you unpacked w2kSP2SRP1.exe to the i386 folder (including subdirectories)
10. Delete dtcsetup.cat and empty.cat from the i386 folder.
11. Delete the update folder (now subfolder to i386).
12. Delete all duplicate files in the i386 folder, whenever there is a compressed one (this is a bit time consuming). Every *.dl_ and *.ex_ should be deleted. The beginning of the file is the same, for example MAILMSG.DL_ and mailmsg.dll. Always delete the older. (Just ignore if there is no duplicate. These files are supposedly for w2k serv and adv serv)
## Maybe someone invents an easier way ##
13. Create a file called svcpack.inf in the i386 folder with the following contents:
SP2SRP1.EXE -Q -M -Z -N
Q314147.EXE -Q -M -Z -N
15. Yes, you guessed right, I have slipstreamed yet another patch to the package. The "Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run" update (donīt you just love Bill Gates)
16. Copy the file Q314147_W2K_SP3_X86_EN.exe to a temp directory.
17. Change the name to Q314147.EXE.
18. Copy the file to the svcpack folder.
19. Unpack Q314147.EXE in a temp folder.
20. Copy evntwin.exe and snmp.exe to the i386 folder and follow the procedure in 12.
21. Copy sp3.cat to the svcpack folder (yeah, you could have skipped 8).
22. Burn and install. Enjoy!
Whenever there is a new update follow the instructions 16-21 above. You donīt have to copy the files hotfix.exe, hotfix.inf, spmsg.dll or the symbols folder. Remember to update the svcpack.inf with the appropriate Q*.EXE. Remeber also that the svcpack folder should always contain the latest sp3.cat. Check the properties of the file and see which one has the latest modified date (the size also tells something).
This works for me. Let me know if you think there are any glitches.
I have tried to incorporate IE6, DirectX, WMPlayer (+patches and hotfixes for them) into a single package. But I cant get the hang of using Cmdlines.txt and [GuiRunOnce]. I asked Twinkie for some instructions in my mail but got none. I have followed all instructions in the multiOS thread and the OEM Usage and MS Extraīs pages at www.tech-hints.com but still need some more info about the details.
Posted 09 March 2002 - 09:28 AM
There is another new critical update posted yesterday that can be streamlined into the i386 the same way mentioned above, Q313829.exe.
Posted 20 March 2002 - 03:36 PM
But there is one "gotcha" to consider.
It seems like the hotfixe files are not truely "slipstreamed". To test this I installed a server with the CD as outlined above. I then removed IIS, rebooted, and re-added IIS, pointing it to the same CD I installed with, and then rebooted again. I then ran qfecheck and it mentioned that the hotfix needed reapplied, pointing to 4 specific files, which were the SP2 version (not the SRP1 version). It looks like the W2K setup routine is extracting these files from an older CAB file.
I'm not sure if there is any way around this. Any ideas? I will check also.
Posted 21 March 2002 - 09:25 AM
You propably could inject the corresponding srp1 files into the sp2 *.cab files: fp40ext.cab, ims.cab, ins.cab, wms4.cab and xmldso.cab. Do you know any software to do that. I remember that there was a "CAB File Wiever" from MS with some OS or a Support Tools Pack but donīr remember which.
Posted 22 March 2002 - 07:41 AM
I checked this using qfecheck -v
They seem to be part of the IMS.CAB file. However, they have different names in the cab file, they are preceded by smtp prefix (i.e. smtp_aqueue.dll).
It looks like when you reinstall certain components (like IIS), the setup program extracts these four files from the IMS.CAB. I don't think that there is a more current version of this CAB file in SRP1 or any other hotfixes. I will try to repackage the CAB file today and test.
(oh yes I did double check that the original source versions of these files were deleted from the i386 directory).
I also double checked that I had the latest SP3.cat file. I got ahold of a command line utility catver.exe which will tell you the exact build version of the catalog file. I can e-mail it to you if you're interested.
BTW - any luck on slipstreaming the IE security patch? I'm not having any luck (although I did get it to install using cmdlines.txt).
Thanks again for the help!
Posted 22 March 2002 - 07:47 AM
There seems to be a cab maker utility included as part of XP.
Microsoft ® Cabinet Maker - Version 5.1.2600.0
Copyright © Microsoft Corporation. All rights reserved..
