Sign in with
Sign up | Sign in
Your question

24% of companies have deployed SP2

Last response: in Windows XP
Share
Anonymous
a b 8 Security
April 7, 2005 6:40:11 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

THREE QUARTERS OF BUSINESSES SHUN SP2 UPDATE.
Less than a quarter of businesses in North America have installed
Windows XP Service Pack 2 (SP2) according to a new study April 05, 2005
by AssetMetrix Labs.
'SC Magazine ' (http://tinyurl.com/6av5r)
Treeman


--
Treeman

More about : companies deployed sp2

Anonymous
a b 8 Security
April 7, 2005 6:40:12 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Treeman" <Treeman.1n4pps@pcbanter.net> wrote in message
news:Treeman.1n4pps@pcbanter.net...
>
> THREE QUARTERS OF BUSINESSES SHUN SP2 UPDATE.
> Less than a quarter of businesses in North America have installed
> Windows XP Service Pack 2 (SP2) according to a new study April 05, 2005
> by AssetMetrix Labs.
> 'SC Magazine ' (http://tinyurl.com/6av5r)
> Treeman
>


Probably one of the reasons so many worms are still propagating around the
net. Why would you not apply security updates for an OS? Including Linux,
Unix, Mac etc. They all have security/bug fixes that should be applied from
time to time and they all may break existing applications when the fixes are
applied. Computers are not at the appliance level of operation yet. A bit of
knowledge and user interaction is required to keep then running smoothly.

Kerry
April 7, 2005 8:48:52 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Unfortunately the people often making those decisions in the Corporate
environment aren't very qualified in the field of computing. Like many
people they read only the negative and forget the positive aspects of
keeping an OS up to date.

--
Peter
Toronto, Canada
XP Home SP2
P4 dual HT @ 3.0ghz, 1.0gb RAM, 160gb HD
"Kerry Brown" <kerry@kdbNOSPAMsystems.c*o*m> wrote in message
news:uQzbl65OFHA.3336@TK2MSFTNGP09.phx.gbl...
> "Treeman" <Treeman.1n4pps@pcbanter.net> wrote in message
> news:Treeman.1n4pps@pcbanter.net...
>>
>> THREE QUARTERS OF BUSINESSES SHUN SP2 UPDATE.
>> Less than a quarter of businesses in North America have installed
>> Windows XP Service Pack 2 (SP2) according to a new study April 05, 2005
>> by AssetMetrix Labs.
>> 'SC Magazine ' (http://tinyurl.com/6av5r)
>> Treeman
>>
>
>
> Probably one of the reasons so many worms are still propagating around the
> net. Why would you not apply security updates for an OS? Including Linux,
> Unix, Mac etc. They all have security/bug fixes that should be applied
> from time to time and they all may break existing applications when the
> fixes are applied. Computers are not at the appliance level of operation
> yet. A bit of knowledge and user interaction is required to keep then
> running smoothly.
>
> Kerry
>
>
Related resources
Anonymous
a b 8 Security
April 7, 2005 10:53:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Not sure why they wouldn't. we have deployed 100% and no problem. Also have
been using Windows Update services beta version with great success. Going to
install final update service now that its released. Just waiting for new
server. Running 100% win xp and server 2003 and only problem so far was sp1
for Server 2003 and think we solved those minor problems now.

"Treeman" wrote:

>
> THREE QUARTERS OF BUSINESSES SHUN SP2 UPDATE.
> Less than a quarter of businesses in North America have installed
> Windows XP Service Pack 2 (SP2) according to a new study April 05, 2005
> by AssetMetrix Labs.
> 'SC Magazine ' (http://tinyurl.com/6av5r)
> Treeman
>
>
> --
> Treeman
>
April 7, 2005 11:18:17 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Treeman wrote:
> THREE QUARTERS OF BUSINESSES SHUN SP2 UPDATE.
> Less than a quarter of businesses in North America have installed
> Windows XP Service Pack 2 (SP2) according to a new study April 05, 2005
> by AssetMetrix Labs.
> 'SC Magazine ' (http://tinyurl.com/6av5r)
> Treeman
>
>

I would guess that's because they are behind pretty effective corporate
firewalls?

