Let the OS find the correct drivers during the first boot. It is best to click cancel (probably several times) when it comes to installing the VIDEO drivers until you have installed all of the chipset drivers (AGP - Gart etc) that come with your motherboard. After the chipset drivers have been installed, reboot, then go ahead and install your video driver.

Do not forget to go into system properties and set the pagefile size to at least 1.5 times the amount of ram on the system and move the pagefile to your desired partition.

Daemon Tools will give you an error on the first boot, but it will correct itself on the next reboot.

Uninstall VMWare Tools from add / remove programs and stop the VMWare service after this system has been placed on a real computer with real hardware. You will receive a service startup failure notice each time you boot into windows if you do not remove VMWare tools.

Once all the correct motherboard and audio / video drivers have been installed, go into system properties and change the computer name to something unique and then reboot.

If you chose not to restore drive letter "F" (partition 4) from this image (or it wasn't even available), YET you DO have a drive letter "F" from a previous setup, there is a file called "Drive F - Temp Dirs for Progs.rar" located in "E:\_System_Utilities\_Incomming\_Desktop and Start Menu and Drive F Dirs" . Unrar (unzip) this file onto drive F. It will create a set of directories that many of the installed programs will use. It also has all the files indexed in a folder called F:\_Data\_Turbo Searcher . This allows for lightning fast searches using Turbo Searcher instead of the standard windows search tool. Make sure the directories "_Data", "_Downloads" and "_Media" are on the root of drive "F". Therefore you should have 3 directories on the root of drive F like this:

F:\_Data

F:\_Downloads

F:\_Media

If you previously chose to install / restore drive letter "F" (partition 4) from the image, then these directories will already be present. These directories are optional and will only cause minor path not found errors if they are not present. You will just have to go into the configuration of each program and tell it to use another directory of your choice if you don't want to use them.

WARNING !! - Read this ENTIRE paragraph before doing anything from it. Back up your system registry. Now give your system a new security ID (since it was cloned from an exisiting SID) by running the program "newsid" located in E:\_System_Utilities . If this program fails after it has started the registry WILL become corrupt. After the program starts, it reads every file on the computer and all entries in the registry. If the program cannot read a file for any reason it will exit and therefore corrupt your registry. Running the program a second time WILL NOT fix the registry. You must check your filesystem before running this program to look for any inaccessible files. This system has ALREADY been checked, however, if you have added any files they need to be checked. Use the programs located in D:\Documents and Settings\All Users\Start Menu\Programs\_System Utilities\_Access Verifiers or write a script or even copy directories section by section for a test. If a file has a dir / path / name that is greater than 254 characters this program will fail because windows cannot access that file. Back up your registry first before using this program. If you do not run newSID you will likely have software and network problems trying to run 2 different installs of this OS on the same network or machine.

*********** SECURITY *************

This OS has EXTENSIVE security capabilities built into it. However, to make it easy to use, not all security measures are enforced by default. In addition to any realtime scanning, McAfee Antivirus is set to scan at 4:00 am everyday and Norton Antivirus is set to scan at 6:00 am everyday. XXXXXXXX takes a system restore snapshot everyday at 4:00 pm.

The security has been implemented using a multi level layer of tools. This includes several antivirus programs, several anti-sypware programs, firewall protection, HOSTS file protection, routing table entries, showing of EXTRA hidden file extensions ABOVE what checking the "Show hidden file and folders" option allows, and realtime monitoring using CRC checksums on files and folders etc.

As part of it's "Normal" setting, Sygate Firewall is set to block almost all programs that do not require internet access as part of their everyday function. For programs that use internet access as part of their normal function (ex: internet explorer, XXXXX, download managers), over 50 advanced firewall rules have been created to only block homesite access for each respective program's homesite. Placing Sysgate Firewall in "Block All" mode will stop all network access. Turning the firewall off is just stupid. If you must disable the firewall for LAN testing or something, FIRST disable internet access for this computer (or all computers) at your ROUTER and then turn off the firewall here (place in "Allow All" mode). **** The firewall is currently set to "BLOCK ALL". You will not have any internet / network access until you right click the Sygate Firewall icon in the task tray and set it to "Normal". If you want full LAN access, it is also necessary to edit the already created advanced rule called "_ALLOW LAN ACCESS" with your local internal network IPs or IP range. It is currently disabled (unchecked) and has a sample IP range of 192.168.9.1-192.168.9.250 in place for you to type over. You should also give your computer a static ip address or let your router assign it one from a limited set (set to obtain an ip address automatically). A static ip of 192.168.9.50 is currently set.

