Hi Mark..
This is a policy setting that you can set at the computer level....
I haven't had to do this for SP2, but I'm sure it calls an MSI, If you put
a hash on that MSI, the machine shouldn't be able to run it. It's up in
the security settings, and you have to create rules and disallow that
specific file. I wouldn't disallow the .EXE, because it may be used for
other patches. I use this method for worm and virus code that gets in.
Only XP and 2003 understand this though.
I was doing this when the beta was out, so they couldn't install it here,
and put up the firewall.
You'll probably have to test it in a test OU, so you can find out which
MSI, but if you do it at the computer level, it should work.
HTH,
John
"Abbiss, Mark"
<[EMAIL PROTECTED]
.net> To
Sent by: <[email protected]>
[EMAIL PROTECTED] cc
ail.activedir.org
Subject
RE: [ActiveDir] OT: Blocking SP2
03/15/2005 04:46 rollout
AM
Please respond to
[EMAIL PROTECTED]
tivedir.org
The problem with this is that all the information I have read tells me that
as of April 12th the GPO/registry hacks that you put in place are ignored
and SP2 begins its merry way task of downloading itself and installing.
This is whether you use Automatic Updates or SUS.
So as soon as I make any effort to patch my machines they are going to get
XP2. Or can I continue to block SP2 but allow all other patches ?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, March 11, 2005 5:35 PM
To: [email protected]
Subject: RE: [ActiveDir] OT: Blocking SP2 rollout
Hi Mark...
You can just put a software restriction hash GPO on it, and disallow it
until you want it.
Then you can just remove it, when you wish.
John
<[EMAIL PROTECTED]
com>
Sent by: To
[EMAIL PROTECTED] <[email protected]>
ail.activedir.org cc
Subject
03/11/2005 10:25 RE: [ActiveDir] OT: Blocking SP2
AM rollout
Please respond to
[EMAIL PROTECTED]
tivedir.org
As long as you donât approve it, SP2 will not be deployed by SUS/WUS.
However, your users can still use something like Windows Update to manually
pull it down and install it on their own.
Rather than delaying SP2 deployment, why not work on resolving the issues
that you anticipate having with SP2 when it is deployed?
Deji
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark
Sent: Friday, March 11, 2005 7:10 AM
To: [email protected]
Subject: [ActiveDir] OT: Blocking SP2 rollout
My apologies for posting this here but I am not get clear answers from
other places I have asked this question.
As you no doubt know, MS are forcing an XP SP2 rollout as of 12th April
this year. We have SUS in our environment and have downloaded the SP2
package but set the "not approved" flag.
What I want to know is can I block SP2 indefinitely or will it unleash
itself onto my network on the 12th ? If I can block it for as long as want,
what is the best way to do it ?
We do want SP2 for all of our clients, we just dont want it yet !
Many thanks
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/[EMAIL PROTECTED]
r�z�m Vr�y&-4ibb
[EMAIL PROTECTED] šŠV«r�¯yÊ&ý§-Š÷4™¨¥iËb½çb®Šà
