First, some XP reg tweaks I like to use...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSimpleStartMenu"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"CascadeControlPanel"="YES"
"StartMenuAdminTools"=dword:00000001
Now how to silent install MSDE 2000... drop a setup.ini with the following entries into the same directory as setup.exe:
[Options]
SAPWD="AStrongPassword"
DATADIR="D:\MSDE\Data\"
TARGETDIR="D:\MSDE\Bin\"
;INSTANCENAME=AnInstanceName
;SECURITYMODE=SQL
;DISABLENETWORKPROTOCOLS=0
Run setup and reboot when it's finished.
And if you wanted to setup SQL 2000 server unattended style, you would first create the sqlsetup.iss using the SQL Server setup program (Advanced install option - it drops the resulting file into %windir%) and then fire off a:
start /wait setupsql.exe -s -f1 %windir%\sqlsetup.iss -sms
Installing anything is always best done via script, like IIS. First create a file with the following contents:
[Components]
iis_common=On
iis_inetmgr=On
iis_www=On
iis_ftp=Off
iis_htmla=Off
iis_doc=Off
iis_pwmgr=Off
iis_smtp=Off
iis_smtp_docs=Off
iis_nntp=Off
iis_nntp_docs=Off
iisdbg=Off
;For IIS 5 Frontpage Extensions, uncomment below
;Fp=Off
;For IIS 6 Frontpage Extensions, uncomment below
;fp_extensions=Off
[InternetServer]
PathWWWRoot=D:\Inetpub\wwwroot
;PathFTPRoot=D:\Inetpub\ftproot
Save it to, say, the root of C, and if it was named iisunattend.txt, shell out and run:
sysocmgr /i:%windir%\inf\sysoc.inf /u:c:\iisunattend.txt
Renaming the 'My Computer' and 'My Network Places' to something more meaningful is always useful. In a shell script,
:: Set 'My Computer' to be %username% on %computername%
echo.
echo Modifying My Computer name...
reg.exe ADD HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D} /v LocalizedString /t REG_EXPAND_SZ /d "%%UserName%% on %%ComputerName%%" /F
:: Set 'My Network Places' to be %userdomain%
echo.
echo Modifying My Network Places name...
reg.exe ADD HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D} /v LocalizedString /t REG_EXPAND_SZ /d "%%UserDomain%%" /F
Also useful is setting files without an extension to open with Notepad. In a shell script:
:: Set files with no extensions to open with Notepad
echo.
echo Setting file association for files with no extension...
REG ADD HKCR\.\shell\open\command\ /ve /t REG_SZ /d "notepad.exe %%1" /F
ANd to illustrate why shell scripting in Windows 2000/XP/2003 bites the fat one, here is what you would have to do if you wanted to execute something and then parse the single line of returned output:
for /f "usebackq tokens=*" %%i in (`plink -ssh -l
Glad I can use VBScript for anything more complicated than a for statement.
Finally, here's an example of how you can use subinacl to grant the local Users group the necessary registry and service permissions to run perfmon remotely:
echo Granting Users Read access to Perlib registry key...
echo.
subinacl /subkeyreg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Perflib" /grant=Users=R
subinacl /subkeyreg "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg" /grant=Users=R
echo Granting Users Full Control of sysmonlog service...
echo.
subinacl /service sysmonlog /grant=Users=F
echo All operations completed!
echo.
That's about it for now... I'll no doubt make more of these kinds of posts so I can easily access them if necessary.
No comments:
Post a Comment