In addition to the firewalls advanced rules, the HOSTS file has several thousand entries in it to block malware and adware sites. DNS client service has been DISABLED to avoid delays using a large HOSTS file. It can be enabled in windows services or by running the program Hostman and re-enabling it there (D:\Documents and Settings\All Users\Start Menu\Programs\_Internet Comm Network\Hostman v2.01). HOSTS file speed can also be increased by using the built in local only webserver in Hostman. This server will answer requests immediately with a dummy response and your webrowser will not delay loading the webpage. Some webpages may look distorted due to the fact that the advertisements on them were not loaded. The HOSTS file can be enabled and disabled, locked, updated and backed up among other things using the installed HOSTS file programs. If you ever want to start over you should ONLY USE the original modified HOSTS file located at D:\WINNT\system32\drivers\etc\_Original HOSTS File . You can then add to this HOSTS file or MERGE new HOSTS files you download into it. The current HOSTS file has been made READ ONLY so it cannot be changed at all. You must remove the read only attribute to manually edit the file or to let other programs edit the file. You can change the attribute manually in windows explorer or use one of the installed HOSTS file programs to do it. The easiest way to switch between the full size blocking HOSTS file and the original HOSTS file is to use the program called Hoster. It lets you swap between different version of the HOSTS file (use the replace option). This is safer than simply disabling the HOSTS file using one of these programs.

Hundreds of entries that block thousands of sites have also been added to Internet Explorer's restricted sites list. In addition, there is a program you can run called Gralic Wrap that blocks known fradulent websites that impersonate real websites such as paypal.com . Gralic Wrap should be running before you make any purchases on the internet or respond to a website you received in an email. There is also a batch file that runs during Windows startup which adds additional ips to block in the routing table. Information on these batch files are located in E:\_Internet_and_Network_and_Comm\Routing Table Batch Files .

High risk system files have been backed up / copied along with CRC information on each file to E:\_Security\_High Risk Files Backup with CRC info . These files are at higher risk for being modified by a virus or altered by spyware. It is a good idea to compare the CRC information of these files with the current files running on your system if you suspect a problem. Updating windows may cause the files to change legitamately.

There are programs installed to monitor directory and file changes. These program can be started from D:\Documents and Settings\All Users\Start Menu\Programs\_Security\_Integrity Checkers .

MonDIR is set up to monitor every 2 minutes for changes when its running. It is NOT set to startup by default.

GFI LANguard System runs as a service and is set up to run a custom scan every 12 hours, a default scan every 4 hours and another custom scan every 1 hour. All scans are CRC checksums. The 4 hour default scan checks around 3,000 files plus many directories. The 12 hour scan checks a few hundred risky program files. The 1 hour custom scan checks around 100 files plus many directories. The following extension were added to the default list. (.dll, .ini, .ocx, .nt, .tsk)

File checker runs as a service and scans around 45 files for stat changes every 60 seconds. It also does CRC checksums on about 25 files every 4 minutes.

Summary of file / directory integrity info:

45 files quick scanned every 60 seconds. (Very High Risk files)

25 files scanned with CRC every 4 minutes. (Very High Risk files)

100 files plus many directories scanned with CRC every hour. (High Risk files)

3,000 files plus a few directories scanned with CRC every 4 hours. (Default System files)

<300 files plus many directories scanned with CRC every 12 hours. (Selected Installed Software files)

The following list is just a sample of the directories that are monitored for changes.

