Windows & .NET Magazine UPDATE--Microsoft Ships Windows XP SP2. Now What?--August 10, 2004

Make sure your copy of Windows & .NET Magazine UPDATE doesn't get mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This Issue Sponsored By

Free Download: Diskeeper optimizes PC performance

Download: Be Proactive with Real-Time Monitoring! ===============

1. Commentary
- Microsoft Ships Windows XP SP2. Now What?

2. Hot Off the Press
- Munich Migration to Linux Grinds to a Halt

3. Resources
- Forum Thread: Enterprise Spyware/Adware Solutions
- Tip: I have an internal firewall between sections of my network. Which ports must I open to allow user and computer account authentication?

4. New and Improved
- Scan Email Messages
- Monitor Your Network from a Pocket PC
- Tell Us About a Hot Product and Get a T-Shirt!

==== Sponsor: Free Download: Diskeeper optimizes PC performance ====

Like cars, computers need routine maintenance for optimum performance. Diskeeper(R) automates the all-important task of defragmentation for servers and PCs. Diskeeper features a high-speed defragmentation engine, "Set It and Forget It"(R) scheduling and boot-time defragmentation of critical system files to maintain optimum performance and reliability. Mission-specific editions are available for workstations, servers, and enterprise servers, plus Diskeeper Administrator Edition for remote installation and centralized management. System administrators who use Diskeeper rave about the benefits of automatic defragmentation: decreased help desk traffic, improved speed and response rates, and rock-solid stability, all with no IT staff intervention or system downtime required! Eliminate fragmentation-related crashes and slowdowns across your entire site—get Diskeeper now!
Try Diskeeper FREE for 30 days:


==== 1. Commentary: Microsoft Ships Windows XP SP2. Now What? ====
by Paul Thurrott, News Editor, [email protected]

On Friday, Microsoft finally released its long-awaited Windows XP Service Pack 2 (SP2) upgrade. However, despite its name, XP SP2 is no mere service pack. Thanks to its many pervasive security enhancements, you should treat this release like a major new Windows version, albeit one without any new licensing costs. The real cost of XP SP2 will be felt in the months ahead, as corporations evaluate and deploy this crucial XP upgrade. I say that because Microsoft has taken the unusual step of breaking certain technologies in a bid to make the system more secure. These changes could cause big problems with certain custom-made applications and services, so proceed with caution.

I won't waste space here detailing the many functional changes in XP SP2. Instead, please visit my exhaustive review of XP SP2 on the SuperSite for Windows ( ) with the understanding that my recommendations at that site are aimed at individuals, not businesses. Likewise, I won't belabor the details of Microsoft's staged rollout of XP SP2; you can find that information in my WinInfo Daily UPDATE article announcing the SP2 release ( ). Suffice to say that, depending on your relationship with Microsoft, you should be able to get your hands on this release and the necessary support files by the end of the month at the latest.

This week, I focus on the potential ramifications of XP SP2 in the enterprise and suggest a rational strategy for getting this release to your users as quickly as possible. Barring some cataclysmic incompatibility problem that arises in the days ahead, ultimately you'll want to deploy XP SP2 sooner rather than later. The reason is that XP SP2 is both much more secure and more configurable than its predecessor. That latter bit hasn't been publicized enough, so let me be specific: XP SP2 includes more than 600 new Group Policy Objects (GPOs) for you to fiddle with, almost as many new GPOs as the original XP release included; I'll be examining these GPOs soon. And as you might expect, Microsoft is supplying new versions of some of its deployment tools as well.

Ramifications of XP SP2
Most support calls that XP SP2 generates will be caused by incompatibilities. These incompatibilities will take several forms. Although most commercial software should work fine with XP SP2, those programs that access information online might trigger Windows Firewall warnings, and custom-built applications, intranets, and Web sites that use functionality that Microsoft locked down in XP SP2 might fail without warning. For more information about this locked-down functionality, please refer to the Microsoft Developer Network (MSDN) resources for XP SP2 at .

End users will find XP somewhat jarring unless their systems are up-to-date with antivirus software and Automatic Updates and they leave Windows Firewall enabled. However, even with Windows Firewall enabled, users will likely run into the occasional authorization dialog box when the firewall detects incoming network traffic aimed at an application that isn't yet in its exceptions list. For people unfamiliar with firewalls, this interruption will likely be somewhat jarring.

