Month: March 2007

Microsoft Support: Windows Server 2003 SP2 Compatibility

Microsoft has released a listing of applications that they have tested against Windows Server 2003 Service Pack 2.  Obviously they cannot test everything so you should check with your ISV’s before deploying SP2 onto your Windows 2003 Servers, test, backup and then deploy following a change control process with a rollback plan in place.  I’d recommend pilot machines being selected before you go about deploying on a widespread basis.

And a lesson learned from SP1.  I haven’t checked if MS have released an SMS package definition file yet (PDF).  If they have, make sure you disable the installation time limit.  SP1 had a deadline that was too short for slower servers and would leave them inoperable, i.e. stop the installation half way through.  I’m glad to say I found that one in a test lab.

Windows Server 2003 Service Pack 2 and Automatic Updates

The Microsoft Server team posted a quick article informing us that although SP2 will be available immediately as a high priority update on AU, it will not be forced onto machines for the first 3 months.  If you wish to prevent this installation then you can deploy and manage a blocker tool for SP2.  The toolkit contains an executable, script and a Group Policy ADM template.  You can use either of the 3 methods to create and edit a registry key that blocks or enables SP2 installation.

The key is HKLMSoftwarePoliciesMicrosoftWindowsWindows Update.  The value controlling the installation is DoNotAllowSP.  Setting this to "1" will block installation of SP2 indefinitely via Automatic Update or Windows Update.  The best solution to control this in an AD environment will of course be to use the ADM template and Group Policy.

Quick Look at CM 2007 Beta 2

A lot has changed since Beta 1 of Configuration Manager 2007.  I had a quick look yesterday and some quick things I noticed:

  • The user interface has started to be updated.  SMS is more frequently being referred to as ConfigMgr.
  • After a quick look, boundaries are simplified to just "fast" and "slow and unreliable".
  • When defining a boundary, you can browse for an available AD site or even define an IPv6 prefix.
  • Software update management used WSUS 3.0 for update synchronisation.  The GUI of the role configuration is lifted right from WSUS.
  • OS Deployment now uses WDS as a PXE engine.  It feature a new role for PXE.
  • There is a mixed mode (supporting SMS 2003 in the hierarchy) and mixed mode.
  • Mixed mode requires a PKI.  It also allows for Internet based clients.
  • A management point can be made available to Internet clients.
  • The mixed mode PKI requires a lot of work before you even start installing CM 2007.  The documentation available for beta 2 is flawed.  You need to create 2 new templates and issue certs to your ConfigMgr site role hosts.
  • You can jump from native back to mixed mode.
  • Beta 2 does not support SMS 2003 R2 upgrades.
  • Additional functionality includes desired configuration management.
  • There’s no more mention of legacy clients.

I’ll post some more as I come across it.  I plan to work through the product ASAP.

Windows 2003 Service Pack 2 RTM

Microsoft has just released Service Pack 2 for Windows Server 2003.  Note that this also upgrades Windows XP x64 to Service Pack 2.  As usual, it’s a cumulative update, i.e. if you build Windows 2003 with no service pack then you can bring it up to date by applying this service pack and any post SP2 updates.

There’s a whole bunch of releases:

There’s also some deployment preparation tools available:

  • KB Analyser Tool for Windows Server 2003 Service Pack 2 Deployment: After you install Microsoft Windows Server 2003 Service Pack (SP2), the system does not trust binaries that are installed by out-of-band updates. (An out-of-band update is an update that Microsoft makes available outside the regular product shipment cycle.) The Oobmig.exe tool restores trust to these out-of-band updates.  There is also an Itanium version.
  • Hotfix Scan Tool for Windows Server 2003 Service Pack 2: You can use this tool to scan for hotfixes that will potentially regress after you install Microsoft Windows Server 2003 Service Pack 2.
  • System Preparation Tool for Windows Server 2003 Service Pack 2:  This is an updated version of Sysprep.  There is an x86 and x64 version.

The Support Tools have also been updated:

Have a read of the document that I wrote on Windows 2003/Windows XP x64 SP2 while it was still in beta if you want to know what is included and how to deploy it.

Symantec Buys 4FrontSecurity

The Register is reporting that Symantec is buying a firm called 4FrontSecurity.  I’m sure they’re a great company with a great product but I’m not interested in this with regards to this story.

As you may or may not know, Microsoft started branding their security products under the "Forefront" banner last year, e.g. Forefront Client Security.  We all know that Symantec are ticked off with Microsoft for entering the corporate anti-malware market. 

Call me paranoid (some do … but I’ve always been right, eh Baz?)  but you wouldn’t think that maybe Symantec bought a firm called 4FrontSecurity so that they could stake a claim to any naming of security products called 4Front or Forefront?  I’m not saying that’s their motivation or that it has even crossed their minds.  I don’t know what 4FrontSecurity does … maybe they do have fantastic products and people that are worthy of an acquisition.  But it does make me wonder.

Credit: The Register.