From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_013C_01C2CB91.55690E80
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   This has nothing to do with SPs.  An upgrade does not change security =
on existing locations for compatibility.  There may be exceptions.  If =
you want the behavior of a clean install or you want one of the optional =
security templates, of which there are several, you can apply them at = any
time.

Rich

  "John Cuccia"  wrote in message =
news:cqit3v46jmhh3q15tf7o59fvl10i7vf6l4{at}4ax.com...
  So if an admin applies SP3 to an existing OS, he mus then apply the
  security templates to return the system to a security state matching a
  clean install? =20

  Is security loosened to allow the service pack install?  If so, that
  implies that an upgraded OS is less secure than a freshly installed
  one.


  On Sun, 2 Feb 2003 19:53:41 -0800, "Rich"  wrote:

  >   It does.  Upgrades however do not apply the same security as clean =
installs.  They can't without the risk of breaking things.  The machine =
admin can apply any of the security templates after the upgrade.
  >
  >Rich
  >
  >  "John Cuccia"  wrote in message =
news:m3hr3vs1e8la92ddts19l6hohj4cpq2ifq{at}4ax.com...
  >  On Sun, 2 Feb 2003 16:17:16 -0500, "Geo."
 wrote:
  >
  >  >"John Cuccia"  wrote in message
  >  >news:0gkq3vsfh9f08potgmphlvjl9mqr7b6jj1{at}4ax.com...
  >  >
  >  >> You can copy the W2K CD  (the \I386 directory tree is all you =
need, I
  >  >> believe) to a hard drive, apply SP3 to those installation files, =
and
  >  >> burn that "slipstreamed" installation back to
CD.  Easy enough, =
for
  >  >> SPs, after extracting the service pack run
  >  >
  >  >Nope, that doesn't work because SP3 also contains some changes to =
the
  >  >security settings for registry keys and those won't get updated if =
you just
  >  >copy the files over the install CD files.
  >
  >  So you are saying that if I "slipstream" an \i386 directory with =
the
  >  SP3 install command that I posted, and then burn those files to CD,
  >  and then use that CD to install W2K on a new machine, that the
  >  registry security will be different than if I installed from the
  >  original CD and then applied SP3?    Hope that makes sense .
  >
  >  Is so, sounds like a bug.  Microsoft's slipstream process should
  >  update installation config files as well as other source files.

------=_NextPart_000_013C_01C2CB91.55690E80
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   This has
nothing to do =
with SPs. =20
An upgrade does not change security on existing locations for=20
compatibility.  There may be exceptions.  If you want the
= behavior of=20
a clean install or you want one of the optional security templates, of = which=20
there are several, you can apply them at any time.
 
Rich
 

  "John Cuccia" <jcuccia{at}bigfoot.com>">mailto:jcuccia{at}bigfoot.com">jcuccia{at}bigfoot.com>
wrote =
in message=20
  news:cqit3v46jmh=
h3q15tf7o59fvl10i7vf6l4{at}4ax.com...So=20
  if an admin applies SP3 to an existing OS, he mus then apply =
thesecurity=20
  templates to return the system to a security state matching aclean =

  install?  Is security loosened to allow the
service pack=20
  install?  If so, thatimplies that an upgraded OS is less =
secure than=20
  a freshly installedone.On Sun, 2
Feb 2003 19:53:41 =
-0800,=20
  "Rich" <{at}>
wrote:>   It does.  =
Upgrades=20
  however do not apply the same security as clean installs.  They =
can't=20
  without the risk of breaking things.  The machine admin can apply =
any of=20
  the security templates after the=20
 
upgrade.>>Rich>> 
"John Cuccia" =
<jcuccia{at}bigfoot.com>">mailto:jcuccia{at}bigfoot.com">jcuccia{at}bigfoot.com>
wrote =
in message=20
  news:m3hr3vs1e8l=
a92ddts19l6hohj4cpq2ifq{at}4ax.com...> =20
  On Sun, 2 Feb 2003 16:17:16 -0500, "Geo." <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20
  wrote:>>  >"John
Cuccia" <jcuccia{at}bigfoot.com>">mailto:jcuccia{at}bigfoot.com">jcuccia{at}bigfoot.com>
wrote =
in=20
  message> =20
 
>news:0gkq3vsfh9f08potgmphlvjl9mqr7b6jj1{at}4ax.com...> =20
  >>  >> You can copy the
W2K CD  (the \I386 =
directory=20
  tree is all you need, I>  >>
believe) to a hard =
drive, apply=20
  SP3 to those installation files, and> 
>> burn that=20
  "slipstreamed" installation back to CD.  Easy enough, =
for> =20
  >> SPs, after extracting the service pack
run> =20
  >>  >Nope, that doesn't work
because SP3 also =
contains some=20
  changes to the>  >security settings for
registry keys =
and those=20
  won't get updated if you just>  >copy
the files over =
the=20
  install CD files.>>  So you
are saying that if I=20
  "slipstream" an \i386 directory with
the>  SP3 install =
command=20
  that I posted, and then burn those files to
CD,>  and then =
use=20
  that CD to install W2K on a new machine, that the>  =
registry=20
  security will be different than if I installed from
the>  =
original=20
  CD and then applied SP3?    Hope that makes sense=20
  <g>.>>  Is so,
sounds like a bug.  =
Microsoft's=20
  slipstream process should>  update installation config =
files as=20
  well as other source files.

------=_NextPart_000_013C_01C2CB91.55690E80--

--- BBBS/NT v4.01 Flag-4