Top 10 reasons to deploy Windows XP SP2

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve seen a fair amount of negative publicity about Windows XP SP2 recently and I don’t think it is fair!

Sure, it’s big; it introduces new functionality (which a service pack shouldn’t); and it will bring its fair share of headaches but then service packs shouldn’t just be rolled out without testing anyway! We should think of SP2 as a an operating system upgrade, plan it as if it was a new version of Windows, and reap the benefits of having a more secure operating system.

If you still need convincing as to why SP2 should be deployed, Microsoft have published an article on their website which may help you make up your mind.

Removing hidden data in Office documents

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A couple of months back, one of my clients came across an issue where they had a document which contained hidden information that they did not want to share publicly. In this instance, removing this information was proving problematic but now Microsoft have published a tool to do exactly this – the Remove Hidden Data add-in tool for Office XP and 2003.

The Remove Hidden Data add-in is a tool which may be used to remove personal or hidden data that might not be immediately apparent the document is viewed in a Microsoft Office application. Microsoft recommend that the following notes are observed when using the tool:

  • You should only run the tool when you are ready to publish your file(s). This is because some of the data that the tool removes is used by Office for collaboration features, such as Track Changes, Comments, and Send for Review;
  • You should always save to a new file name, rather than overwrite the original file with the new document, in order to preserve a copy of the document containing the original data;
  • The Remove Hidden Data add-in does not work with Information Rights Management-protected or digitally-signed files.

MSN Web Messenger

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I often work on client site behind a firewall which doesn’t allow instant messaging (IM) traffic through and want to chat with my mates (of course, I really mean “discuss business with colleagues elsewhere on the ‘net!”).

Now Microsoft have come up with an answer in the shape of MSN Web Messenger. There are alternatives, that have been around for longer, like eMessenger and some of my colleagues have expressed concern that Microsoft will now take over the niche that eMessenger had found, but personally I prefer the MSN Web interface, which closely matches the full client interface.

Trying to suss out what SUS is up to?

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I found a useful script on the SUSserver.com website for detecting and interpreting the automatic updates client registry settings.

Windows Server 2003 time service not updating from Internet

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

The Windows Time service (W32Time) uses the Network Time Protocol (NTP) to help synchronize time across a network. NTP is an Internet time protocol that includes the algorithms necessary for synchronizing clocks and is required by the Kerberos authentication protocol in order to ensure that all computers within an enterprise use a common time.

NTP is a more accurate time protocol than the Simple Network Time Protocol (SNTP) that is used in some versions of Windows; however W32Time continues to support SNTP to enable backward compatibility with computers running SNTP-based time services, such as Windows 2000. NTP uses UDP port 123 for communications. Further details of the Windows Server 2003 implementation may be found in the Windows Server 2003 Technical Reference.

Within an Active Directory forest, the domain controller holding the PDC emulator operations master role in the forest root domain is the head of a hierarchical structure for time synchronisation throughout the forest, and would typically be configured to synchronise with a known time source – either a hardware device, or an Internet time server (in the past I have used the United States Naval Observatory servers tick.usno.navy.mil and tock.usno.navy.mil). This configuration may be established using the following command syntax:

net time /setsntp[:ntp server list]

Best practice would indicate that multiple time sources be configured, by DNS name (rather than IP address); however even when correctly configured W32Time errors may be exhibited in the event logs. Microsoft has confirmed this as a problem in Windows Server 2003 and Microsoft knowledge base article 830092 discusses the problem. A hotfix is available from Microsoft Product Support Services (PSS).

Windows XP SP2 is now available for download

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Despite the Windows and .NET magazine network reporting that XP SP2 has been delayed again, I can confirm that SP2 did ship last week.

The following text is taken from an e-mail received from Microsoft this morning:

“Windows XP Service Pack 2 released to manufacturing on Friday August 6, 2004.Windows XP Service Pack 2 contains major security improvements designed to provide better protection against hackers, viruses, and worms. Windows XP Service Pack 2 also improves the manageability of the security features in Windows XP and provides more and better information to help users make decisions that may potentially affect their security and privacy.

