+ Post New Thread
Results 1 to 12 of 12
Network and Classroom Management Thread, slipstreaming xp sp3 in to wim image for cc4 in Technical; I have just moved jobs to a new school and they have bought cc4 and had RM install it on ...
  1. #1

    Join Date
    Oct 2007
    Posts
    131
    Thank Post
    16
    Thanked 14 Times in 14 Posts
    Rep Power
    17

    slipstreaming xp sp3 in to wim image for cc4

    I have just moved jobs to a new school and they have bought cc4 and had RM install it on the servers for them but we have been installing the work stations. This week we have had a problem with a virus infecting the computers before they have a chance to install the antivirus package and get windows updates we are cleaning every computer and server disconnected from the net work and we think we have got rid of the virus but I want to slipstream sp3 in to the wim file on the server as it should help remove the vulnerability of the PC while installing has any one done this. I can find loads of info on making ISO with slipstreamed sp3 but nothing on wim files sorry for the lack of specific info as this has to be a quick post as I have more machines to scan and rebuild!!!

  2. #2

    Join Date
    Jul 2009
    Posts
    589
    Thank Post
    51
    Thanked 110 Times in 95 Posts
    Rep Power
    68
    what i'd do is get a 'reference' PC to install XP/win updates/SP3/antivirus/firewall/other programs on, sysprep the machine, then capture the machine's image to the server and deploy that out to other stations.

    as far as i know, its only vista (& higher OS) images that can have updates applied directly to the WIM image.

    also, if you can, contact one of the mods to get the post moved to here (where you may get better answers) : http://www.edugeek.net/forums/o-s-deployment/

    hope this helps
    Last edited by computer_expert; 29th August 2009 at 07:26 PM.

  3. #3

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Will SP3 be enough e.g. stopping Conficker needs a post-SP3 KB.

    There's no quick/easy answer to this... RM really need to sort out a fresher CC4 XP WIM image.

    EDIT: Conficker turned out to be a bad example because the XP image in CC4 SR1 was created towards the end of Nov 2008 and *does* have KB959644 installed.
    Last edited by PiqueABoo; 29th August 2009 at 10:48 PM.

  4. #4

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,250
    Thank Post
    404
    Thanked 630 Times in 575 Posts
    Rep Power
    185
    How did they manage to get the virus if it's a new install?

    Am I right in thinking that SP3 doesn't contain anything new, other than all the Windows updates which have been delivered since SP2?
    Last edited by Edu-IT; 29th August 2009 at 10:22 PM.

  5. #5

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    How did they manage to get the virus if it's a new install?
    Good question. I've updated my above response re. SR1 XPs so that's one obvious scenario out of the way.

  6. #6
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,484
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Quote Originally Posted by Edu-IT View Post
    How did they manage to get the virus if it's a new install?

    Am I right in thinking that SP3 doesn't contain anything new, other than all the Windows updates which have been delivered since SP2?
    It has a lot of changes, including completely different Wireless and Wired authentication services along with a NAP client.

  7. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    This week we have had a problem with a virus infecting the computers before they have a chance to install the antivirus package and get windows updates
    Are you sure the virus isn't on the image itself? Microsoft released their patch towards the end of October 2008. There are also variants of the virus as described here. There's a patch available for XP SP2 and XP SP3.

    As a precautionary measure I would disconnect the internet at router level so your machines can be imaged and patched safely. If you still have problems then there could well be a problem with your image.

  8. #8

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    The OP didn't say which virus it was (I mentioned Conficker as an example only).

    CC4: The XP image is a standard one created/shipped with the system by RM or updated via SRs, not created locally. We'd have certainly heard some noise by now if any of them contained a known virus.

  9. #9

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,265
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    Thanks for clarifying this. It would be interesting to see what virus(es) are infecting the machines. I still think there's a possibility the image could contain the virus.

  10. #10

    Join Date
    Oct 2007
    Posts
    131
    Thank Post
    16
    Thanked 14 Times in 14 Posts
    Rep Power
    17
    yes it is conficker we are have disconnected internet unpluged all work stations patched and scanned servers and work stations disconnected form network. I'm going to reconnect every thing on tuesday is there any thing I have might need to do in addition to this I have tried a few machines and they have stayed virus free over night so its looking good as for how the virus got there I have no idea as it arrived before I did thanks for the info

  11. #11


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,697
    Thank Post
    352
    Thanked 803 Times in 718 Posts
    Rep Power
    348
    It depends which few you've attached to the network, if the infection is only in a certain area which is still isolated you won't know until you reconnect them.

    My personal advice would be to just flatten the lot of them with a reinstall after you're absolutely certain the servers are patched up and clean.

    I can dig you out a script you can run if you reconnect everything and the infection continues; it will check an ip range and report back any potentially infected machines.

  12. #12

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Umm.. for this IIRC you should make sure:

    0) Scanners e.g. McAfees say all machines active on the network are clear.

    1) None of your admin passwords are in the Conficker list.

    2) Machines you are about to connect to the network have:
    a) KB958644 installed
    b) Working up-to-date AV

    3) Don't log on to an infected machine as Admin when it's connected to the network. (Points 1 & 2 should stop any other machine being "got" but it's prudent).

    Also obtain and get CC4 SR1 installed so you have an XM WIM build image with KB958644 integrated into it.

SHARE:
+ Post New Thread

Similar Threads

  1. RM CC3 or CC4
    By adeasha in forum Network and Classroom Management
    Replies: 18
    Last Post: 10th September 2009, 05:18 PM
  2. WDS Legacy (RIS) and XP SP3 Flat image
    By markwilliamson2001 in forum Windows
    Replies: 2
    Last Post: 18th August 2008, 08:06 PM
  3. Replies: 5
    Last Post: 13th January 2008, 11:39 PM
  4. Replies: 10
    Last Post: 30th August 2007, 10:52 AM
  5. WDS and .WIM files.
    By starscream in forum Wireless Networks
    Replies: 1
    Last Post: 4th July 2007, 02:37 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •