Logging On Automatically After Installation
If you're using the [GuiRunOnce] section to deploy settings or to run programs after installing Windows, you'll want to automatically log on to the operating system immediately after the Windows installation is finished. You'll also likely want to log on as local Administrator to install applications that require elevated privileges or to change settings in HKLM that restricted users can't change. For the latter task, use the AutoLogon setting in the [GuiUnattended] section of your answer file. Set AutoLogon=Yes. This sets the value AutoAdminLogon in the key HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon, which you learn about in Chapter 18, “Fixing Common IT Problems.”
You must also set AutoLogonCount in the [GuiUnattended] section. This setting specifies the number of times that you want to automatically log on to Windows as local Administrator. This sets the value AutoLogonCount in the key HKLM\Software\Microsoft\Windows\CurrentVersion\WinLogon. Normally, you'd log on to Windows only one time by setting AutoLogonCount=1. However, you can log on to the operating system as many times as necessary, such as when a setup program restarts the computer in the middle of the installation process. The following lines show you the settings necessary to use this feature:
[GuiUnattended] AutoLogon=Yes AutoLogonCount=1 [GuiRunOnce] "regedit %SYSTEMROOT%\Settings.reg /s"
When you set a password using the AdminPassword setting in the [GuiUnattended] section, Windows uses that password to log the local Administrator on to it. However, if you encrypt the password and set EncryptedAdminPassword=Yes, Windows disables this feature. You trade between security and deployment convenience. Don't panic, though; when Windows finishes installing, it removes the password from any local copies of the answer file, such as %SystemRoot%\System32\$winnt$.sif.
Configuring Windows Firewall
Windows XP Service Pack 2 (SP2) and Windows Server 2003 Service Pack 1 (SP1) include the new Windows Firewall. Most companies and many enthusiasts will want to customize Windows Firewall during installation. Microsoft provides three methods of doing this. In a business environment, the best way to manage Windows Firewall settings is to use the new Windows Firewall Group Policy settings. This requires using Active Directory with either Windows 2000 or Windows Server 2003 domain controllers. For more information, see http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/depfwset/wfsp2wgp.mspx.
The following list describes customization methods that don't require Group Policy:
The unattended-setup answer file for Windows XP SP2 has options for configuring Windows Firewall settings when running an unattended setup of Windows XP SP2.
The Netfw.inf file for Windows XP SP2 configures Windows Firewall. It specifies a set of registry settings that are equivalent to the options available through both the Windows Firewall component in Control Panel and the Windows Firewall Group Policy settings.
To configure computers running Windows XP with SP2 after SP2 has been installed, have your users run a script file, such as a BAT or a CMD file, that contains the series of Netsh commands that configure the Windows Firewall operational mode, allowed programs, allowed ports, and so on.
To configure a computer running Windows XP with SP2 after SP2 has been installed, have your users run a custom configuration program that uses the new Windows Firewall configuration APIs to configure the Windows Firewall for operation mode, allowed programs, allowed ports, and other settings.
For more information about using these options, see http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/depfwset/wfsp2ngp.mspx.