While you can incorporate SP1 into the Win2K CD image (following the steps outline on this here website), you might (or might not) be able to incorporate the 128-bit security patch in a similar fashion. The 128-bit encryption is activated through a single file, RSAENHS.DLL, located in the System32 directory.
I\'ve successfully used this in unattended installation images by placing the file in the $OEM$$$system32 folder on a server-side installation image, and the image installs w/encryption enabled. So there isn\'t any special registry stuff to tweak to activate it.
However, if you put it in the i386system32 folder in a CD image and reburn it, I don\'t know if the installation script will copy the file to the installation and thus enable it. It depends on whether it\'s using a predefined set of file or simply copying the contents of the CDs i386system32 folder.
Given that you can slipstream SP1, and that it surely has extra files that aren\'t part of the original RTM image, I would suspect offhand that it can indeed be done.
However, I\'ve not tested this by burning a CD and installing it - maybe I\'ll give it a go later today.
First one to do so successfully gets a lollipop in my book.
-Matt
