Incorporate preferences into your standard unattended installation

In last month's Inside Out, I started digging into the details of unattended Windows NT installations. I looked beyond basic scripts to figure out how to perform unattended installs on machines that have new or unusual hardware. This month, I'll show you how to save yourself a few steps on NT installations.

I prefer to do all my browsing in one window rather than let My Computer open numerous windows. I don't want the Recycle Bin to prompt me every time I recycle a file. I like to see hidden files and file extensions. I want to turn off Autorun for CD-ROMs, get rid of the Welcome Screen tips, and make sure files' entire paths appear in the title bar. I want to load Service Pack 3 (SP3) on all my machines. Having to specify these preferences in every new NT installation irritates me. But, setting these preferences doesn't need to be a lot of work.

Cmdlines.txt
You can use cmdlines.txt, one of the less-documented features of NT Setup, to incorporate NT commands into an unattended installation. Cmdlines.txt is a special type of batch file; it is an ASCII file with the syntax

\[Commands\]
"<first command>"
"<second command>"

The first line must be \[Commands\]. Each of the file's following lines contains a command you want NT Setup to execute. Double quotes must surround each command.

To tell NT Setup to look for cmdlines.txt, you must use an installation script with the OemPreinstall option enabled. (For information about writing unattended setup scripts, see Christa Anderson, "Designing Unattended NT Installations," March 1997.) The shortest possible installation script you can build to use cmdlines.txt is

\[Unattended\]
OemPreinstall = yes
Save these two lines as an ASCII file named simple.inf.

Because you enable OemPreinstall, your \i386 directory must contain an $OEM$ directory. NT Setup looks for the directory when it performs OEM preinstalls. Place cmdlines.txt in the \i386\$OEM$ directory.

To quickly zap NT onto new machines, I keep \i386 on a share called \\sharemach\i386. This practice lets me boot DOS and the MS-DOS Network Client on a new machine, attach to \\sharemach\i386, and install NT from across the network. I don't even need to map to \\sharemach\i386 to install NT on a new system; I type

winnt /s:\\sharemach\i386 /u:simple.inf

at a command prompt to start an NT installation.

Registry Fixes
To add Registry changes to your unattended installation, you need a command-line tool that can modify the Registry. Many systems administrators like regini (which comes in Microsoft Windows NT Server 4.0 Resource Kit), but regedit's command-line options are plenty powerful for the setup I'm describing.

To disable Autorun on my CD-ROM drive, I must modify the Autorun value entry in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom Registry key. Autorun is a REG_DWORD entry. If you set it to 0, CD-ROMs won't run automatically when you insert them. I create a four-line ASCII file, cdfix.reg, that looks like

REGEDIT4

\[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\]
"Autorun"=dword:00000000

Notice how the regedit syntax works: The first line is REGEDIT4. Next, you need a blank line. Then, you specify which key you want to work with, in brackets. Finally, you include the value entry. You can make a bunch of Registry changes with one regedit file. For example, Listing 1, page 58, contains Registry changes for all the preferences I mentioned previously.

To tell regedit to apply cdfix.reg's Registry change, I open a command line and type

regedit /s cdfix.reg

The /s tells regedit not to prompt me when it makes the change. When I reboot my machine, Autorun will be off.

A Dynamic Duo
Now, you're ready to use regedit files and cmdlines.txt together. Collect all your regedit Registry changes in an ASCII file (let's call it fixnt.reg). Copy fixnt.reg and regedit.exe to your $OEM$ directory. Create a cmdlines.txt file with the following contents

\[Commands\]
".\regedit /s .\fixnt.reg"

Note the .\ characters; I've included them to be certain that NT Setup can find both regedit and fixnt.reg. The .\ characters point to the current directory. By default, NT Setup copies all the files in $OEM$ on the distribution share point to the C:\$WIN_NT$.~LS\$OEM$ directory on the target PC's hard disk, but hardwiring the directory name into cmdlines.txt causes a problem if you ever need to tell NT Setup to place temporary files in a directory other than C:\. The .\ reference works better because it's relative. Place cmdlines.txt in your $OEM$ directory.

You can also use cmdlines.txt to automatically install SP3 during NT installations. To include SP3 in unattended installations, I keep SP3 on the share \\sharmach\sp3. According to Microsoft's Knowledge Base article Q168814, "Installing WinNT 4.0 Service Packs During Unattended Install" http://support.microsoft.com/support/kb/articles/q168/8/14.asp), you can use the command update -u -z to run an unattended installation of SP3. I write the following batch file, which I call spinst.cmd:

net use y: \\sharmach\sp3 /persistent:no /user:mydomain\instguy swordfish
ren %systemroot%\system32\schannel.dll sc1.dll
y:
update -u -z
del %systemroot%\system32\schannel.dll
ren %systemroot\system32\sc1.dll schannel.dll
net use y: /delete

The first line of the batch file attaches to the network share that contains the SP3 files. The /user: parameter obtains authorization to access the share. Instguy is the username for a user in the mydomain domain. Instguy's password is swordfish. I hate to include a password in a batch file, but I can't figure out how to install SP3 without a password. For security reasons, I give instguy no permissions except read access to the SP3 share.

The second line of the batch file renames schannel.dll. Without this line, the SP3 installation won't continue until I confirm that I don't want it to overwrite my 128-bit security with SP3's 40-bit security. Although the -u parameter specifies that I want to use the unattended option, I haven't found a way to tell NT Setup, "When I say unattended, I mean unattended!" By renaming the 128-bit schannel.dll, I let the batch file install SP3's schannel.dll without any prompts because the .dll doesn't overwrite the 128-bit .dll. The batch file's fifth and sixth lines delete the 40-bit schannel.dll and restore the original file.

To incorporate the SP3 installation into my unattended NT installs, I add spinst.cmd to cmdlines.txt. My final cmdlines.txt file looks like

\[Commands\]
".\regedit /s .\fixnt.reg"
".\spinst.cmd"

All my NT installations will now make the Registry changes I specify in fixnt.reg and install SP3 automatically.

To tell NT Setup to add your preferences to every new NT installation, you need to complete these steps: Create an \i386 share (or local directory) with an $OEM$ directory in it. Create an unattended installation script that contains the OemPreinstall = yes command. Place your favorite Registry fixes in an ASCII file and move the ASCII file and regedit.exe into the $OEM$ directory. Install an easily accessible copy of SP3. Create a short batch file to kick off SP3 installation in unattended mode. Create a cmdlines.txt file and save it in $OEM$. Then, use winnt or winnt32 to start the installation. You'll love the results!