Skip navigation

Windows IT Pro UPDATE--Understanding the Windows XP SP2 Blocking Mechanism--March 22, 2005

Subscribe to Windows IT Pro: ============================

Make sure your copy of Windows IT Pro UPDATE doesn't get mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertiser's Web sites and show your support for Windows IT Pro UPDATE.

VERITAS Software;14545362;10980915;g?

Symantec - Taking Remote Management to the next level!


1. Commentary
- Understanding the Windows XP SP2 Blocking Mechanism

2. Hot Off the Press
- REAL Software Offers Free Upgrade to Stranded VB Users

3. Peer to Peer
- Featured Thread: Firewall/Antivirus
- Tip: Under which user accounts do the various Group Policy scripts run?

4. New and Improved
- Power Your Enterprise

==== Sponsor: VERITAS Software ====

FREE TRIAL SOFTWARE FOR WINDOWS DATA PROTECTION -- Find out why the VERITAS Backup Exec Suite is the Gold Standard in Windows Data Protection. Download the trial software now and learn how the Backup Exec Suite delivers continuous data protection with the fastest disk-based recovery. The suite includes Backup Exec 10, Replication Exec and Storage Exec. Learn how this integrated solution lets Windows-based organizations better protect and manage their business-critical information. The Backup Exec Suite reduces costs, hardware requirements and administration time. It's simple to manage, and simple to grow. Find out for yourself and download the trial software now!;14545362;10980915;g?


==== 1. Commentary: Understanding the Windows XP SP2 Blocking Mechanism ====
by Paul Thurrott, News Editor, [email protected]

When Microsoft introduced Windows XP Service Pack 2 (SP2) last August, the company understood that many enterprises and other businesses would want to block access to the update via Windows Update and Automatic Updates. To accommodate the needs of these companies, many of which needed more time to evaluate and test SP2, Microsoft issued a mechanism through which organizations can temporarily block the delivery of SP2.

You can find more information about the SP2 blocking mechanism on the Microsoft Web site (see the URL below), but here's the gist of it: Depending on the method you use to deploy software updates, Microsoft provides several ways through which you can delay or suspend delivery of SP2. If you're not using a managed software-updating tool, such as Microsoft Software Update Services (SUS) or Microsoft Systems Management Services (SMS), you can use a registry change to disable the delivery of SP2.

The problem, for some users, is that the blocking mechanism is only temporary. When Microsoft first provided the mechanism, it stated that the mechanism would block SP2 for only 240 days or roughly 8 months. That time period will expire in about 3 weeks--on April 12, 2005. On that day, Windows Update and Automatic Updates will ignore the registry change and begin delivering XP SP2.

Sadly, the arrival of this date has been met with the same wild rumors and fear that greeted the new millennium. You might have seen some of the crazier articles about this topic, which accuse Microsoft of dumping XP SP2 on its users in a bid to force the upgrade. However, the truth is much less exciting and controversial than the rumors. Here's what's really happening.

First, some background information. For most nonenterprise users, SP2 has been successfully rolled out in phases. Customers could begin manually downloading the update on August 9, 2004, and it began trickling out to beta SP2 users via Automatic Updates on August 10. On August 16, Microsoft deployed it to SUS servers. XP Home Edition customers still running the original XP version or XP SP1 or SP1a gained access to SP2 on August 18, and XP Professional Edition users gained access a few days later.

Since its release, more than 180 million XP users worldwide have successfully upgraded to SP2, according to Microsoft. The negative effects on these users, despite the sweeping security improvements and potential incompatibilities that SP2 introduces, have been astoundingly low. Yes, some users have had problems with SP2, but when you consider the fact that SP2 is essentially a massive OS upgrade, the release has been enormously successful. Microsoft representatives have told me again and again that the expected upswing in support calls has simply never happened.

On April 12, 2005, Microsoft will stop honoring the temporary blocking mechanism for SP2. However, this change won't affect most enterprises because most mid- and large-sized businesses use managed software deployment tools such as SUS, SMS, or other third-party products. This change won't affect consumers, either, because nonmanaged consumer machines have had access to SP2 since last August.

This change will, however, affect the small subset of business customers who've opted to temporarily block the SP2 download because they don't use a formal software-deployment solution. These types of businesses do have a choice to make by April 12. They can opt to manually install SP2 on their XP desktops, or they can simply wait until April 12. Starting on that date, Automatic Updates will automatically download SP2 to all XP desktops.

However--and this is the most important point--Automatic Updates won't automatically install SP2 at that time. Instead, you must first agree to the End User License Agreement (EULA) before SP2 will install via Automatic Updates. If you decline the EULA, SP2 won't install. End of controversy.

You could be silly about all this and disable Automatic Updates. However, I strongly urge you not to do so because Automatic Updates is a vital conduit for critical security patches. So if you leave Automatic Updates on and don't want to install SP2 for some reason, you might simply see a bandwidth hit, although Automatic Updates does a good job of managing the download volume when a user is interactively engaged with the system. Conversely, if you'd like to install SP2 but are worried about bandwidth, download the installation once manually and apply it to each machine locally before April 12. It's that simple.

Windows XP with SP2 will be considered the baseline version of XP moving forward. For that reason and because of all the excellent security updates and high degree of success that businesses have had installing the update, I strongly recommend that all XP users--consumer, business, or enterprise--upgrade to this release as soon as possible. The April blocking-mechanism date is, in most ways, completely irrelevant to that belief. But if you've been putting off the SP2 upgrade for some reason, now is the time to act.

