********************************************************************** "Read First" Release Notes Microsoft Windows 2000 High Encryption Pack ********************************************************************** Information in this document, including URL and other Internet Web site references, is subject to change without notice. The example companies, organizations, products, people, and events depicted herein are fictitious. No association with any real company, organization, product, person, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. (c) 1999 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Contents 1.0 Introduction 2.0 Installing the Windows 2000 High Encryption Pack 2.1 OEM Preinstallation and Corporate Deployment 3.0 U.S. Export Regulations for Strong Encryption Products ====================================================================== 1.0 Introduction ====================================================================== Welcome to the Windows 2000 High Encryption Pack. This document provides complementary or late-breaking information to supplement the Microsoft Windows 2000 documentation. Print and read this document for critical preinstallation information about this release. To print Encread.txt 1. Open Encread.txt in Notepad or another word processor. 2. On the File menu, click Print. ====================================================================== 2.0 Installing the Windows 2000 High Encryption Pack ====================================================================== The Windows 2000 High Encryption Pack upgrades Windows 2000 to use the strongest possible, 128-bit encryption to protect your information. For more information about Windows 2000 security features, see the Windows 2000 documentation. The Windows 2000 High Encryption Pack may be included in your product on a floppy disk or on the Windows 2000 Professional product CD. However, laws in your country may not permit distribution of the Windows 2000 High Encryption Pack at this time, so it may be excluded. If you want to use 128-bit high encryption, you can install the High Encryption Pack from the floppy disk, or from the Windows 2000 Professional CD, after Windows 2000 Professional Setup. You can also install the High Encryption Pack from the following Web sites: * For Windows 2000 Professional, http://www.microsoft.com/isapi/redir.dll?prd=win2000&sbp= professional&ar=download&sba=crypto * For Windows 2000 Server, http://www.microsoft.com/isapi/redir.dll?prd=win2000&sbp= server&ar=download&sba=crypto To install the Windows 2000 High Encryption Pack from the floppy disk 1. Insert the High Encryption floppy disk into the computer's floppy disk drive. 2. Click Start, and then click Run. 3. Type :\encpack.exe, and then click OK. 4. Click Yes to begin installation. 5. When installation completes, remove the floppy disk and restart the computer. Note: The following notes are important to users who are installing the Windows 2000 High Encryption Pack: * You cannot uninstall the Windows 2000 High Encryption Pack. * Future upgrades of Windows 2000 automatically upgrade the High Encryption software. You do not need to reinstall the Windows 2000 High Encryption Pack. ---------------------------------------------------------------------- 2.1 OEM Preinstallation and Corporate Deployment ---------------------------------------------------------------------- The following instructions describe how original equipment manufacturers (OEMs) and corporations can preinstall and deploy the High Encryption Pack. Installing the High Encryption Pack by using either of the following methods implies that the person performing the installation has read and agreed to the contents of the License Agreement included with the product. It also implies that the end user on whose behalf Windows 2000 is being installed has agreed to the License Agreement. To preinstall and deploy the High Encryption Pack on all computers 1. Insert the High Encryption floppy disk into a computer's floppy disk drive. 2. Copy Rsaenhs.dll from the floppy disk to your distribution folders in the \\\\i386\$OEM$\$$\System32 directory. 3. Remove the floppy disk. 4. On the destination computers, start the Windows 2000 installation from a distribution folder. To preinstall and deploy the High Encryption Pack on selected computers using sysprep 1. Insert the High Encryption floppy disk into a computer's floppy disk drive. 2. Copy Encpack.exe from the floppy disk to your distribution folders in the \\\\i386\$OEM$\$1\Sysprep\i386\$OEM$ directory. 3. Create a Cmdlines.txt file that contains the following lines: [Commands] ".\encpack.exe /q:a" 4. Copy the Cmdlines.txt file to your distribution folders in the \\\\i386\$OEM$\$1\Sysprep\i386\$OEM$ directory. 5. Remove the floppy disk. 6. Start the Windows 2000 installation on the master computer. 7. Run Sysprep.exe. 8. When the computer shuts down, use third-party software or hardware imaging tools to image the computer. 9. Create a Sysprep.inf file that contains the following lines: [Unattended] InstallFilesPath = %systemdrive%\Sysprep\i386 10. Copy the Sysprep.inf file to a location where the file can be used to customize installations or can be copied to a floppy disk for customized use. 11. Copy the image to the destination computers. 12. If you have tools that allow you to manipulate the image, you can replace an existing Sysprep.inf file on the computer with the updated file. Note: If you use a custom Sysprep.inf file to replace a Sysprep.inf file that was on the master computer when it was imaged, the InstallFilesPath and OEMPnpDriversPath references must be the same for both Sysprep.inf files. For more information about how to use Sysprep.exe and Sysprep.inf, see the Deptool.chm Help file in \Support\Tools\Deploy.cab on the Microsoft Windows 2000 CD. ====================================================================== 3.0 U.S. Export Regulations for Strong Encryption Products ====================================================================== WHO SHOULD CONSULT THIS SECTION: System administrators and others who anticipate deployment of strong encryption products outside the United States or Canada, or within a corporate environment that extends beyond United States or Canadian borders. The product contains strong encryption features and is classified for export from the United States under ECCN 5D002(c)(1). Export of strong encryption products from the United States is regulated under "EI controls" of the Export Administration Regulations (EAR, 15 CFR 730-744) of the U.S. Department of Commerce, Bureau of Export Administration (BXA). Note: As of October 1999, the U.S. export regulations for strong encryption are in the process of being amended. New regulations are expected to permit the export of most strong encryption products to end users in all but the U.S.(embargoed countries. Up-to-date information about the exportability of Microsoft products is available from the Exporting Microsoft Products Web site at: http://www.microsoft.com/exporting/ For additional information about the new U.S. export regulations and U.S. export laws in general, visit the following Web sites: * The U.S. Department of Commerce Commercial Encryption Export Controls Web site at: http://www.bxa.doc.gov/encryption/default.htm * The U.S. Department of Commerce Bureau of Export Administration (BXA) Web site at: http://www.bxa.doc.gov/ * The U.S. Export Administration Regulations Online (15 CFR 730-744) Web site at: http://www.access.gpo.gov/bxa/ Note:Web addresses can change, so you may be unable to connect to the Web sites mentioned here.