Grammy Winners Hogwarts Legacy Review 'Last of Us' Episode 5 Coming Early Frozen Yogurt Day Freebies Super Bowl Ads Super Bowl: How to Watch Popular Tax Deduction Wordle Hints for Feb. 6
Want CNET to notify you of price drops and the latest stories?
No, thank you

Commentary: The business end of SP2

For enterprises, mass deployment of the Windows XP service pack isn't a practical reality. Companies should treat SP2 as a full-fledged operating system upgrade.

Commentary: The business end of SP2
By Forrester Research
Special to CNET
August 9, 2004, 10:00AM PT

By Simon Yates and David Friedlander, analysts

Microsoft has released Windows XP Service Pack 2 to manufacturing and shipped the new operating system to PC manufacturers worldwide.

For consumers, enabling the software's Automatic Update feature will schedule an automatic download. Customers can also call Microsoft to get a CD. But for enterprises, mass deployment of SP2 isn't a practical reality, and companies should treat SP2 as an operating system upgrade and not just a service pack update. During the deployment, companies need to use the same procedures and tools as a full-scale operating system upgrade--including maintaining dual SP1 and SP2 images and using client management systems to deploy the new operating system to the desktop.

Related story

Big Blue tells
workers to hold off
on installing SP2.

This new service pack release adds many new security features to the operating system and rolls together all of the applicable security patches since Microsoft released Windows XP SP1 in August 2002.

For enterprises, deploying SP2 to potentially thousands of users is no small undertaking and not to be taken lightly. IT managers need to do the following:

•  Treat SP2 as a full-scale operating system upgrade--not just a service pack update. Enterprises should use the same procedures and tools to upgrade from SP1 to SP2 as they would for a full-scale operating system migration. New features and the "on by default" approach to security will require policy updates and firewall configuration changes to enable capabilities like administrator remote access. Microsoft debated whether to release SP2 as a new operating system, but because enhancing security was the primary goal--and to bypass licensing issues--the company decided that the service pack approach was more appropriate.

arrow Will SP2 protect your system?
play audio
•  Disable automatic updates on local machines, if possible. IT should disable the Windows Automatic Update feature on the desktop systems to prevent users from triggering a download until the machine has been updated to SP2. Updates should be administered from a central point using the Microsoft Software Update Services (SUS) or software deployment tools, such as those from LANDesk, Altiris or Novell. If centralized desktop update services are not used, users should disable Automatic Update and be warned not to install SP2 if a download occurs.

•  Maintain dual SP1 and SP2 images for a measured migration. Mass deployment of SP2 isn't a practical reality in large enterprises, so companies will need to maintain images for both versions of the operating system during the rollout and use third-party imaging tools like Symantec Ghost or Altiris to build and deploy the new SP2 image. Currently, Microsoft tools like Systems Management Server (SMS) and the Solution Accelerator for Business Desktop Deployment (BDD) don't include imaging tools for Windows XP, but the SMS OS Deployment Feature Pack--slated for release later in the year--will offer imaging capabilities for XP deployments. BDD includes scripts and configuration files to help users configure imaging and deployment servers, but complete support for future Windows XP service packs was not fully implemented in the initial release of BDD. As a result, some scripts will need to be updated to integrate SP2 with existing BDD images.

•  Use client migration tools for deployment. To simplify and automate the deployment of SP2, companies that haven't done so already should select a migration and deployment tool. Altiris and Symantec offer the most robust functionality. Symantec acquired PowerQuest last year to add dynamic imaging and desktop migration capabilities to its Ghost desktop imaging solution. For companies that need strong integration with Active Directory and Microsoft SMS, Altiris' Client Management Suite offers the most complete functionality.

© 2004, Forrester Research, Inc. All rights reserved. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.