Temporarily Disabling Delivery of Windows XP Service Pack 2 Through Windows Update and Automatic Updates (Microsoft)


==== Sponsor: Symantec - Taking Remote Management to the next level! ==== Symantec Ghost Solution Suite is the industry's most widely-used enterprise imaging and deployment solution with ease-of-use for managing the entire PC lifecycle including OS deployment, software distribution, PC migration and retirement. It reduces IT costs by streamlining networked desktop and laptop management in an enterprise environment. Providing both file- and sector-based imaging technology, hardware and software inventory, a Client Staging Area, multicast file transfer to enable fast and easy PC management and secure data disposal. Learn more at:


==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

REAL Software Offers Free Upgrade to Stranded VB Users
REAL Software will offer "stranded" Visual Basic (VB) users free upgrades to REALbasic through March 31, the company announced yesterday. On April 1, Microsoft is ending standard support for VB 6.0, which has left millions of enthusiasts and programmers in the lurch. To read the entire story, visit the following URL:

==== Events and Resources ====
(from Windows IT Pro and its partners)

Improve Service Levels and Maximize IT Staff Efficiency
Keeping your IT infrastructure on course can be a challenge given the complexity of servers, infrastructure, and application software. In this free Web seminar, learn practical techniques to monitor and manage your infrastructure applications, such as Active Directory and Exchange.

Get Ready for SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

New eBook--Windows Certification and Public Keys
PKI services are increasingly important in today's IT environment. PKI offers strong security services to internal and external users, computers, and applications. In this free eBook, you'll discover a starting point for understanding the PKI and certificate services available in Windows Server 2003. Download it now and learn about trust relationships, validating digital certificates, and more.

Exchange, Retention, and Regulatory Compliance
The advent of Sarbanes-Oxley, Gramm-Leach-Bliley, and assorted market-specific regulations means that you may be legally required to have an email compliance and retention policy. In this free Web seminar, Exchange MVP Paul Robichaux will teach you to discover, manage, and archive information within your Exchange enterprise to successfully limit your legal exposure and protect your corporate information. Sign up today!

Group Policy Settings--Get Answers You Won't Find Anywhere Else.
Don't be overwhelmed by the large number of Group Policy settings and variety of ways to apply them. Join industry experts Ed Roth and Darren Mar-Elia as they explain how to use Group Policy Objects for desktop management. Get your questions answered about settings for deployment, folder redirection, standardization, security, updates, and more.

~~~~ Hot Release: (Advertisement) Saving Time and Money with Network Faxing ~~~~

Organizations can save significantly on long distance costs, increase worker productivity, and streamline their business processes simply by connecting a fax server to their local area network. Get this white paper now!

==== Instant Poll ====

Results of Previous Poll:
The voting has closed in Windows IT Pro's nonscientific Instant Poll for the question, "Do you think Microsoft's policy to grant certain government agencies early access to patch information poses a security threat?" Here are the results from the 161 votes:
- 42% Yes
- 50% No
- 8% I don't know

New Instant Poll:
The next Instant Poll question is, "Has your organization upgraded Windows XP machines to Service Pack 2 (SP2) yet?" Go to the Windows IT Pro home page and submit your vote for a) Yes, we upgraded when SP2 first became available, b) No, but we will upgrade when the SP2 blocking mechanism is removed in April, c) No, and we don't plan to install SP2 on our machines, or d) I don't know.

==== 3. Peer to Peer ====

Featured Thread: Firewall/Antivirus
Forum user kinalas wants to know the best hardware/software firewall solution for protecting his corporate network from viruses and spyware. If you have a recommendation, visit the following URL:

Tip: Under which user accounts do the various Group Policy scripts run?
by John Savill,

Find the answer at the following URL:

==== Announcements ====
(A complete Web and live events directory brought to you by Windows IT Pro: )

Get Windows IT Pro at 44% Off!
Windows & .NET Magazine is now Windows IT Pro!
Act now to get an entire year for just $39.95--that's 44% off the cover price! Our March issue shows you what you need to know about Windows Server 2003 SP1, how to get the best out of your IT staff, and how to fight spyware. Plus, we review the top 10 features of Mozilla Firefox 1.0. This is a limited-time, risk-free offer, so click here now:

Vote for the Next MCP Hall of Famer
Help decide who the most valuable member of the MCP community is. Take the time to reward excellence to those that deserve it and to make yourself a part of the first-ever MCP Hall of Fame. Voting only takes a few seconds, so cast your vote now for Round 2. Click here:

==== 4. New and Improved ====
by Angie Brew, [email protected]

Power Your Enterprise
SMC Networks released the SMC TigerStack III SMC6824MPE 24-port 10/100 Stackable Managed Switch designed for enterprise workgroup environments. The product is stackable up to eight units high, all of which can be managed under a single IP address. Each SMC6824MPE provides 24 auto-MDIX 10/100Mbps ports and two uplink ports for optional Gigabit or 100Mbps fiber. The SMC6824MPE features ACL; Remote Authentication Dial-In User Service (RADIUS) and Secure Shell (SSH) support; 4-queue Quality of Service (QoS) and private Virtual LAN (VLAN) support; TACACS+; and IEEE 802.1w and 802.1s. For pricing, contact SMC Networks at 800-762-4968.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to mailto:[email protected].

==== Sponsored Link ====

Exclusive Online Event: Email Protection at the Perimeter! Sign up today for this free online product demonstration and see the ePrism M500 from St. Bernard Software in action.

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today!

View the Windows IT Pro Privacy policy at Windows IT Pro is a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2005, Penton Media, Inc. All Rights Reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.