The long-awaited Windows XP Service Pack 2 addresses many long standing and crucial Windows security issues, many of which are time critical, from spyware to looming worm attacks. While you may implement XP SP2 on individual desktops using Automatic Updates, rolling it out across dozens or hundreds of computers is one task many administrators are not prepared to handle. Here are several essential tips for a smooth and speedy XP SP2 update, especially for larger organizations.
Educate users and educate yourself
The changes in XP SP2 are far ranging. Take time to familiarize yourself with all of the XP SP2 enhancements that affect your users, and prepare documents to explain the changes. Find out which applications may no longer work, such as FTP clients or multimedia streaming software. Networked applications that receive data from a server may also experience problems with the new built-in firewall. A complete rundown of what's new in XP SP2 is available here, and it is well worth reading over in close detail. The more you know what to expect in advance, the better.
Do preflight checks wherever possible
For machines you plan to patch by hand in a controlled environment (such as remote-user laptops or lab computers), first make sure they are free of spyware, viruses and other potential problems that may prevent XP SP2 from installing correctly. The more tightly managed the system, the better the install will go. Delete temporary and cached files of all kinds, just to be on the safe side.
Consider wiping the slate clean
Rather than patch an existing system and hope all is secure, create newly-prepared system images with XP SP2 installed on a clean system. (This is probably the most secure option, since it leaves the least to chance.) Another option is to slipstream XP SP2 onto an install CD and build the system image using that. The user can then boot an image CD or DVD and re-image the whole system. One downside to this plan is that any data stored on the system itself will need to be moved off, which may in itself be a project, but it may also yield the most dependable results.
Consider using Microsoft Software Update Services
This somewhat underappreciated program allows you to create a local server to provide patches (including XP SP2) through the Automatic Updates mechanism. This eliminates having to retrieve patches for individual desktops from across the Internet. It saves bandwidth and allows for you to deploy XP SP2 entirely locally. Learn more here about using SUS to deploy SP2.
For More Information
Get your basic questions about XP SP2 security enhancements answered in Fast Guide: XP SP2 security
Click here for an XP SP2 primer
This was first published in October 2004