C:\

D:\

D:\Program Files

D:\Program Files\Common Files\Microsoft Shared

D:\Program Files\Internet Explorer

D:\Program Files\Windows Media Player

D:\WINNT

D:\WINNT\Downloaded Installations

D:\WINNT\Downloaded Program Files

D:\WINNT\Installer

D:\WINNT\system

D:\WINNT\system32

D:\Documents and Settings\

D:\Documents and Settings\Administrator

D:\Documents and Settings\Administrator\Start Menu\Programs\Startup

D:\Documents and Settings\Administrator\Application Data

D:\Documents and Settings\Administrator\Local Settings

D:\Documents and Settings\Administrator\Local Settings\Application Data

D:\Documents and Settings\Administrator\Local Settings\Temp

D:\Documents and Settings\Default User\Application Data

D:\Documents and Settings\Default User\Local Settings

D:\Documents and Settings\Default User\Start Menu\Programs\Startup

D:\Documents and Settings\All Users

D:\Documents and Settings\All Users\Application Data

D:\Documents and Settings\All Users\Start Menu\Programs\Startup

E:\

F:\


********** TEMP and User Directories ******************

The Windows default Temp / Tmp paths have been set to E:\_User Data Temp\System\temp .

The Administrator default Temp / Tmp paths have been set to E:\_User Data Temp\Administrator\temp .

The Administrator Temporary Internet Files folder has been moved to

E:\_User Data Temp\Administrator\Temporary Internet Files .

The Administrator My Documents folder has been moved to E:\_User Data\Administrator\My Documents .

The Administrator Outlook Express email folder has been moved to E:\_User Data\Administrator\Email\Outlook Express .

When setting up other users it will be good idea to also change their My Documents, temp and email folders etc. If you create a user named jsmith, move his/her My Documents folder to E:\_User Data\jsmith and set their temp path to E:\_User Data Temp\jsmith . However, after you have found out your drive partitions and letters, the best thing to do is place these folders / dirs on a seperate partition that is NOT the boot drive, OS drive, or programs drive (like it is right now). It would be ideal to modify the default user profile with these settings so each new user would automatically inherit them. All these changes can be made in the registry.



********** Right Click Shell Extensions ******************

Some right click context menu shell extensions had to be disabled to allow the standard "open", "install", "print" and "unlocker" etc options to display properly. Pentaview right click extensions were disabled using ShellExView v1.1 and "rjh extensions" were uninstalled using add/remove. If you install any programs that add right click extensions, make sure to right click on a .inf file to verify that the options (open, unlocker, install, print) are still present. If they are not, you will need to run ShellExView or a similar program to troubleshoot the extensions. Poorly coded extension add ons can cause these problems. The standard Windows "Open With" menu item has been disabled / hidden by an advanced specialized version of "Open With" using a program called Configuration Expert. This new "Open With" menu has been customized to offer several different programs to choose from based on each specific file type. AZR Context Menu shell extension was disabled. Power archive and Power Desk menus were disabled. There is a set of screen captures showing the available current right click options for several different file types, folders and drives. They are located in E:\_System_Utilities\__Incomming\_Right Click Screen Captures . To see if you have installed a program that has corrupted the right click menu, simply open up one of the screen captures and one instance of windows explorer. All you need to do is right click on the taskbar and choose "Tile Windows Vertically" to show the windows side by side. Then, just right click the desired file in the windows explorer window to compare both the right click menus side by side.


**************** Misc ********************************

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Although the installed programs are very comprehensive, this OS has been designed as a minimum baseline OS install. High end enterprise class and major suite software has been left out due to the possibility of major OS impact or restrictions. This software will be installed at a later date when the OS is designated with a specific purpose such as "Digital Video Workstation", "Developer Workstation, or "E-Commerce Server" etc. This is refering to programs like ... Microsoft Visual Studio, Eclipse, Netbeans, Oracle Developer, XXXXXXXXXXXXXXX, XXXXXXXXXXXX, XXXXXXXXXXX, XXXXXX, XXXXXX and even major e-business software like XXXXXXXXXXXXX etc.

Over 30 registry modifications were made manually in addition to the registry modifications made by system utilities programs. Some registry modifications to make a note of are the changes made to how long negative DNS entries are left in the cache. Here is some brief information on these changes.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

NegativeCacheTime=0 (DWORD default=300 seconds) Determines how long an entry recording a negative answer to a query remains in the DNS cache. When the time specified in the value of this entry expires, the DNS client deletes the answer record from cache. Value was set to 10.