On Monday, August 9, 2004, the full network installation package for Windows XP Service Pack 2 will be posted on the Windows XP Service Pack 2 site on Microsoft TechNet (http://www.microsoft.com/technet/winxpsp2). This site is also the best resource for accessing the most up-to-date technical information regarding Windows XP Service Pack 2. On-line distribution will be the primary distribution vehicle for Windows XP Service Pack 2 and below is a summary of the key milestones of the distribution plan:

  • 6 August 2004: Release to manufacturing
  • 9 August 2004: Release to Microsoft Download Center (network installation package)
  • 9 August 2004: Release to MSDN subscription site (CD ISO image)
  • 10 August 2004: Release to Automatic Updates (for machines running pre-release versions of Windows XP Service Pack 2 only)
  • 16 August 2004: Release to Automatic Updates (for machines NOT running pre-releases versions of Windows XP Service Pack 2)
  • 16 August 2004: Release to Software Update Services
  • Later in August: Release Server Pack 2 to Windows Update for interactive user installations

Because of the significant security improvements outlined above, Microsoft views Windows XP Service Pack 2 as an essential security update and is therefore distributing it as a ‘critical update’ via Windows Update (WU) and the Automatic Updates (AU) delivery mechanism in Windows. Microsoft is strongly urging customers with Windows XP and Windows XP Service Pack 1-based systems to upgrade to Windows XP Service Pack 2 as soon as possible. “

Unable to join domain during unattended Windows installation

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve come across a scenario on a couple of client sites whereby new PCs are staged in a separate VLAN (away from the main network) and fail to join the domain. It is usually a name resolution issue and is resolved by changing the domain name in the unattend.txt file from DNS format to the NetBIOS format (or vice versa).

On a related note, Microsoft knowledge base article 299969 gives advice and guidance on creating a non-administrative account to join the domain as the username and password are stored in clear text in the Windows XP unattend.txt file and cannot be encrypted.

Microsoft Windows XP Security Guide

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Microsoft have just published the updated Windows XP Security Guide, which provides several levels of security guidance for customers interested in hardening deployments of Windows XP for desktop and laptop clients in their environment.

This guide includes settings for Windows XP clients deployed in a Microsoft Windows 2000 or Windows Server 2003 Active Directory domain. The document also includes guidance for an environment requiring an extremely high level of security in which application compatibility or usability may be constrained. Finally, it discusses procedures for implementing Windows XP security settings in stand-alone clients.

Windows XP Service Pack 2 is ready

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

At last! Windows XP SP2 will be released this week!

Today I met with Microsoft UK’s Windows Client Product Manager who confirmed that SP2 release to manufacturing (RTM) was scheduled for yesterday (Microsoft had already publicly committed to this month). It has slipped slightly, but will definitely be released this week.

Even once RTM has passed, supply of SP2 will be limited until 25 August, which is the date for the launch of the new Windows Update 5 site. Until then, SP2 will be trickle-fed via the Windows XP Automatic Updates functionality, but business users will be able to download the service pack from the Microsoft Download Center.

Microsoft are aiming for 40% business uptake of SP2 within 12 months (and 60% for consumers), but are warning that this is not an upgrade to be taken lightly, requiring all the planning, and rigorous testing of a major operating system upgrade.

For more details on SP2, see the following posts:

Office 2003 SP1 and enhanced junk e-mail filtering for Outlook 2003 released

This content is 20 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last week, Microsoft released Office 2003 Service Pack 1. The service pack includes the many public updates and hotfixes that have been released since Office 2003 debuted in autumn 2003 and adds fixes to several other problems that Microsoft hadn’t previously documented. It also offers some new security functionality including the addition of several file types to the list of those that Outlook blocks (noteably: .asp; .tmp; .vsmacros; .vss; .vst; .vsw; and .ws).

Along with the main service pack, equivalent service packs for OneNote 2003, Project 2003 and Visio 2003 were released, as well as an update for Outlook 2003’s junk e-mail filter allowing it to automatically update the safe senders list with outgoing messages’ recipients. This update replaces the outlfltr.dat file that controls the behaviour of the filter and provides a more current definition of which messages should be considered junk, based on Microsoft’s most recent analysis of mail patterns from the massive volumes of spam that Hotmail servers receive.