From the perspective of the corporate network, XP SP2 probably won't be notably different from current XP installations and might even be responsible for preventing various electronic attacks. However, as I've stressed in past commentaries, XP SP2 does nothing to help after a malicious user has mounted a successful attack; in such a case, an infected PC could still be used to launch zombielike attacks on other PCs. For this reason, you should consider augmenting XP's Windows Firewall with a third-party solution that offers protection for outbound communication in addition to inbound communication.

In short, XP SP2 should be an overwhelmingly positive update for most companies after they get beyond the sheer effort of deploying it. However, compatibility concerns will always be a potential wrench in the wheel, necessitating heavier testing than usual.

Planning an XP SP2 Deployment
If you're planning an integrated or slipstreamed installation of XP SP2, either from a network share or via CD-ROM, the instructions haven't changed. I spent this past weekend experimenting with both methods and found the process to be relatively straightforward. And Setup Manager--the GUI tool you use to create unattended installations of XP through a network share--appears to work identically to earlier versions. For larger deployments, you can use Windows Installer or Remote Installation Services (RIS) to distribute the service pack via a GPO to any Active Directory (AD) container (e.g., organization units--OUs). I haven't tested either of these options yet, but my understanding is that XP SP2 doesn't change either of these methods.

However, Sysprep--the Windows System Preparation tool--has changed. Sysprep, as its name implies, helps you prepare customized Windows installation images for use in automated deployments. With XP SP2, Microsoft is shipping a new version of Sysprep that's compatible with all versions of XP, as well as Windows Server 2003. (A newer Sysprep version will also be supplied with Windows 2003 SP1 next year, I'm told.) If you're going to deploy XP SP2 at all, you must use the version of Sysprep that comes on the XP SP2 CD-ROM.
Naturally, you can also deploy XP SP2 through Windows Update or Microsoft Systems Management Server (SMS). Microsoft has published simple instructions for SMS distribution on its Web site.

How and When to Roll Out XP SP2
Although XP SP2 is technically finished, it's still early in the rollout process, and I'm sure you'll be muddling through its changes and deployment options in the days ahead, as will I. But I stress: You should deploy XP SP2 as quickly as possible (as soon as you've tested the installation to ensure that it doesn't break any mission-critical software or services). If you've been testing this deployment over the summer, please contact me: I'm interested in any experiences you've had with this disruptive Windows update. In the meantime, get busy. We all have a lot of work to do.

Links to Related Resources

Windows XP Home Edition with Service Pack 2 Utility: Setup Disks for Floppy Boot Install

Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install

Windows XP Service Pack 2 Network Installation Package for IT Professionals and Developers

Windows XP Service Pack 2 Support Tools

Windows XP Service Pack 2 Deployment Tools

Windows XP Service Pack 2 SMS Files

Windows XP Service Pack 2 Checked Build Network Installation Package


==== Sponsor: Download: Be Proactive with Real-Time Monitoring! ====

There are two ways to manage your critical systems: Reactive and Proactive. TNT Software's ELM Enterprise Manager supports the latter. ELM Enterprise Manager is the affordable solution that monitors the health and status of your systems in real-time, provides easy to access Views, and alerts you in time to take prompt corrective action. Be proactive, download you FREE 30 day full featured trial copy of ELM Enterprise Manager NOW and start experiencing the benefits of real-time monitoring.


==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

Munich Migration to Linux Grinds to a Halt
The world's largest migration from Windows to Linux ran into some snags last week, and the project has been put on indefinite hold. The city of Munich, Germany, had just started collecting bids on its migration of 14,000 Windows desktops to Linux when Green Party Alderman Jens Muehlhaus discovered 50 potential problems because of European Union (EU) patent laws and called a halt to the entire operation. The situation appears to be political, however, and city officials say that they're standing by their decision to migrate to Linux. An anxious open-source world awaits the outcome.

==== Announcements ====
(from Windows & .NET Magazine and its partners)

Get 2 Sample Issues of Windows & .NET Magazine (soon to be Windows IT Pro)!
In September, Windows & .NET Magazine will become Windows IT Pro! Act now to get our special charter issue that shows you how to plug DNS holes and select the best scripting editor, plus learn more about the business side of IT. And discover the top 10 PC trends we think you need to keep an eye on. Get two risk-free new and improved issues and a subscription at 40% off the cover price at

Get Equipped to Fight Against Spammers With Our Latest Email Security Toolkit II--Includes a White Paper, Web Seminar, and eBook
Take the next steps against the "silent killer" and learn how to prepare for directory harvest attacks. Plus, find out how to eliminate spam and viruses by learning spammers' new covert tactics designed to get past conventional spam content filters. Get the latest Email Security Toolkit now!