NetFailureCacheTime=0 (DWORD default=30 seconds) Determines for how long the DNS client stops sending queries when it suspects that the network is down. When the DNS client does not receive responses to repeated queries sent to any network adapter, the DNS client stops sending queries for the time specified in the value of this entry. During that time, the DNS client returns a time-out response to all queries. If the value of this entry is 0x0, this optimizing feature is disabled. DNS continues to send queries to an unresponsive network. Value was set to 5.

NegativeSOACacheTime=0 (DWORD default=120 seconds) Determines how long an entry recording

a negative answer to a query for an SOA (Start of Authority) record remains in the Domain Name System (DNS) cache. When the time specified in the value expires, the DNS client deletes the answer record from the cache. Value was set to 10.


******* Backup and Restore **********

Use the backup / restore programs located here:

D:\Documents and Settings\All Users\Start Menu\Programs\_System Utilities\_Registry Utilities

D:\Documents and Settings\All Users\Start Menu\Programs\_System Utilities\_Backup - File Sync - Archive

D:\Documents and Settings\All Users\Start Menu\Programs\_System Utilities\_Utility Suites


XXXXXXXX takes a system restore snapshot everyday at 4:00 pm.

XXXXXXXX takes a disk snapshot everyday at 9:45 am.

Grows huge in size

D:\Documents and Settings\Administrator\Application Data\XXXXX-XXXX\XXXXXXX\Jobs\

F:\_Data\_XXXXX XXXXXX Manager Pro\Temp

This dir is delete every 12 hours starting at 11:14am.

Recovery Commander Files

D:\Program Files\VCOM\Recovery Commander\DATA

Recovery Commander does a weekly checkpoint on wednesdays.

Use XXXXX to backup email, favorites, my docs and msn.


System State 1 - 9:21am and every 3 hours after that for 12 hours and 1 min. (Total of 4 times)

System State 2 - 9:26pm and every 5 hours after that for 11 hours and 52 min. (Total of 2 times)

Summary: System State and uncompressed registry will be saved 6 times a day.

Registry - WinNT\Repair\Regback - 4:01am and checks this directory every 2 hours for changes. It will change 6 times a day. There will be the last 12 copies (2 days worth).

Registry Backup Default - Daily at 3:38pm.

Registry - All Keys - 1:32pm and every 6 hours after that for 24 hours. (Total 4 times a day)

WinNT - Program Files - Docs and Settings - Misc - 10:03am and every 15 minutes after that for 23 hours and 59 min.

Installed Software on Drive E - 5:06am and every 15 minutes after that for 24 hours.

Long Term - 2 times daily for 90 days. Starts at 5:04pm.
 


Task Scheduler Info:

A job occurs during the following minutes of each hour.

03, 05, 06, 07, 18, 20, 21, 22, 33, 35, 36, 37, 48, 50, 51, 52

An hourly (though not every hour) job occurs during the following minutes of each hour.

00, 01, 04, 14, 21, 26, 29, 30, 32, 34, 42

A daily job occurs at each of the following times.

5:57am, 6:00am, 3:41pm, 9:45pm (00,57,41,45)

A weekly job occurs at each of the following time.

Wed 11:47pm, Sat 9:46pm


******** Startup **********

About 5 programs have a delayed startup (using XXXXXXX XXXXXXXXX) with 3 seconds between each of them.

Here is a list of some of the files / programs that were removed or stopped from automatically starting up when windows boots. You can read about each of these programs and determine if you would like to restore them to startup status.