--
Interim Systems and Management Accounting
Gordon Burgess-Parker
Director
www.gbpcomputing.co.uk
April 8, 2005 4:35:21 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Thu, 07 Apr 2005 18:53:06 -0700, cwood admin wrote:

> Not sure why they wouldn't. we have deployed 100% and no problem. Also
> have been using Windows Update services beta version with great success.
> Going to install final update service now that its released. Just
> waiting for new server. Running 100% win xp and server 2003 and only
> problem so far was sp1 for Server 2003 and think we solved those minor
> problems now.
>
Very simple, really. Much expensive, custom software will not work
properly with SP2.

Testy
April 8, 2005 11:55:14 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Testy" <fraudbuster@canoemail.com> wrote in message
news:p an.2005.04.08.04.35.21.593384@canoemail.com...
> On Thu, 07 Apr 2005 18:53:06 -0700, cwood admin wrote:
>
> > Not sure why they wouldn't. we have deployed 100% and no problem. Also
> > have been using Windows Update services beta version with great success.
> > Going to install final update service now that its released. Just
> > waiting for new server. Running 100% win xp and server 2003 and only
> > problem so far was sp1 for Server 2003 and think we solved those minor
> > problems now.
> >
> Very simple, really. Much expensive, custom software will not work
> properly with SP2.

thats what they said when switching from dos to windows, when going from win
3.1 to win95, when switching from 95/98/me to 2k, and from 2k to xp, they
always break something, but eventually everyone catches up. our IT dept
forbid installation of it for a while, now they allow it but don't push it
so new machines or ones that are updated manually have it and it works fine.
their problem was the firewall would break some of the vpn or remote control
via dameware that they use for the help desk instead of the xp built in one
because they have to support a mixed network of nt/w2k/xp... they locked the
firewall off with ad policy and now are happy with the rest of sp2.
Anonymous
a b 8 Security
April 8, 2005 7:07:40 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Fri, 08 Apr 2005 00:35:21 -0400, Testy wrote:
>
> Very simple, really. Much expensive, custom software will not work
> properly with SP2.

Please list examples of software you are sure won't work with SP2. We've
got a couple thousands systems with varied users/customers, not one
problem with any software they run.

--
spam999free@rrohio.com
remove 999 in order to email me
Anonymous
a b 8 Security
April 10, 2005 12:44:44 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Gordon wrote:
> Treeman wrote:
>
>> THREE QUARTERS OF BUSINESSES SHUN SP2 UPDATE.
>> Less than a quarter of businesses in North America have installed
>> Windows XP Service Pack 2 (SP2) according to a new study April 05, 2005
>> by AssetMetrix Labs.
>> 'SC Magazine ' (http://tinyurl.com/6av5r)
>> Treeman
>>
>>
>
> I would guess that's because they are behind pretty effective corporate
> firewalls?
>

My experience tells me that IT admins are mostly understaffed to handle
the deployment of an upgrade like this. Due to the fact that user's
maintenance of their own workstations can vary drastically, the IT folks
could be looking at their individual trouble ticket workload increasing
well beyond their staffing capabilities. Hell, our IT people are so far
in the hole, our corporate standards are at least one complete version
behind on everything.
Anonymous
a b 8 Security
April 10, 2005 12:47:16 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Peter wrote:
> Unfortunately the people often making those decisions in the Corporate
> environment aren't very qualified in the field of computing. Like many
> people they read only the negative and forget the positive aspects of
> keeping an OS up to date.
>
Check the staffing levels of most IT departments. Look at the staff they
have. My experience tells me I see two things:
1. Understaffed to handle what they should be doing
2. Undertalented with the staff they have
April 10, 2005 2:45:31 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'm retired now, but I remember out IT dept. was severely understaffed. I
hear you!