Free eBook--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"
This eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management.

Take our Salary Survey, and Enter to Win $500!
We need your help! Windows & .NET Magazine is launching its 1st Windows IT Pro Industry Salary Survey, and we want to know all about you and what makes you happy as an IT professional. When you complete the survey (about 15 minutes of your time), you’ll be entered in a drawing for one of two $500 American Express gift certificates. Look for the survey results--and how you stack up against your peers—in our December 2004 issue. To take the survey, go to

~~~~ Hot Release: (Advertisement) Quest ~~~~

Free White Paper from Quest Software
In this white paper, Active Directory experts identify the best practices for migrating from NT to Active Directory. Learn more about critical migration processes including: discovery, planning, testing, account migration and resource updating. Get your free copy today.;9739770;7402808;w?

==== Instant Poll ====

Results of Previous Poll: System Failure
The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "What was the cause of your most recent system failure?" Here are the results from the 350 votes:
- 17% Virus activity
- 39% Hardware failure
- 23% Software compatibility or driver problems
- 10% User error
- 11% Other

(Deviations from 100 percent are due to rounding error.)

New Instant Poll: Windows XP Service Pack 2
The next Instant Poll question is, "Do you plan to roll out Windows XP Service Pack 2 (SP2) to users as soon as it becomes available?" Go to the Windows & .NET Magazine home page and submit your vote for a) Yes, b) No, or c) I'm not sure.

==== 3. Resources ====

Featured Thread: Enterprise Spyware/Adware Solutions
Forum user egress1 wants to get feedback about how different organizations are dealing with spyware and adware. Offer your comments and suggestions at the following URL:

Tip: I have an internal firewall between sections of my network. Which ports must I open to allow user and computer account authentication?
by John Savill,

Basic authentication on a network consists of several steps. First, the client locates a domain controller (DC), which requires DNS connectivity--port 53 on UDP and TCP. Next, the client performs a connectivity test by using a Lightweight Directory Access Protocol (LDAP) Ping--port 389 over UDP. Then, the client uses Kerberos (port 88 via UDP and TCP) and Server Message Block (SMB--port 445 via UDP and TCP) to complete the authentication to the DC. Therefore, you must enable all these ports.

==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

Are You Using Best Practices When Managing Software Packaging and Pre-Deployment Preparation?
In this free Web seminar, you'll learn best practices for managing software packaging and pre-deployment preparation. Discover how your organization can benefit from managing the workflow of the pre-deployment process to cut time and costs. Plus, you'll learn about different business scenarios that show ROI improvements from accurate workflow management. Register now!

==== 4. New and Improved ====
by Angie Brew, [email protected]

Scan Email Messages
PGP and Symantec announced a combined enterprise secure-messaging and virus-scanning solution. PGP has integrated the Symantec AntiVirus Scan Engine into its PGP Universal product line, a secure email communications solution. The combined solution scans outgoing email messages for viruses before they're encrypted and scans incoming email messages immediately after decryption. You can purchase PGP Universal with an annual subscription of Symantec AntiVirus Scan Engine. PGP Universal will centrally manage both the Symantec and PGP products. Contact PGP at 650-319-9000.

Monitor Your Network from a Pocket PC
PhatWare released PhatNet, a network-monitoring application for Windows Mobile-based Pocket PCs. PhatNet is a real-time analyzer that decodes and filters data transported over virtually any type of LAN or WAN. PhatNet filters packet-based data by IP address, UDP port, TCP port, hardware address, or data string and supports the creation of advanced filters for difficult-to-diagnose network problems. After you link your Pocket PC to the network, PhatNet gives you information about the network state and activity within a given segment. The product also detects security flaws in wireless LAN segments. Pricing is $99 for PhatNET Personal and $299 for PhatNET Professional. Contact PhatWare at 650-559-5600.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

==== Sponsored Links ====

Comparison Paper: The Argent Guardian Easily Beats Out MOM;6480843;8214395;q?

Free Download--New - Launch NetOp Remote Control from a USB Drive;9571671;8214395;t?


==== Contact Us ====

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]


==== Contact Our Sponsors ====

Primary Sponsor:
Executive Software --

Secondary Sponsor:
TNT Software -- -- 1-360-546-0878

Hot Release:
Quest Software -- -- 1-949-754-8000


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

View the Windows & .NET Magazine Privacy policy at Windows & .NET Magazine a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2004, Penton Media, Inc. All Rights Reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.