Windows XP SP2 blocking tool expires Tuesday

A special tool that blocks the download of Service Pack 2 (SP2) on Windows XP PCs will expire Tuesday, ending the last SP2 respite for users who rely on the Automatic Updates feature in Windows to keep their systems up to date.

Microsoft released SP2 in August last year. Taken aback by customers who use Automatic Updates, but were not prepared to deal with the service pack, Microsoft provided a way to set a Windows registry key that instructs the system to skip downloading and installing SP2, but still download other critical updates.

Initially the respite was for 120 days. But faced with concerns from IT professionals, Microsoft doubled that to allow more time to prepare for the mammoth update. On April 12 the blocking mechanism will expire and Automatic Updates and the Windows Update Web site will deliver SP2 regardless of the block.

"I am ready for XP SP2 now," said Thomas Smith, manager of desktop engineering at a large Houston-based company. Smith blocked the SP2 download on the 5,000 PCs he manages. He has now prepared an additional update that his users need to apply after installing SP2 so they can keep accessing certain required Web sites, which SP2 blocks, he said.

Still, Smith is not happy with the way Microsoft is "force feeding" him the update. "I am glad that we were able to prepare for it, but next time they need to have a good user round table to discuss this."

SP2 is a major update and has even been compared to a new operating system. The service pack makes many changes to Windows XP to better protect computers against hackers, viruses and other security risks. For example, SP2 includes an improved Windows Firewall, which is turned on by default, and offers memory execution protection to prevent buffer overrun attacks.

As a result of the changes, the service pack can render existing applications inoperable and block access to certain Web sites. Many businesses want to hold off on installing SP2 and are taking time to test it with their systems. Over three quarters of Windows XP PCs in U.S. and Canadian businesses have yet to be upgraded, according to a recent survey.

Compatibility issues are keeping ReedSmith, a law firm based in Pittsburgh, from upgrading its 2,600 Windows XP machines. The firm now plans to include SP2 in a refresh of its desktop software that will be installed on the systems starting next year, said David Guilinger, a director in ReedSmith's systems and technology department.

"If we build from scratch SP2 works fine with our software; if we apply it on top of our existing configurations we have issues," Guilinger said. "Upgrading introduced too many end user prompts and conflicts."

ReedSmith does not use Automatic Updates or Windows Update to keep its systems up to date, so Guilinger is not worried about the deadline passing on the locking mechanism.

Microsoft advises consumers to enable Automatic Updates in Windows XP to patch their systems, but recommends businesses use patch management tools such as its Systems Management Server (SMS) and Software Update Services (SUS) or third-party products. As such, Microsoft does not expect many users to be grappling with SP2 on Tuesday.

"This affects only machines in a handful of enterprise customers' environments," said Tiffany Allesina, a group product manager at Microsoft in a statement provided by the company's public relations agency. Most customers that used the blocking tool have either installed SP2 or now use special tools for doing patch management, she said.

Microsoft has labeled SP2 a "critical" update and urges all Windows XP users to install it. Over 185 million copies of SP2 have been downloaded, according to Microsoft.

Adoption by enterprise customers is in line with Microsoft's expectations. In February, the company said 77% of about 800 enterprise customers surveyed in late 2004 planned to deploy SP2 sometime in mid-2005.

Holland & Knight upgraded its 3,500 Windows XP clients to SP2 over a six week period without any hiccups. The company tested early releases of the service pack for several months, said Travis Abrams, IT security and systems manager at the international law firm.

The upgrade using Microsoft's SMS product was smooth, Abrams said. "The primary issues related to Web sites," he said. Some Web sites had to be added to the list of trusted sites in the Internet Explorer (IE) Web browser to work well, he said. IE in SP2 has a pop-up blocker, among other new features.

Business users need to test, but Microsoft can't be blamed if users are unpleasantly surprised by SP2, analysts have said. The software maker has provided several early releases of the service pack and a lot of documentation to help with the upgrade. Abrams at Holland & Knight advises his peers to upgrade as soon as possible, but to test compatibility with business applications and Web sites first. Guilinger at ReedSmith and Smith in Houston also caution users.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)