Is it out yet?
Yes. To beta testers at this time. Should be on the Download site on
Monday:
http://blogs.msdn.com/mswanson/archive/2004/08/06/210345.aspx
The release to manufacturing (RTM) version of Windows XP Service Pack 2
is now available for download via MSDN Subscriber Downloads. The CD ISO
image weighs in at 475.35MB.
If you?d rather let Windows Update automatically install it, visit this
page to ensure that your Internet Connection Firewall and Automatic
Update settings are configured correctly. I don?t think it?s available
through Windows Update quite yet, but enabling these features will allow
your computer to download it as soon as it?s posted.
This is a fantastic release with a lot of new security features. I?ve
been running various builds of SP2 over the past few months, and I?ve
loved every minute of it. The pop-up blocker is a very welcome addition,
the much improved firewall is easy to configure, and I find that I don?t
have nearly as much spyware finding its way onto my computer. Some of
the areas that have been improved are: network protection, memory
protection, safer e-mail handling, enhanced browsing security, and
improved computer maintenance.
From a customer-ready e-mail that is being sent out:
I am pleased to inform you that Windows XP Service Pack 2 released to
manufacturing on Friday August 6, 2004. Windows XP Service Pack 2
contains major security improvements designed to provide better
protection against hackers, viruses, and worms. Windows XP Service Pack
2 also improves the manageability of the security features in Windows XP
and provides more and better information to help users make decisions
that may potentially affect their security and privacy.
On Monday, August 9, 2004, the full network installation package for
Windows XP Server Pack 2 will be posted on the Windows XP Service Pack 2
site on Microsoft TechNet (http://www.microsoft.com/technet/winxpsp2).
This site is also the best resource for accessing the most up-to-date
technical information regarding Windows XP Service Pack 2.
On-line distribution will be the primary distribution vehicle for
Windows XP Service Pack 2 and below is a summary of the key milestones
of the distribution plan:
8/6 Release to manufacturing
8/9 Release to Microsoft Download Center (network installation package)
8/9 Release to MSDN subscription site (CD ISO image)
8/10 Release to Automatic Updates (for machines running pre-release
versions of Windows XP Service Pack 2 only)
8/16 Release to Automatic Updates (for machines NOT running
pre-releases versions of Windows XP Service Pack 2)
8/16 Release to Software Update Services
Later in August Release to Windows Update for interactive user installations
Because of the significant security improvements outlined above,
Microsoft views Windows XP Service Pack 2 as an essential security
update and is therefore distributing it as a ?critical update? via
Windows Update (WU) and the Automatic Updates (AU) delivery mechanism in
Windows. Microsoft is strongly urging customers with Windows XP and
Windows XP Service Pack 1-based systems to upgrade to Windows XP Service
Pack 2 as soon as possible.
--------------------------------
What do we SBSers need to do specifically?
If you want to be able to enable the firewall INSIDE your networks, install
http://www.microsoft.com/downloads/details.aspx?familyid=d70097c2-4317-40e0-b7da-feb52c6b6386
This update enables and configures the Windows Firewall in Windows XP
Service Pack 2 on Windows Small Business Server 2003 networks.
ONLY install this after you have at least one machine in the office at
XP sp2 RTM as the group policy will no longer be able to be edited from
the server until this is released:
842933 - "The following entry in the [strings] section is too long and
has been truncated" error message when you try to modify or to view GPOs
in Windows Server 2003, Windows XP, or Windows 2000:
http://support.microsoft.com/?kbid=842933
[I called about 2 hours ago and they are working on the 2k3 version]
-------------------------------
More reading on this
http://download.microsoft.com/download/7/9/a/79a88f49-5a0f-42f8-b6bb-63939752fb80/SBS_XPSP2.DOC
--------------------------------
What if I do nothing?
Then the firewall will be disabled inside the network and while the
active X and pop up blocking will be in place, the internal firewall
blocking will not.
----------------------------------
What's the most impact I will see if I install this?
Quite frankly on my desktop at the office where I have been running the
RC2 candidate, none of my applications have been affected in any way,
shape or form. The install does take a bit of time [its a 200+kb file
and ensure that you archive the bits when installing. Once it installs
the first screen up will look a bit text-installer like and then it will
ask you if you want to enable auto update.
First screen
http://www.winsupersite.com/images/reviews/xp_sp2_02_01.gif
----------------------------------
What's this I hear about the security center?
This is kewl as it monitors your patch level, your firewall status and
your antivirus level. It will know that Trend SMB is loaded and alert
you if it might be out of date. Symantec doesn't at this time but the
patch is expected soon. Etrust needs to be on the latest and greatest
engine/client to work properly.
Looks like this [obviously Paul's wasn't fully enabled]
http://www.winsupersite.com/images/reviews/xp_sp2_02_02.gif
----------------------------------
What the pop up blocker and active x blocker do?
I see the most impact for me on business web sites like
www.bankofamerica.com where we had to manually add the web site and the
site it "launches off to" when making tax payments electronically so we
could get page properly.
When you get to a page that the IE blocks some possible harmful
scripting and you need to enable it [like the first time you go to
Remote Web Workplace after installation] the IE info tool bar will let
you know what to do:
http://blogs.msdn.com/tonyschr/archive/2004/06/15/156787.aspx
The pop up manager can be adjusted as well and looks like this:
http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/popupmanager.aspx
http://www.winsupersite.com/images/reviews/xp_sp2_ie_pop-up-blocker.gif
----------------------------
What about the firewall? Won't it stop programs?
If you are running with local admin rights the programs should just poke
their own holes through without issue
http://www.winsupersite.com/images/reviews/xp_sp2_security_alert.gif
One thing to check [and unfortunately I can't here at home] On my
original test of RC1 I had to manually make a port exception for tcp
27529 for Trend to pick up the dat file updates [SMB suite] I've heard
from other folks that later builds did not need this manual adjustment.
If someone else newly installing this can let me know if this is true,
I'd appreciate it.
---------------------------------
What about SBS 2000? Doesn't it need a patch too?
No, the firewall and everything on the XP sp2 client will work
independently of the server and you won't need to adjust any group
policy to make anything work.
-------------------------------
The biggest impact in my office?
On the four machines that are running the sp2, I've had to let folks
know how to add a web site to the trusted site zone to enable scripting
when needed and to add sites to the pop up tool bar.
As I've posted in my blog:
http://msmvps.com/bradley/archive/2004/08/04/11232.aspx
"I haven't met a web site yet that I couldn't get to work with XP sp2.
Now mind you I'm adding a few to my ?trusted site zone? settings with my
handy dandy Trusted site tool bar add in that works on XP sp2, IE 6 [I'm
starting to sound like a broken record but I'll post it again]
http://www.microsoft.com/windows/ie/previous/webaccess/pwrtwks.mspx
ooh and BobP posted in another example at
http://www.jasons-toolbox.com/programs.asp?Program=Trust%20Setter
----------------------------------
How soon should I be rolling this out to clients?
Of course, after you test it. But I can say it's been very stable for
me. Call your clients and inform them that if they are still on 98,
this is the time to get off that platform and get on a OS that is much
much better built for spyware and malware protection
As always, these are my personal opinions, your mileage may vary.
--
http://www.sbslinks.com/really.htm