"E:\_System_Utilities\XXXXXXXXXXXXXXXXXXXXXXXXXXXXX Pro v1.0\XXXXXX.exe"

E:\_Internet_and_Network_and_Comm\Common\Bin\XXXXXXXXXMgr.exe

"D:\Program Files\Common Files\XXXXXXXXXX\XXXXXr\XXXXX.exe"

"E:\_SYSTE~1\ROSXXXXXX\XXXX.exe" -autorun

"E:\_System_Utilities\XXXXXXXXX vX.X.17.XXX4\XXXXXXXXXX.exe" /start

"E:\_System_Utilities\_Media_Players\XXXXXXXXXXXXXXXXXXXXXXXxXXXXXX\XXXXXXXXX.exe"

"E:\_SYSTEM_UTILITIES\_MEDIA_PLAYERS\QUICKTIME PRO V6.5.2\qttask.exe" -atboottime

E:\_Security\1st Evidence Remover v2.0\eraser.exe

"E:\_Entertainment\_Home Related\_Clocks Timers Calanders and PIMs\Mini Minder v6.51\MiniMind.exe"

"E:\_Entertainment\_Home Related\_Clocks Timers Calanders and PIMs\Qlock 1.45\qlock.exe"

"E:\_Entertainment\_Home Related\_Clocks Timers Calanders and PIMs\TimeLeft v3.04\TimeLeft.exe"

"D:\Program Files\XXXXXXXXXXXXXXXXXXXXXXXXXXX\XXXXXXXXXXXXXXX\XXXXXXXXXXXXXXX.exe"

"E:\_System_Utilities\XXXXXXXXXXXXXXX\XXXXXXXXXXXXXX.exe" /s

E:\_SYSTE~1\KLEPTO~1.3\k-mania.exe

E:\_System_Utilities\XXXXXXXXXXXXXXX Pro vX.89\XXXXXXXX.exe /min


Here are some of the OS product IDs (NOT KEYS) before the image was created. These may change.

IE id - XXXXXXXXXXXXXXXXXXXXXXXX

Win Prod Id - XXXXXXXXXXXXXXXXXx

NT Specific Id - XXXXXXXXXXXXXXXXXXXXXXXx

WMP 7/8 id - {XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX}


Summary of this info --

1. Install chipset drivers (cancel video driver install) and reboot.

2. Install video drivers.

3. Set correct page file size and location.

4. Uninstall VMWare Tools.

5. Change the computer name and reboot.

6. Check file system for extra long file names and fix them.

7. Run newsid to change the security id.

8. Extract data directories from rar file to F: drive if they are not there.

9. Modify the default user profile with custom settings for new users.

10. Re-register a few programs that recognized the hardware change and deactivated.

11. Backup the entire C,D,E,F partitions to a drive image for an emergency.

11. Install the included extra spyware and security software.

12. Install the rest of the included software in various categories if desired. For example, Vmware workstation was not installed because it will not install inside of another vmware OS. Consider installing Vmware Workstation and XXXXXX .

Steps for network / internet access --

1. Set your tcp/ip properties to automatically obtain an ip address. OR

Manually enter your new IP and the gateway to match your network.

2. Right click the Sygate Firewall icon in the task tray and set it to "Normal".

3. Edit the already created advanced rule called "_ALLOW LAN ACCESS" with your local internal network IPs or IP range.

4. Temporarily ENABLE the DNS client service using windows services or Hostman.

Additional Steps --

1. Update the definition files for all antivirus software.

2. Update the definition files for all anti-spyware and anti-adware software.

3. Update the HOSTS file using auto update feature in some of the installed HOSTS file software.

Preferred method is to download the newest HOSTS file and MERGE it with the original.

4. Update the RESTRICTED sites list in Internet Explorer.

5. Update Windows using the windows update site.

6. Save your system settings / registry / and files by using the programs located in these places:

D:\Documents and Settings\All Users\Start Menu\Programs\_System Utilities\_Registry Utilities

D:\Documents and Settings\All Users\Start Menu\Programs\_System Utilities\_Backup - File Sync - Archive

D:\Documents and Settings\All Users\Start Menu\Programs\_System Utilities\_Utility Suites

*********** Misc Info *************

Macromedia Flash Player kept asking to be installed over and over after clearing the internet cache. The problem was determined to be a registry tweak that keeps windows from updating the "last accessed" stamp on files and folders. This tweak was DISABLED to correct the problem. A few .inf files located in D:\WINNT\Downloaded Program Files were made read only to make sure there even less of a chance for this to happen again.