--
Peter
Toronto, Canada
XP Home SP2
P4 dual HT @ 3.0ghz, 1.0gb RAM, 160gb HD
"optikl" <optikl@com_invalid_cast.net> wrote in message
news:o Z5STPdPFHA.4028@tk2msftngp13.phx.gbl...
> Peter wrote:
>> Unfortunately the people often making those decisions in the Corporate
>> environment aren't very qualified in the field of computing. Like many
>> people they read only the negative and forget the positive aspects of
>> keeping an OS up to date.
>>
> Check the staffing levels of most IT departments. Look at the staff they
> have. My experience tells me I see two things:
> 1. Understaffed to handle what they should be doing
> 2. Undertalented with the staff they have
Anonymous
a b 8 Security
April 10, 2005 7:50:55 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

On Sun, 10 Apr 2005 08:47:16 -0500, optikl wrote:
>
> Peter wrote:
>> Unfortunately the people often making those decisions in the Corporate
>> environment aren't very qualified in the field of computing. Like many
>> people they read only the negative and forget the positive aspects of
>> keeping an OS up to date.
>>
> Check the staffing levels of most IT departments. Look at the staff they
> have. My experience tells me I see two things:
> 1. Understaffed to handle what they should be doing
> 2. Undertalented with the staff they have

My company actually remotely manages IT resources at small (under 30
offices) companies that don't have a full-time staff for it. What we've
seen is that the companies don't want to pay for qualified full-time
employees and they end up with partially qualified employees. The real
problem starts with the HR department - where unqualified people make
decisions about skill sets they don't understand, then CFO's don't trust
the CIO's to make the best decisions for the company, then the CFO doesn't
get a qualified IT manager (more of a business manager than a IT type)....

Before I started my own company, while working for a fortune 500 company,
I had a CIO tell me that we had to drop a T1 for a 30 person office
doing projects/hosting and use the 256k leased line instead (they wanted
to keep the 256k line instead of the T1!) - why? Well, the T1 with a IPSec
tunnel to the home office was not secure enough for the email system....

Ever watch someone in a remote office, over a 256k line being shared with
30 people, try and scroll through MS Outlook in Exchange mode with
attachments?

Oh, even though this location was the ONLY location in the company to have
never been compromised (as we managed our own IT resources), we were told
to move all of our servers to the main office (remember the 256k line),
payout the remainder of the contract on the T1, and that all Developers
would now remotely access the development servers via the leased line...
All of this in the name of consolidation of resources (in the end it just
increased the work at the home office and cost more over a 5 year period
that the methods/systems already in place did).

Oh, one other thing about that time - the firewall, the one that was
protecting our local T1 based network, and blocking viruses in emails,
blocking foreign hosts, blocking HTTP content based on what lan segment
you were in (sales/admin got blocked for active-x and other things,
developers were open), was deemed unacceptable (we still had 2 years on
the warranty/service and had never been compromised, all the other offices
had been compromised) - they switched all the offices to a new, never used
in the company, firewall appliance - and then moving large files between
the LAN/DMZ (1gb in size) would fail frequently.....

The funny thing was that the CIO/Managers in the main office were not
network people, they were business managers that had moved up the ranks
without ever being a network designer, never doing security, etc....

It was almost comical to watch developers bail from the company as the
expected slowness make working on projects unbearable....

--
spam999free@rrohio.com
remove 999 in order to email me
Anonymous
a b 8 Security
May 24, 2005 5:40:03 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

> > Very simple, really. Much expensive, custom software will not work
> > properly with SP2.
>
> Please list examples of software you are sure won't work with SP2. We've
> got a couple thousands systems with varied users/customers, not one
> problem with any software they run.

