XP SP2 and Group Policy

From: Cenk KULACOGLU (cenk.kulacoglu_at_SBS.COM.TR)
Date: 08/13/04

  • Next message: Young, Keith: "Re: XPSP2 Load Experience" 
    Date:         Fri, 13 Aug 2004 14:22:05 +0300
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Hi Russ,

    I thought I should share this...

    Cheers
    Cenk

      _____

    If you expect to have any user with administrator rights ever view or edit
    group polices from an XP SP2 based system they need this fix.

    The first groups generally to use a new service pack or operating system is
    the IT staff so in my opinion this fix should be deployed proactively as
    soon as the customer is able to.

    You should be aware that this is already documented in the Windows XP SP2
    release notes but you should be proactive in case your customer may have XP
    SP2 users testing the platform.

    The issue

    With the RTM of XP SP2 (and the tremendous number of new policy settings it
    makes available) Mark and I wanted to alert you to an important issue around
    the use of the .adm files that we ship with this service pack. To cut to the
    chase, the .adm files in XP SP2 will not load correctly on older versions of
    GPEdit and require fixes to be applied.

    By default, when viewing or editing a GPO in GPEdit, the timestamps of the
    .adm files in the GPO (stored in Sysvol) are compared with those on the
    administrative workstation (see KB 816662 for details). This means that the
    mere act of viewing an existing GPO from an XP SP2 machine will result in
    the new .adm files being uploaded to Sysvol - eventually used by any other
    administrative workstation (whether XP SP2 or not). Without fixes we are in
    the process of releasing, this will produce error messages in older versions
    of GPEdit. This scenario is described in full in the following KB article
    which has just gone online:

    The KB http://support.microsoft.com/default.aspx?kbid=842933
    <http://support.microsoft.com/default.aspx?kbid=842933> will continue to be
    updated with the latest information.

    NOTE: This issue does not impact the application of group policies rather it
    only impacts the ability to modify and view them.

    The fix

    Hotfixes are available today for Windows 2003 and Windows XP SP1. In
    addition for Windows 2000 SP3 and SP4 systems a fix is downloadable from
    Microsoft.com. The intention is to have all versions of the fix available
    from Microsoft.com.

    To obtain the XP and 2003 fix send your customer the fix for KB 842933.

    For Windows 2000 download it from
    http://www.microsoft.com/downloads/details.aspx?FamilyId=BA478B46-3AF7-4EAF-
    9CE6-E34EA2C74FAF
    <http://www.microsoft.com/downloads/details.aspx?FamilyId=BA478B46-3AF7-4EAF
    -9CE6-E34EA2C74FAF&displaylang=en> &displaylang=en

    This fix goes on any system where you may need to use group policy editor.
    This includes all Windows 2000 servers, Windows 2003 servers, and XP SP1
    systems used for domain administrative tasks. To be on the safe side I
    would simply roll it our company wide as you would a security fix as this
    could even be seen editing local polices.

    The only platform not affected by this issue is Windows XP SP2 as it already
    includes the fix.

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: Young, Keith: "Re: XPSP2 Load Experience"

    Relevant Pages