Service Pack Size Warrants Deployment Caution

 
 
By Andrew Garcia  |  Posted 2004-08-23 Email Print this article Print
 
 
 
 
 
 
 

Given the size of Windows XP Service Pack 2, administrators should be cautious about letting Microsoft's Automatic Updates download the package to each XP-based desktop.

Given the size of Windows XP Service Pack 2 (about 300MB), administrators should be cautious about letting Microsoft Corp.s Automatic Updates download the package to each XP-based desktop; this could overwhelm Internet connections and cause an uptick in support calls.

Organizations that have Automatic Updates pointing to a local patch repository must approve SP2 before clients can start downloading it, but those groups that use Automatic Updates to get patches directly from Microsoft should consider downloading and applying a Group Policy template Microsoft has provided to block the SP2 download temporarily (available at www.microsoft.com/technet/prodtechnol/
winxppro/maintain/sp2aumng.mspx
).

At press time, SP2 wasnt available via Microsofts Software Update Services synchronization process, so we chose to distribute the package via Active Directory GPO (Group Policy Objects) to control the installation and avoid hammering our Internet connection.

We downloaded a single copy of the Network Installation version of SP2 and used an executable flag to unpack the update to a file share without installing it. We then configured a Group Policy to install the resulting Windows Installer package at the next reboot and assigned the policy to a test OU (organizational unit).

Service pack installation took about 15 minutes per system, although install time will fluctuate according to network conditions, server load and the number of clients performing the update concurrently.

Included with SP2 are .adm files that update Group Policy template files to reflect new settings that come with the service pack, including those for Windows Firewall. We used the Microsoft Management Consoles Group Policy Editor snap-in from an SP2-enabled machine to connect to our OUs GPO, which was automatically updated with the settings.

However, this update makes it difficult to manage the GPO from Windows 2000-, 2003- and XP-SP1-based machines, all of which have an older version of Group Policy Editor that has problems displaying the .adms long-winded explanations of the new features. Microsoft has released a hot fix (KB842933) for this problem.

Using the updated GPO, administrators who have already deployed a desktop firewall throughout the enterprise can automatically disable Windows Firewall. Those who choose to use Windows Firewall can create inbound policies that exempt certain ports or applications from firewall blocking for all systems in the OU. Writing the text-based exemption policies is a little complicated but allows administrators to apply the exemptions to entire networks or individual hosts.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Check out eWEEK.coms Windows Center at http://windows.eweek.com for Microsoft and Windows news, views and analysis.

Be sure to add our eWEEK.com Windows news feed to your RSS newsreader or My Yahoo page

 
 
 
 
Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel