Slipstreaming is a process by which you create a new installation point that contains a selected set of patches already. Using a slipstreamed installation point, you can build systems such that they are already patched when built. You can use a slipstreamed installation point with a deployment system such as Remote Installation Services (RIS) or Automated Deployment Services (ADS). RIS is primarily used to create network installation points for client machines. It allows you to boot a client without an OS, select an operating system to install, and install it from the network installation point. ADS provides the same type of functionality, but geared toward servers, which means it has some additional remoting capability, among other things. Although the remainder of this discussion only discusses slipstreaming for Windows, you can slipstream other products, such as Microsoft Office, as well, and this is commonly done with both RIS and ADS.

You can also build a custom CD that contains a patched installation point. You can use such a CD to install an operating system on a system without being connected to the network.

On the CD accompanying the book, you will find a script called slipstream.vbs. This script will help you slipstream patches into an on-disk installation. In this section, we outline the steps you would go through to manually slipstream patches. The slipstream.vbs tool performs many of these steps for you.

Get the Right Tools

Before you start, you need to obtain certain tools:

  • A standard hologram CD for the operating system you are trying to slipstream.

  • The service packs and all the updates you want to slipstream into the installation.

  • ISOBuster from isobuster /. You use this tool to extract the boot sector from the hologram CD. This boot sector is then included when you create your slipstream CD to make your slipstream CD bootable. If you only intend to use your slipstreamed installation for RIS, ADS, or a similar system, you do not need this tool.

  • A CD burner program that can create bootable CDs from a binary boot sector. Most CD burner programs can do this. Again, this tool is only necessary if you want to use the slipstreamed installation point in a CD-based installation.

WARNING: It is illegal to distribute slipstreamed CDs. In some locales, it may also be illegal to create them. Check with a legal professional familiar with the applicable license agreements and your local laws before creating and using slipstreamed CDs.

Build Your Slipstreamed Installation Point

After you have all these tools together, follow these steps:

Copy the i386 directory on a standard Windows hologram CD to a directory on your hard drive. We refer to this directory as <i386> from now on.

Extract the service pack to a directory (hereinafter referred to as <sproot>).

Apply the service pack to the <i386> directory. Use this command:

 <sproot>\update\update.exe S:<location of the i386 directory> 

At this point, you may either run the slipstream.vbs tool or perform the following steps manually. If you run the tool, skip ahead to Step 17.

Extract all the updates into separate directories.

Create a list of all the binaries in each update. These binaries reside in different locations, depending on the operating system the update is made for. With most Windows 2000 updates, the files are in the root of the extracted update directory.

Windows XP updates are issued in a dual-mode update package for the two most recent cardinal points . A cardinal point is a service pack. Each update contains binaries for the most recent cardinal point and the next -most recent cardinal point. The updates to apply to service pack n are in the n+1 directory. For example, if you are slipstreaming SP1 into a Windows XP installation point and want to slipstream the updates that apply to SP1, you need to copy the binaries from the SP2 directory of the Windows XP updates.

Windows Server 2003 updates also include binaries for several cardinal points. However, their structure is more complicated than that for Windows XP. In a Windows Server 2003 update, you will find directories named RTMQFE, RTMDGR, SP1QFE, SP1GDR, etc. The good news is that if you are slipstreaming updates into the original release of Windows Server 2003 (the Release To Manufacturing or RTMversion), you need the files from one of the RTM directories; if you are slipstreaming into an SP1 installation, you need the files from one of the SP1 directories, and so on. The bad news is that you have to choose between the General Distribution Release (GDR) and the Quick Fix Engineering (QFE) releases. A QFE is released from a different build environment than a GDR, so the two may not be interchangeable. QFEs are produced in response to a particular customer issue, whereas GDRs are broadly released updates. All updates released with security bulletins are GDRs, although a QFE version of the updates is usually present in the package as well. During a normal installation of a Windows Server 2003 update, the update installer checks whether the binaries on your system are from the GDR environment (in other words, the original release, a service pack, or a previous GDR). If they are, the GDR binaries are installed. However, if the binaries on the system are from the QFE environment, the QFE binaries in the update are installed instead. During a slipstream installation, you must be consistent with which set of binaries you use. If you start using QFE binaries for a particular update, you must continue to use QFE binaries for all the updates that contain those binaries. The slipstream.vbs script will install GDR binaries.

Determine whether any of the binaries in the update exist, either in compressed (using an underscore character as the last character in the filename, such as "dl_") or in uncompressed form in the <i386> directory. Delete all the ones that do. You do not need to worry about the following files, which are part of the update installer, and do not need to be copied :

  • update.exe

  • update.inf

  • spmsg.dll

  • spcustom.dll

  • spuninst.exe

  • update.ver

  • eula.txt

  • advpack.dll

  • w95inf16.dll

  • w95inf32.dll


  • custdll.dll

If the update contains files such as "_sfx_manifest_," it is a binary patch. Those types of patches cannot be slipstreamed at all at this time. However, with many of these, extracting the patch with the installer will create real files. Try running the update with the /x switch to extract it and see if you get different files.

After you have deleted any preexisting files, copy the files in the update into the <i386> directory.

Examine the subdirectories in the extracted update. For each subdirectory except the "update" directory, determine whether a directory with this name exists in the <i386> directory. If it does, copy all the files from the directory in the extracted update to the one in the <i386> directory.

Create a directory at < i386>\SvcPack.

