From: John Cuccia 

So if an admin applies SP3 to an existing OS, he mus then apply the
security templates to return the system to a security state matching a
clean install?

Is security loosened to allow the service pack install?  If so, that
implies that an upgraded OS is less secure than a freshly installed one.


On Sun, 2 Feb 2003 19:53:41 -0800, "Rich"  wrote:

>   It does.  Upgrades however do not apply the same security as clean
installs.  They can't without the risk of breaking things.  The machine
admin can apply any of the security templates after the upgrade.
>
>Rich
>
>  "John Cuccia"  wrote in message
news:m3hr3vs1e8la92ddts19l6hohj4cpq2ifq{at}4ax.com...
>  On Sun, 2 Feb 2003 16:17:16 -0500, "Geo."
 wrote:
>
>  >"John Cuccia"  wrote in message
>  >news:0gkq3vsfh9f08potgmphlvjl9mqr7b6jj1{at}4ax.com...
>  >
>  >> You can copy the W2K CD  (the \I386 directory tree is all you need, I
>  >> believe) to a hard drive, apply SP3 to those installation files, and
>  >> burn that "slipstreamed" installation back to CD. 
Easy enough, for
>  >> SPs, after extracting the service pack run
>  >
>  >Nope, that doesn't work because SP3 also contains some changes to the
>  >security settings for registry keys and those won't get updated if you just
>  >copy the files over the install CD files.
>
>  So you are saying that if I "slipstream" an \i386 directory with the
>  SP3 install command that I posted, and then burn those files to CD,
>  and then use that CD to install W2K on a new machine, that the
>  registry security will be different than if I installed from the
>  original CD and then applied SP3?    Hope that makes sense .
>
>  Is so, sounds like a bug.  Microsoft's slipstream process should
>  update installation config files as well as other source files.

--- BBBS/NT v4.01 Flag-4