RE: hotfix overwrite; hfnetchk
From: Greene, Michael (MGreene@lrs.com)Date: 05/22/02
- Previous message: Deus, Attonbitus: "Re: SQL Spider."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Greene, Michael" <MGreene@lrs.com> To: "'Darren W. MacDonald'" <darrydoo@aci.on.ca>, "Greene, Michael" <MGreene@lrs.com>, "'Dennis M. Depp'" <dwd@ornl.gov> Date: Wed, 22 May 2002 08:44:09 -0500
I think the key information for use to take away from this discussion is
that for the sake of keeping Windows machines up to date with security
hotfixes, we don't have to worry about overwriting the service pack files
because there are methods in place that prevent that from happening. Where
the service pack files come from is a bit less relevant. Hotfixes on the
other hand, may be overwritten, which is unfortunate but probably an
acceptable failure at this point, better to have working hotfixes that can
be overwritten, and a tool to detect problems, then no hotfixes at all. As
good stewards of our networks, it will be up to us to schedule scripted
hfnetchk scans and determine when an overwrite has taken place, in one of
the same ways that we determine new hotfixes are available.
I hope everyone else was able to benefit from this thread as much as I.
Thanks.
Michael
-----Original Message-----
From: Darren W. MacDonald [mailto:darrydoo@aci.on.ca]
Sent: Tuesday, May 21, 2002 10:26 PM
To: 'Greene, Michael'; 'Dennis M. Depp'
Cc: focus-ms@securityfocus.com
Subject: RE: Hfnetchk scans every file
Michael et al:
> -----Original Message-----
> From: Greene, Michael [mailto:MGreene@lrs.com]
> Sent: May 20, 2002 3:23 PM
> To: 'Darren W. MacDonald'; Greene, Michael; 'Dennis M. Depp'
> Cc: focus-ms@securityfocus.com
> Subject: Hfnetchk scans every file
>
> Darren, thank you for your reply. I have posted these same questions
on
> the
> Microsoft partner newsgroups and have gotten much better information
from
> this listserv. In response to your comment about hfnetchk. You are
> exactly right! After further review I found this FAQ claiming that
> hfnetchk
does
> examine EACH file applied in a hotfix. This means that it is
possible to
> scan a server using the hfnetchk tool and determine if any hotfixes
have
> been overwritten. This completely answers my question and settles my
> worries. Thanks.
You're welcome! Just doing my "Eric Schultze" impression! :-)
<snip>
> In addition there were some areas of your response that I happened to
> disagree with. If you can provide support for your argument that the
> service pack files are cached locally (they may be if installed from
the
> web, but what about other cases?) I would be very happy to listen.
You
> obviously proved a flaw in my argument above, so I am hoping you can
prove
> me wrong again.
Well, let's hope I can meet your expectations!
You've got it right -- manual installs are cached locally in
%SYSTEMROOT%\SERVICEPACKFILES, as discussed in Q274215. However, some
components of CD or network (or slipstreamed, for that matter) installs,
specifically drivers, are cached locally, in the SPx.CAB files. So, with a
CD install, or a network install where the source isn't available, new
drivers (anything done through Windows Setup or Control Panel, in other
words) should install without source.
So, technically, there are times where SP files aren't locally cached... but
one could use HfNetChk to catch those hopefully rare occasions.
Did I win? ;-)
TTYL
Darren
>
> //////////////
> Michael, your statement, "...Windows should prompt for a service pack
> installation point. ...", directly conflicts with my experience, and
> what's documented in the quoted KB article -- service packs are
> locally
cached,
> and
> fully known to the OS, so no prompting for location should occur.
> ----
> The Layout.inf file is updated with an additional source for Windows
2000
> service pack files so when you add or change additional components the
> Layout.inf file points to the correct source. The source location is
> stored in the following registry key:
>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Servi
ce
> Pa
> ckSourcePath
> The source could be a network share of the Windows 2000 service pack,
the
> Windows 2000 service pack CD-ROM, or if you install the Windows 2000
> service pack by using the Express Installation from the Web, the
> source is set
to
> the %systemroot%\servicepackfiles folder.
> ----
> To test this procedure, install Windows using a CD that is not
> slipstreamed. Install Service Pack 2 from CD. Now add a component. I
> cannot cite a specific example for a component to test, I apologize, I
> only know
that it
> has happened to myself and to colleagues. The server should prompt
for
> the
> Windows 2000 cd, and then at the appropriate time, it should prompt
for a
> Service Pack 2 CD. If the server is installed from a slipstreamed
> installation point, the prompt for a Service Pack 2 cd does not occur
> because the system is able to find the files without having to change
CDs.
>
>
> /////////////
> As to why things are done differently for hotfixes, I believe the
short
> answer would be "time". The QFE group (Quick Fix Engineering) works to
> create hotfixes quickly, and because of this time limitation, certain
> shortcuts are taken (like regression testing, as documented for each
and
> every hotfix).
> ----
> I'm not sure what you are saying here, but I would disagree that it is
ok
> to
> release a poor solution simply because of time constraints.
- Previous message: Deus, Attonbitus: "Re: SQL Spider."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
