Re: Microsoft to deploy Windows XP SP2 through Automatic Updates
From: Johnathan Samples (johnathansamples_at_GREENWAYMEDICAL.COM)
Date: 08/10/04
- Previous message: Russ: "XP SP2 - Statement of the NTBugtraq list"
- Maybe in reply to: Shilt, Christopher K: "Microsoft to deploy Windows XP SP2 through Automatic Updates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 9 Aug 2004 21:27:18 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
The SP2 update can be disabled.
Temporarily Disabling Delivery of Windows XP Service Pack 2 Through Windows
Update and Automatic Updates
While recognizing the security benefits of Windows XP SP2, some
organizations have requested the ability to temporarily disable delivery of
this update via AU and WU. These organizations have populations of unmanaged
PCs, upon which they have enabled AU. This is done to ensure that these
unmanaged PCs receive all critical security updates. Since SP2 will start to
be delivered to PCs running Windows XP or Windows XP with SP1 via AU
starting on August 16, these customers would like to temporarily block the
delivery of SP2 in order to provide additional time for validation and
testing of the update. In response to these requests, Microsoft is providing
the following guidance, resources, and communication vehicles to meet the
needs of these customers.
Please note that the mechanism to temporarily disable delivery of Windows XP
SP2 will be available for a period of 120 days (4 months) from August 16. At
the end of this period, Windows XP SP2 will be delivered to all Windows XP
and Windows XP Service Pack 1 systems.
Summary of Relevant Windows XP SP2 Dates
8/6 Release to manufacturing
8/9 Release to Microsoft Download Center (full network install package)
8/10 Release to Automatic Updates (for machines running pre-release
versions of Windows XP SP2 only)
8/16 Release to Automatic Updates (for machines not running pre-releases
versions of Windows XP SP2)
8/16 Release to SUS via AU
Later in August
Release to Windows Update for interactive user installations
Guidance
As a best practice approach to implementing a managed rollout of Windows XP
SP2, customers are encouraged to use a corporate update management solution
such as Systems Management Server (SMS) 2003 or Software Update Services
(SUS).
Key benefits of using SMS 2003 or SUS to deploy Windows XP SP2
1. Allow administrators to control the deployment Windows XP SP2 (as
well as other updates) across their Windows systems
2. Allow customers to safely disable direct AU or WU access from
individual systems, while allowing these systems to get the necessary
critical security updates and other administrator-approved updates.
3. SUS will automatically and silently install Windows XP SP2
(administrators can also achieve this behavior using SMS 2003), while
installation of Windows XP SP2 via WU or AU requires user or administrator
interaction on each system it is installed on
4. Dramatically reduces network traffic into the organization, since
updates only need to be downloaded to one or a small number of servers
within the organization, instead of being downloaded separately to each
system requiring the update.
Information on SMS 2003 is available at www.microsoft.com/smserver
Information on SUS is available at www.microsoft.com/sus
Note that SUS is available as a free download to customers with a Windows
Server 2003 or Windows 2000 Server license and can be downloaded from
http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-
972C-AE66A4E4BF6C&displaylang=en
Resources
For customers with a population of unmanaged PCs for which the above
solutions will not suffice, Microsoft is providing additional methods of
managing the update process. These alternatives enable customers to
temporarily disable delivery of Windows XP SP2 via AU and WU, while still
allowing critical security updates to be delivered via AU and WU, thus
providing more time to plan for deployment.
Options to temporarily disable and then re-enable delivery of Windows XP SP2
via AU and WU
1. For organizations that have implemented Active Directory based Group
Policy, we will provide an ADM template to allow these customers to
centrally and easily disable and re-enable delivery of SP2 to targeted
groups of Windows XP systems using Group Policy
2. For organizations that have not implemented Group Policy, we are
providing Microsoft signed executable software that can be run on systems to
disable and re-enable Windows XP SP2 delivery. The disable and re-enable
actions are specified as command-line parameters when running the
executable.
Microsoft is also providing a sample script that will accept a machine name
as a command-line parameter to enable execution of the executable software
on a specific machine. The script can be used to run the executable on a
remote machine or on a group of remote systems, using a mechanism that works
best for the customer (run as logon script, via a remote script execution
mechanism such as SMS, etc.).
3. For organizations that have machines that are not easily managed via
scripting or Group Policy, but are accessible via e-mail, we are providing
sample e-mail text that includes a URL link that users can click on to
disable delivery of Windows XP SP2. This URL will point to an executable
script hosted on www.microsoft.com/technet/winxpsp2. This option requires
users to have administrator rights on their machines.
We are also providing sample e-mail text with a similar included URL link
that can be clicked on to re-enable delivery of Windows XP SP2. IT
administrators can send this e-mail to their users when they are ready to
deploy Windows XP SP2 to these users' systems
Note 1: All of the above options rely on the presence of a registry key to
disable delivery of SP2. This is a new registry key that is used only for
the purpose of disabling and re-enabling delivery of SP2. Consequently,
there is no additional impact or side effect on the system, and customers
will be able to use these options immediately without need for any testing.
Note 2: Running the executable software requires administrative privileges.
Users who are not administrators on their systems will not be able to run
the executable. This is not an issue, since these users would not be able to
install XP2 anyway, and disabling delivery of XP2 would not be a concern for
these users.
Delivery
Customers will have access to these tools via the Windows XP SP2 section of
Microsoft TechNet (www.microsoft.com/technet/winxpsp2) that provides
1. Information on options for temporarily disabling delivery of Windows
XP SP2 via AU and Windows Update
2. Content to disable and re-enable delivery of Windows XP SP2
a. URL link to download a self-extracting zip file containing the ADM
template, signed executable, and sample script
b. Sample email text with included link that can be clicked on to
disable delivery of Windows XP SP2
c. Sample email text with included link that can be clicked on to
re-enable delivery of Windows XP SP2
3. Link to a frequently asked questions (FAQ) page
Note: The main Windows XP SP2 page on TechNet will have an announcement
about the availability of the Windows XP SP2 delivery-disabling options and
will provide a link to the above Web page.
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----
- Previous message: Russ: "XP SP2 - Statement of the NTBugtraq list"
- Maybe in reply to: Shilt, Christopher K: "Microsoft to deploy Windows XP SP2 through Automatic Updates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
