Microsoft issues Windows Server 2003 update

Microsoft on Tuesday released a blocking tool for corporate users that will prevent the automatic download of the first service pack for Windows Server 2003.

Microsoft provided a similar blocking tool when Windows XP SP2 was released. The tool allowed companies to keep using Automatic Updates while they decided on if, how and when they would upgrade to XP SP2.

The new blocking tool, which works with a registry key, a script or a group policy setting in Active Directory, will prevent the automatic download of Windows Server 2003 SP1 through Microsoft's online patch download services, Automatic Update, Windows Update or the newly launched Microsoft Update.

Those services automatically bring security and other patches down to the operating systems and installs them. During the release of XP SP2, Microsoft caused an uproar among users, especially those in the higher education community, when it decided to deliver the service pack through its automatic update services. Just months earlier, Microsoft had said it would not do that. Users were concerned because XP SP2 was not compatible with some desktop applications. No such similar concerns, however, surround Windows Server 2003 SP1.

But most corporate users do not have updates automatically installed on desktops and certainly not servers because it would not allow for proper testing before deployment. But during the XP SP2 fiasco, even Microsoft was surprised how many corporate users had activated Automatic Updates on their corporate desktops.

Most companies use Microsoft's System Management Server, Windows Server Update Services or third-party patch management tools to control patch downloads and distribution.

"There are more people than you would expect with [auto updates] turned on at the server," says Samm DiStasio, director of product management for the Windows Server division. "We are just trying to make sure the tool is available well in advance of us turning on automatic updates. But let's be clear, this is a tool for blocking automatic updates. You can still install SP1 on their servers if you have the disk or you want to download the bits on your own."

Windows Server 2003 SP1 was officially released on March 30, however, its availability over the Web is slated for July 26.

The new blocking tools, which will keep Windows Server 2003 SP1 off the automatic update cycle until March 30, 2006, has three components: a Microsoft signed executable, a script and an ADM template.

The executable creates a registry key with a switch that will block or unblock the download of the service pack while allowing all other patches and fixes to be downloaded. The key used is called HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate.

The script will do the same thing as the registry key, but Microsoft says it allows users to specify a block or unblock on a specific machine name.

Microsoft also issued a warning saying "the executable and script have been tested only as a command-line tools and not in conjunction with other systems management tools or remote execution mechanisms.

The third option is the ADM template, which works in conjunction with Active Directory's group policy technology. The template includes new group policy settings to block or unblock delivery of the service pack.

Microsoft also noted that Windows Server 2003 SP1 requires users to accept and initiate its installation so even if the service pack is automatically downloaded it must be explicitly accepted and installed by a server administrator.

Join the newsletter!

Error: Please check your email address.

More about Microsoft

Show Comments