1 / 10

Windows XP Service Pack 2 Deployment

West Campus. Windows XP Service Pack 2 Deployment. Dave Lee. Preparation for a Controlled Deployment. Update Group Policy Template for SP2 in Active Directory. Temporarily Disable the Delivery of SP2 Through Windows Updates and Automatic Updates from Active Directory’s GPO.

faxon
Download Presentation

Windows XP Service Pack 2 Deployment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. West Campus Windows XP Service Pack 2 Deployment Dave Lee

  2. Preparation for a Controlled Deployment • Update Group Policy Template for SP2 in Active Directory. • Temporarily Disable the Delivery of SP2 Through Windows Updates and Automatic Updates from Active Directory’s GPO. • Temporarily Disable SP2 Windows Firewall from Active Directory’s GPO.

  3. Temporary Disabling SP2 GPO from AU and WU

  4. Temporary Disabling SP2 Windows Firewall GPO

  5. Evaluate and Test SP2 with Windows Firewall OFF • Compatibility testing • Generally have not encountered problems when firewall is off. • NetOPS School requires latest update. • List of application issues with SP2 from Microsoft -http://support.microsoft.com/default.aspx?kbid=884130

  6. Evaluate and Test SP2General Results

  7. Controlled Deployment of SP2 with Microsoft SMS 2003 • Created collections for Windows XP that needs SP2 separating offices and public computers. • Setup advertisement and package of SP2 for the needed collection. • Notify campus users that they have 3 weeks to initiate self install of SP2 through “Advertised Programs” in Control Panel from SMS. • Force install of SP2 after 3 weeks is up on any computer that requires SP2. • Remove GPO that blocks SP2 from AU and WU.

  8. Windows XP SP2 Firewall Assumptions and Concerns • The firewall is stateful. Firewall does not block outbound traffic. • Some applications we use would be affected: • Visual Studio .NET • SQL • Backup Exec • Ghost Server Corporate Edition • SMS 2003 Server • SecuRemote (SR_GUI) • WSFtp • Exceed • MOM 2000 • Windows Scanner and Camera Wizard • ColdFusion MX Server • SNA • Remote Assistance • Remote Desktop • File and Print Sharing • Windows Messenger • More…

  9. Proposed GPO setting for Windows XP SP2 Firewall at West Campus • Protect all network connections: Enabled • Do not allow exceptions: Not configured. This setting allows to users to create exceptions. • Define program exceptions: Not configured – this setting allows local settings to work so users can define their own exceptions. • Allow local program exceptions. Not configured – this setting allows workstation administrators to make local program exception. • Allow remote administration exception. Enabled, from IT subnet only, for remote WMI and MMC calls that are needed for workstation security management and public site management. • Allow file and print sharing exception. Not configured. This setting allows local administrators to enable file and print sharing. • Allow ICMP exceptions. Enabled, for inbound and outbound. • Allow Remote Desktop exception. Not configured. This setting allows local administrators to enable Remote Desktop. • Allow UPnP framework exception. Not Configured. This setting allows local administrators to enable UPnP. • Prohibit notifications. Not configured. IDS and Public Sites will have to test and make a determination of how this affects their images. • Allow logging. Enabled, with max log size at 32MB. This setting turns logging on and limits the log size to 32MB. • Prohibit unicast response to multicast or broadcast requests. Not configured. This allows workstations to discover if there is another workstation with the same name, among other things. • Define port exceptions. Not configured, but we would recommend that users use the local program exceptions instead of a port exception. • Allow local port exceptions. Not configured. This allows local administrators to configure local port exceptions.

  10. Deployment and Testing Timeline • Force install begins on October 11th. • Final recommendation of firewall GPO on October 25th. • Enable firewall GPO from recommendation by October 31st.

More Related