MAKECAB [/V[n]] [/D var=value ...] [/L dir] source [destination]
MAKECAB [/V[n]] [/D var=value ...] /F directive_file [...]
source File to compress.
destination File name to give compressed file. If omitted, the
last character of the source file name is replaced
with an underscore (_) and used as the destination.
/F directives A file with MakeCAB directives (may be repeated).
/D var=value Defines variable with specified value.
/L dir Location to place destination (default is current directory).
/V[n] Verbosity level (1..3).
I think that the /F refers to a text file that lists the files to be included in the cab file.
Posted 22 March 2002 - 02:15 PM
I think you would get the same problem with the FrontPage extension files in fp40ext.cab.
Please do email me the catver.exe. Maybe it is more reliable than checking the sp3.cat files properties for version. You can however tell much from the size of the file. It is supposed to be incremental, newer ones including all information from the older ones.
The IE slipstreaming is a lot more trickier. I think you need to repackage the cab files inserting the new files. However I donīt think you need to worry about sliptreaming IE. It is unlikely that you would revert back to a previous version of IE. I use IEAK6 to make a package of the install. I include appupd.exe, euroconv.exe, mmssetup.exe and vbs56nen.exe into the package, installing after IE6, and q316059.exe installing after IE6 automatically restarts. When making the IEAK package totally hands-free you get all customizations + 5 other updates with one line in cmdlines.txt.
I also found an interesting little program within IEAK6 called iexpress.exe. With that program you can repackage for instance DX8.1, WMP7 + bonuspack + update into 4 separate selfextracting cab files. You can give the setup parameter "/install /silent" to DX8 and "/Q:A /R:N" to the 3 WMP *.exe files with iexpress.exe within the package. Using this metod you can save about 2/3 of the diskspace theese files normally occupy which gives you room for more apps on the CD.
This was the latest modification to the boot CD and it seems to work. I am installing (as we speak) the CD with VirtualPC booting from an iso file made with CDRWin and mounted with VirtualCDRom
Posted 22 March 2002 - 02:48 PM
BTW my Boot CD now contains every piece of update available through "Windows Update". Including the first window update installer program you get installed when first visiting the "Windows Update" site and the Critical Update Notification and Root Certificates Update. These were made with the WinINSTALL LE included on the w2k CD (updated version from Veritas homepage) into *.msi packages.
The same way I made packages for Acrobat Reader, Winzip, WinAce, WinRar, CDRWin, Winimage, Getright, Quicktime, Schockwave 8.5, the file viewers for word, excel and powerpoint and a few others so far.
Putting all these into the GuiRunOnce section gives you all the programs installed totally hands-free. Just the CD and floppy (with winnnt.sif) in the PC (bootorder CD -> Floppy -> HD), wait for the "press any key to boot from cd", check that the winnt.sif is read without errors and you can come back 45 minutes later with all updates, patches and programs already installed.
If you want to save additional space (65MB) you can delete the i386lang folder, if you donīt need arabic, chinese, korean etc.
Heureka! It actually works. Running "Windows Update" first time after installing and "No updates of this type are available at this time." under all sections.
Posted 25 April 2002 - 11:51 AM
I'd also recommend visiting the M$'s OEM site, they've got a few utilities and some extra documentation. I was able to lift a copy of the DirectX distributable, which can silently install DX from cmdlines.txt.
I also wanted to let you know that I was able to re-package the cab files using a utility called "cabarc" that comes with the IEAK. It's really ease to use:
cabarc.exe n cabname.cab *.*
-where "n" means create a new cab file.
I used WinRAR to extract the cabs (IMS.CAB, FP40EXT.CAB, and SP2.CAB) into their own folders. I then replaced the original files with new versions, and then used cabarc to repackage them. For the IMS.cab file, i had to add "smtp_" to some of the files.
Drop the new cabs into the i386 folder, burn, install, enjoy.
Now when i uninstall and reinstall IIS, hfnetchk shows that all the files are up to date.
Posted 25 April 2002 - 03:29 PM
About DX8. Donīt know if you mean the same file that is downloadable at
That file works fine in cmdlines.txt. Just extract the files and run the following from a batch file
dxsetup.exe /install /silent