Opening Add/Remove programs, and also Opening the "add new task" wizard will take a long time due to the amount of programs installed. This is normal. The programs are not locked up.

------------------------------------------------------------------------------------------
 


The following info details the "Open With" file association matrix that was set up. Do not confuse this with regular double click file associations.

Video file extensions --

(.avi,.mpg,.mpeg,.m2p,.m2v,.m1v,.mp4,.mpe,.asf,.asx,.wmf,.wm,.wmv,.vfw,.div,.divx,.dv,.vob,.dvr-ms,.qt,.rm,.rmvb,.mov)

When you right click on one of the above video file extensions, you will have the option to open certain programs using the "Open With" menu. Players are listed first, then info gatherers, then converters, then splitters, then repairers, and finally editors. This list is NOT fully comprehensive. It only shows inidividually selected programs for specific file extensions. For example, there are many more video programs installed than the ones in the list below. Also, each extension may have several more programs listed it its "Open With" menu. An example is the .avi extension which has all the programs listed below plus a few more.

Windows Media Player Classic

Windows Media Player

WinAmp

XXXXXXXXXXXXXX

XXXXXXXX

GSpot Video Info v2.52 beta

XXXXXXXXXXXXXXXXXXXXXXXXXXXXX v1.X.0.76

Power XXXXXXXXXX v1.X.1.2

Super XXXXXXXXXXXXX vx.3.650

XXXXXXXXXXXXX Converter vx.0.7

Super XXXXXXXXXXXXX v1.3

XXXXXXXXXXXXX Pro v3.9

DivFix v1.10

XXXX XXXXX v6.0


Audio file extensions --

(.wav,.wma,.ac3,.mp2,.mp3,.ogg,.xac,.aif,.aiff,.au,.voc,.snd,.xac,.sds,.smp,.vox,.flac,.mod,.mu3,.m3u,.pcm,.aac,.m4a,.mpa,.ac3,.lqt,.la1,.mid,.midi)

When you right click on one of the above audio file extensions, you will have the option to open certain programs using the "Open With" menu. Players are listed first followed by editors. As mentioned above, this list is NOT fully comprehensive.

WinAmp

Windows Media Player

XXXXwave

(.ra,.ram - open with real player)

Image file extensions --

(.bmp,.gif,.png,.jpg,.jpeg,.tiff,.tif,.dng,.pcx,.ico,.raw)

When you right click on one of the above image file extensions, you will have the option to open certain programs using the "Open With" menu. Viewers are listed first, then editors, then resizers and splitters. As mentioned above, this list is NOT fully comprehensive.

XXXXXXee

XXXXXXX Photo Editor

Image Scaler

XXXXX XXXXXX Resizer

Splitz!


Text file extensions --

(.inf,.ini,.reg,.key,.log,.lst,.cpp,.c,.java,.txt,.config,.nfo,.diz,.readme,.info,.bat)

When you right click on one of the above text file extensions, you will have the option to open certain programs using the "Open With" menu. As mentioned above, this list is NOT fully comprehensive.

Notepad

Wordpad

TextPad

Executable file extensions --

(.exe,.dll,.ocx,.scr)

When you right click on one of the above executable file extensions, you will have the option to open certain programs using the "Open With" menu. Hex editors are listed first, then resource editors, then debuggers, then inspectors, and finally dependency viewers. This list is NOT fully comprehensive. It only shows inidividually selected program for specific file extensions.

WinXXXXX

XXXXXXX Hex Editor

EXE Scope

Resource Hacker

PE Explorer

Hiew32

Olly Debugger

NumXXXX XXXX XXXXk

Soft Snoop

File Inspector XL

TriDnet File Identifier

PE Identifier

Language 2000

Dependency Walker


ISO image file extensions --

(.bin,.cue,.iso,.img,.nrg,.bwi)

When you right click on one of the above ISO image file extensions, you will have the option to open certain programs using the "Open With" menu. Mounters are listed first, then image editors, and finally image burners. This list is NOT fully comprehensive. It only shows inidividually selected program for specific file extensions.