Copy the catalog file from each update into the svcpack directory created in Step 10. The catalog file is normally called KB<patch KB article number>.cat, but may use a Q rather than the KB. If an update has multiple catalogs and they follow that exact naming convention, copy all of them. If there are multiple catalogs that do not follow this naming convention (for example, if a catalog is called and another is called, the update cannot be slipstreamed as is. This would be the case, for example, with MDAC updates, which ship with binaries and catalogs for all language versions and all supported platforms. Although you may be able to determine the appropriate binaries and catalog to use, these updates are not supported for slipstreaming.

Copy the original (unextracted) update file into the <i386>\SvcPack directory.

If there is a file called <i386>\svcpack.in_, delete it.

Create a new < i386>\svcpack.inf file, or open the existing one if it exists. It needs to include this information, depending on the version of the OS that you are slipstreaming:

For Windows 2000

 [Version] Signature="$Windows NT$" MajorVersion=5 MinorVersion=0 BuildNumber=2195 [SetupData] CatalogSubDir="\I386\SvcPack" [ProductCatalogsToInstall] <all catalogs on the svcpack directory> [SetupHotfixesToRun] <all hotfixes we want to install> /q /n /z 

For Windows XP

 [Version] Signature="$Windows NT$" MajorVersion=5 MinorVersion=1 BuildNumber=2600 [SetupData] CatalogSubDir="\I386\SvcPack" [ProductCatalogsToInstall] <all catalogs on the svcpack directory> [SetupHotfixesToRun] <all hotfixes we want to install> /q /n /z 

For Windows Server 2003

 [Version] Signature="$Windows NT$" MajorVersion=5 MinorVersion=2 BuildNumber=3790 [SetupData] CatalogSubDir="\I386\SvcPack" [ProductCatalogsToInstall] <all catalogs on the svcpack directory> [SetupHotfixesToRun] <all hotfixes we want to install> /q /n /z 

Note that certain updates, such as Internet Explorer and Windows Media updates, do not support the /q /n /z switch set. You need to manually determine which those are. Such updates are not supported for slipstreaming. It is possible that you can slipstream them by copying the binaries into the right place, but you should not include them in the [SetupHotfixesToRun] section of the svcpack.inf file. That also means they will not show up in Add/Remove Programs after you install the system.

Some updates do not include a catalog. Those updates are not supported for slipstreaming either.

Open the < i386>\dosnet.inf file and locate the [OptionalSrcDirs] section. Note that this section may not exist in a Windows Server 2003 or Windows XP installation. If this section does not exist, you must add it. If it does exist, ensure that it contains an entry for svcpack. For example, on a Windows XP flat install, the [OptionalSrcDirs] section should look like this:

 [OptionalSrcDirs] Svcpack 

Locate the [Files] section of the <i386>\dosnet.inf file. For each file copied in Steps 8 and 9, determine whether an entry exists in the [Files] section in the following form:


If the entry does not exist, add it. Note here that in some cases, the dosnet.inf file may contain multiple [Files] sections. It is sufficient in this case that the entry exists in one of them. If it does not exist in any of the [Files] sections, add it.

At this point, you have an installation point ready to use. If you are using it for RIS or ADS, you can stop at this point. If you want to make a CD instead, you need to first extract the boot sector from a real boot disk for the OS you want to slipstream. To do that, download ISO Buster from and install it. When you run ISO Buster, it will automatically find your CD. Select the right one, and you will find a dialog like the one in Figure 3-3.

Figure 3-3. When you run ISO Buster, locate the Microsoft Corporation.img file.

Locate the Microsoft Corporation.img file. Now right-click it and select Extract Microsoft Corporation.img.

Now you can start creating your bootable CD. You can use any CD burner software that is capable of creating bootable CDs for this task. The CD needs to be created as a "no-emulation" disk using the boot image extracted in step 18 as the boot sector. The software should automatically figure out where to put the boot sector.

(There should be four sectors and they are offset a bit, making it tricky to do this manually.) To avoid producing an inordinate number of coasters that look just like CDs, we prefer to create an ISO image and then test that image using Microsoft Virtual PC instead of burning directly to disk. Some CD-burner software has problems creating proper bootable disks, so making ISOs first may save some money. The image must have the same structure and name as the original OS disk. In other words, the <i386> directory must be a subdirectory of the root of the CD, and the files in the root directory still need to be there. Personally, we also like adding a text file to the root of the disk that explains exactly which patches and service pack the disk contains. That's particularly handy if the disk goes into a CD jukebox.

That's all there is to it! As you can see, slipstreaming is a complicated process that is not for the faint of heart. That's why the book comes with the slipstream.vbs tool to enable you to automate the most onerous part of the process: slipstreaming patches. This process is clearly not for use in environments where you need to install only one copy of the product. However, properly used, it can significantly reduce the effort involved in installing many copies of a particular product. Keep in mind that it is obviously illegal to distribute copies of the operating system. Slipstreamed installations are for use only by the licensee of the original product.

For more information on slipstreaming, refer to the following resources:


  • "How to Slipstream Hotfixes That Replace Pre-Existing Driver Files" (KB 814847)

  • "Description of the Contents of a Windows Server 2003 Product Update Package" (KB 824994)

  • "Description of Dual-Mode Update Packages for Windows XP" (KB 328848)

  • "How to Integrate Product Updates into Your Windows Installation Source Files" (KB 828930)

  • "How to Apply the 824146 Security Patch to Your Windows Preinstallation Environment" (KB 828217)

Protect Your Windows Network From Perimeter to Data
Protect Your Windows Network: From Perimeter to Data
ISBN: 0321336437
EAN: 2147483647
Year: 2006
Pages: 219 © 2008-2017.
If you may any questions please contact us: