Windows & .NET Magazine UPDATE--November 4, 2003

This Issue Sponsored By

IBM Rational software

Learning Guide: Do You Need a Fax Server (Whitepaper)


1. Commentary: Windows 2003 SP1 and Windows XP SP2: Not Your Average Service Packs

2. Hot Off the Press
- Massachusetts Opens Appeal of Microsoft Ruling

3. Announcements
- We Need Your Feedback
- Order Windows & .NET Magazine and the Article Archive CD at One Low Rate!

4. Instant Poll
- Results of Previous Poll: XP Update Rollup 1
- New Instant Poll: Changing Passwords

5. Resources
- Featured Thread: Windows XP Logon Delay
- Tip: I want to install both Windows XP Professional Edition and XP Home Edition on one partition, but the XP installer doesn't prompt me for an installation folder. How can I install this configuration?

6. Event
- Don't Miss Our 4 New Web Seminars 7. New and Improved
- Protect and Manage Your Open PC Environment
- Disable Programs That Start When Windows Loads
- Tell Us About a Hot Product and Get a T-Shirt!

8. Contact Us
- See this section for a list of ways to contact us.

==== Sponsor: IBM Rational software ====
Get A Robust Collection of New Developer Resources--FREE
If you're a developer who wants to stay on top of the latest technology, be sure to sign up to receive the latest developer PowerPack from IBM(R) Rational(R) software. Get a robust collection of resources— market-leading evaluation software, technical articles, extensive artifact libraries, webinars, expert presentations, reference posters, and software demos. View what you want. Explore your technical interests. Click Here


==== 1. Commentary: Windows 2003 SP1 and Windows XP SP2: Not Your Average Service Packs ====
by Paul Thurrott, News Editor, [email protected]

Last week, Microsoft held its epic Microsoft Professional Developers Conference (PDC) 2003 in Los Angeles. PDC 2003 was a coming out party for Longhorn, the next Windows client OS, and introduced developers to upcoming technologies such as Longhorn, Visual Studio .NET (code-named Whidbey), Microsoft SQL Server (code-named Yukon), and a Microsoft.NET-based Web services infrastructure (code-named Indigo). Because many of these technologies are several months away at best, this week I want to discuss some of the more understated announcements and products Microsoft revealed last week that will more directly affect IT in the short term. Specifically, I'd like to discuss Windows XP Service Pack 2 (SP2) and Windows Server 2003 SP1.


In August, Microsoft found itself in a bit of controversy when it quietly revealed through a Web site posting that it was delaying XP SP2 from fall 2003 until mid-2004. XP SP1, you might recall, shipped in August 2002, or about 10 months after the initial XP release; this new schedule means SP2 will follow SP1 by a whopping 20 months or more. When you factor in all the security hotfixes and other critical updates that Microsoft has released since SP1, that's a long wait, and new installations of XP SP1 face an installation of more than 100MB of updates from Windows Update on first boot. That's unacceptable.

To partially alleviate this problem, Microsoft recently unveiled the Security Rollup Package 1 (SRP1) for XP, a collection of more than 20 post-SP1 security patches for XP rolled into one package that requires just one reboot. But this package doesn't explain the SP2 delays.

XP SP2, as you might recall, was supposed to include all the post-XP SP1 hotfixes and a new feature called "concurrent user sessions." This feature, designed primarily for Windows Powered Smart Display users, allows two concurrent logons on XP Professional Edition machines: one interactive and one remote. Sadly, the concurrent user sessions feature won't be part of XP2; instead, Microsoft will roll this functionality into the software that ships with the next version of Smart Displays, due in early 2004.

XP SP2 will include a bevy of new features, in addition to the aforementioned patches, most of which are designed to make XP more secure. For this reason, XP SP2 is suddenly a much more important release to businesses of all sizes.

First, XP SP2 will mark the first product to come out of Microsoft's new "secure by default" initiative. This means that the Windows Messaging service will be disabled by default, the Internet Connection Firewall (ICF) will be enabled by default, and users will be able to configure multiple profiles safely, with different settings for work and home. Some of these changes will require subtle modifications to the way XP works. For example, Microsoft will enable home network-based file sharing on systems with the firewall turned on. Likewise, the update will contain small changes that enable boot-time protection and smart UIs for configuring Group Policies and unattended setup.

With SP2 installed, XP systems will be better able to fend off common electronic attacks. For example, Microsoft is reducing vulnerabilities to Distributed COM (DCOM) and remote procedure call (RPC) attacks by requiring authentication on default interfaces, restricting RPC interfaces to just the local machine, and disabling RPC over UDP, among other actions. The company will issue new RPC APIs for developers that help take advantage of these changes. For email attacks, Microsoft is creating a system-level mechanism, originally slated for Longhorn, that applications can use to determine whether email attachments are unsafe; this mechanism, called the Attachment Execution Services (AES) API, defaults to not trusting most attachments, and the company will add support for the service to Microsoft Outlook and Outlook Express. For Web-based attacks, Microsoft is locking down the local machine and local intranet zones in Microsoft Internet Explorer (IE), changing the way ActiveX controls and other Web-based applications are installed, and suppressing all non-user-initiated pop-up ads.

At a lower level, XP SP2 will take advantage of new memory-protection features in AMD and Intel microprocessors to reduce common buffer-overrun exploits. This feature is available in most modern 32-bit and 64-bit microprocessors, Microsoft says.

Windows 2003 SP1

Looking ahead to late 2004, Microsoft is planning a similarly major and safety-oriented service pack for Windows 2003. Windows 2003 SP1 will include the roles-based Security Configuration Wizard, along with a slew of as-yet-unnamed protection features aimed at enterprises. Additionally, the company will include support for client network isolation so that Windows 2003 SP1 machines can prevent clients from accessing a corporate network until their security state is verified. A VPN Quarantine feature will let remote Windows clients safely access network features.

Unlike XP SP2, the feature set for Windows 2003 SP1 is still in flux, so we'll know more soon. In the meantime, both XP SP2 and Windows 2003 SP1 are being delivered well after their original release schedules, but they'll be far more secure as a result. Whether the wait is worth it, I suppose, is up to the individual. I'd rather see the company deliver regular security rollups, as it did recently with XP SRP1, for all of its supported OSs. In this increasingly dangerous world, we need simpler and less intrusive ways to keep our new and existing systems up-to-date, and these service packs, along with Microsoft's wide-reaching plans to simplify patch management, will go a long way toward fixing the problems.


Sponsor: Learning Guide: Do You Need a Fax Server (Whitepaper) ====
Receive a complimentary whitepaper designed to help organizations make informed decisions on network fax technology and if it may benefit their company
- Eliminate dependence on traditional fax machines
- Leverage existing Email infrastructures
- Provide centralized administration
- Incorporate a schema that users are familiar with


==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

Massachusetts Opens Appeal of Microsoft Ruling
Today, the state of Massachusetts opens its appeal of the Microsoft antitrust ruling in the US Court of Appeals for the District of Columbia Circuit Court. Massachusetts will argue that Microsoft's settlement with the US government and several US states is fundamentally flawed, as evidenced by the company's behavior since the settlement. Additionally, the state will argue that US District Court Judge Colleen Kollar-Kotelly misunderstood the technical aspects of the case, handing the software giant a soft remedy that doesn't address the concerns that the original case raised. And in a separate but related case, two industry trade groups will also appeal the Microsoft settlement to the same group of appellate court judges, arguing that the settlement is not in the public interest. For the complete story, visit the following URL:

==== 3. Announcements ====
(from Windows & .NET Magazine and its partners)

We Need Your Feedback
In order to improve our security-related content in our Microsoft Security Watch newsletter, we need your opinion about what issues are of greatest importance to you and your organization. It only takes a few minutes to respond and complete the survey at

Order Windows & .NET Magazine and the Article Archive CD at One Low Rate!
What's better than Windows & .NET Magazine? Try Windows & .NET Magazine and the Windows & .NET Magazine Article Archive CD at one super low rate. Read Windows & .NET Magazine in the office. Take the Article Archive CD with you on the road. Subscribe now!

~~~~ Hot Release: St. Bernard's iPrism(R) Internet Filtering Appliance
Discover the appliance advantage and improve the way you filter with iPrism. Find out why companies are switching to the only true appliance available. One box is all you need for a total Web filtering solution. Download 5 FREE Tools today!

==== 4. Instant Poll ====

Results of Previous Poll: XP Update Rollup 1
The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "Have you rolled out Update Rollup 1 for Microsoft Windows XP to your network?" Here are the results from the 237 votes:
- 46% Yes, we've rolled out the update
- 13% No, but we plan to very soon
- 15% No, we're waiting to see whether it's bug free
- 26% No, we'll wait for XP Service Pack 2 (SP2)

New Instant Poll: Changing Passwords
The next Instant Poll question is, "How often does your organization force users to change passwords?" Go to the Windows & .NET Magazine home page and submit your vote for a) At least once a month, b) Every 2 to 3 months, c) Every 3 to 6 months, d) Every 6 months or more, or e) We don't force password changes.

==== 5. Resources ====

Featured Thread: Windows XP Logon Delay User "Sunray,Otaki" has just installed Windows Server 2003 at his company, which has a mixture of Windows XP, Windows 2000, and Windows Me machines as workstations. The Win2K and Windows Me machines have no difficulty in logging on to the domain, but the XP machines have a delay that can be up 2 minutes after entering a username and password. If you know how to help him solve this problem, visit the following URL:

Tip: I want to install both Windows XP Professional Edition and XP Home Edition on one partition, but the XP installer doesn't prompt me for an installation folder. How can I install this configuration?
by John Savill,

If you attempt to install both OSs, the second OS will typically overwrite the first OS because the installer doesn't prompt you to enter an installation folder name and instead uses the default Windows folder. To work around this limitation, you must perform an advanced installation by performing the following steps:
1. Install and boot to your first XP installation.
2. Insert the XP installation CD-ROM for the secondary XP version that you want to install.
3. On the Welcome dialog box, click Install Windows XP.
4. Select New Installation (Advanced), then click Next.
5. Select "I accept this agreement," then click Next.
6. Enter the product key, then click Next.
7. On the Setup Options page, click Advanced Options.
8. In the Advanced Options dialog box in the "To this folder on my hard drive" field, enter the name of the folder in which you want to install this version of XP, then click OK. 9. On the Setup Options page, click Next. 10. Complete the installation as usual.

==== 6. Event ====
(brought to you by Windows & .NET Magazine)

Don’t Miss Our 4 New Web Seminars
Sign up today for these upcoming Web seminars: How to Pick the Right Anti-Spam Solution, Assessing IM Risks on Your Network, Choosing the Right Patch Management Solution, and the Costs of Spam. Don’t miss these free events!

==== 7. New and Improved ====
by Carolyn Mader, [email protected]

Protect and Manage Your Open PC Environment
FSLogic released FSLogic Protect, software for administrators of open-access and public-use PCs that saves portable, customized Windows system settings and retrieves user configurations and data without rebooting. After a user concludes his or her session, the PC instantly refreshes to the original configuration that the administrator defines. For pricing, contact FSLogic at 801-812-0545 or [email protected]

Disable Programs That Start When Windows Loads
MetaProducts released Startup Organizer 2.0, software that lets you inspect, edit, and temporarily disable the programs that start when Windows loads. You can use the software to find every program that initiates when your computer boots up, and you can decide what to do with the programs. The software costs $25 and runs on Windows 2003/XP/2000/NT/Me/9x systems. Contact MetaProducts at [email protected]

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

==== Sponsored Link ====

Comparison Paper: The Argent Guardian Easily Beats Out MOM;6480843;8214395;q?


==== 8. Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Copyright 2003, Penton Media, Inc.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.