Microsoft System Mgmt Server 2.0 can't remotely administer sp2 machines w/
SMS client installed
McAfee Epolicy Orchestrator doesn't connect to sp2 machines with their
framework svc installed.
MS computer manager.msc doesn't talk to SP2 pcs
ECM by Configuresoft cannot connect to XPsp2 machines that run the ECM client
ECM

These may be all by default but I haven't found friendly documentation on
how to resolve these issues
Anonymous
a b 8 Security
May 27, 2005 9:10:36 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Jordan Williams wrote:

>>>Very simple, really. Much expensive, custom software will not work
>>>properly with SP2.
>>
>>Please list examples of software you are sure won't work with SP2. We've
>>got a couple thousands systems with varied users/customers, not one
>>problem with any software they run.
>
>
> Microsoft System Mgmt Server 2.0 can't remotely administer sp2 machines w/
> SMS client installed
> McAfee Epolicy Orchestrator doesn't connect to sp2 machines with their
> framework svc installed.
> MS computer manager.msc doesn't talk to SP2 pcs
> ECM by Configuresoft cannot connect to XPsp2 machines that run the ECM client
> ECM
>
> These may be all by default but I haven't found friendly documentation on
> how to resolve these issues
Hi,

There is a Group Policy setting to open for Microsoft Management
Console (MMC):

Policy path:
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\<Domain|Standard> Profile\

Policy name:
Windows Firewall: Allow remote administration exception

From PolicySettings.xls available here:

Group Policy Settings Reference for Windows XP Professional
Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyi...

<quote>
Administrative Templates\Network\Network Connections\Windows Firewall
\<some> Profile
Windows Firewall: Allow remote administration exception

Allows remote administration of this computer using administrative
tools such as the Microsoft Management Console (MMC) and Windows
Management Instrumentation (WMI). To do this, Windows Firewall opens
TCP ports 135 and 445. Services typically use these ports to
communicate using remote procedure calls (RPC) and Distributed
Component Object Model (DCOM). This policy setting also allows
SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages
and allows hosted services to open additional dynamically-assigned
ports, typically in the range of 1024 to 1034. If you enable this
policy setting, Windows Firewall allows the computer to receive the
unsolicited incoming messages associated with remote administration.
You must specify the IP addresses or subnets from which these
incoming messages are allowed. If you disable or do not configure
this policy setting, Windows Firewall does not open TCP port 135 or
445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from
receiving unsolicited incoming messages, and prevents hosted
services from opening additional dynamically-assigned ports. Because
disabling this policy setting does not block TCP port 445, it does
not conflict with the Windows Firewall: Allow file and printer
sharing exception policy setting. Note: Malicious users often
attempt to attack networks and computers using RPC and DCOM. We
recommend that you contact the manufacturers of your critical
programs to determine if they are hosted by SVCHOST.exe or LSASS.exe
or if they require RPC and DCOM communication. If they do not, then
do not enable this policy setting. Note: If any policy setting
opens TCP port 445, Windows Firewall allows inbound ICMP echo
request messages (the message sent by the Ping utility), even if the
Windows Firewall: Allow ICMP exceptions policy setting would block
them. Policy settings that can open TCP port 445 include Windows
Firewall: Allow file and printer sharing exception, Windows Firewall:
Allow remote administration exception, and Windows Firewall: Define
port exceptions.

</quote>


Using netsh.exe, you can configure the "Allow for remote administration"
setting from command line as well, like this:

netsh.exe firewall set service type=remoteadmin mode=enable scope=subnet
profile=domain

If not a domain computer, you need to change to 'profile=standard'
(or 'profile=all'). Scope can also be set to 'custom' and then you
can add ip ranges to the command line as well.

The netsh.exe syntax is documented in WF_XPSP2.doc.

WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft
Windows XP with Service Pack 2" is downloadable from
http://www.microsoft.com/downloads/details.aspx?familyi...



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
!