| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Beware unplanned SP2 downloads on April 12 | |
|
||
| Time: 09:31 EST/14:31 GMT | News Source: InformationWeek | Posted By: Alex Harris | ||
|
On Tuesday, April 12, Microsoft will turn off the blocking feature that has made it possible for some enterprises to block Windows XP Service Pack 2 downloads by employees who use Automatic Update. That means in companies that used the blocking tool, SP2 will be downloaded automatically to desktop computers that use Windows' Automatic Update feature. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 313 Last | Next |
The time now is
1:47:50 PM
ET.
Any comment problems? E-mail us |
| #1 By 2960 (68.101.39.180) at 4/6/2005 10:45:51 AM |
|
I still say taking control of the users computers OUT of the hands of the companies IT is a very, very bad idea that is going to bite a lot of people in the butt.
There are several known potential issues with corporate loads. This is going to drive up Help Desk traffic like crazy. TL |
| #2 By 7754 (216.160.8.41) at 4/6/2005 12:29:36 PM |
| TL--it has the potential for that, but only for folks (most likely smaller shops) that are letting XP deploy its own updates, rather than using SUS or SMS. If they're using SUS or SMS, they can choose which updates they want to deploy. If they are one of those that let XP update itself, they've decided to block SP2 via Group Policy using the feature mentioned. In that case, they were warned about this limit on the feature already, and they'll have to turn off AU until they are ready to deploy SP2, or set up a SUS server to pick the updates they want. They've had plenty of time and warning, so any "surprise" is self-inflicted. |
| #3 By 1401 (69.40.55.109) at 4/6/2005 12:34:26 PM |
| Another thing that sux is the fact that the Data Execution Prevention (DEP) feature of XP SP2 only works in conjunction with the Execute Prevention Bit of the processor, which older procs don't have. Unless you have a Pentium 4 600 series or AMD Athlon 64, you are potentially still vulnerable... |
| #4 By 1845 (204.110.225.254) at 4/6/2005 12:51:29 PM |
|
That's not completely true, Chris.
There is hardware only DEP, but there is also hardware independent DEP. Software-enforced DEP An additional set of Data Execution Prevention security checks have been added to Windows XP SP2. These checks, known as software-enforced DEP, are designed to block malicious code that takes advantage of exception-handling mechanisms in Windows. Software-enforced DEP runs on any processor that can run Windows XP SP2. By default, software-enforced DEP helps protect only limited system binaries, regardless of the hardware-enforced DEP capabilities of the processor. http://support.microsoft.com/kb/875352 |
| #5 By 2960 (68.101.39.180) at 4/6/2005 2:50:16 PM |
|
#2,
You are not privvy to every corporate load out there, vpn requirement, custom app requirement, etc... I'm glad it's working ok for you. It's not for everyone however. TL |
| #6 By 2960 (68.101.39.180) at 4/6/2005 2:50:46 PM |
|
#2,
You are not privvy to every corporate load out there, vpn requirement, custom app requirement, etc... I'm glad it's working ok for you. It's not for everyone however. TL |
| #7 By 2960 (68.101.39.180) at 4/6/2005 2:52:34 PM |
|
Sorry for the double-whammy guys.
TL |
| #8 By 7754 (216.160.8.41) at 4/6/2005 2:59:01 PM |
|
Sorry--mistaken post! This post was edited by bluvg on Wednesday, April 06, 2005 at 15:21. |
| #9 By 7760 (12.155.143.50) at 4/6/2005 11:21:20 PM |
|
I don't like the idea on principle, but, as pointed out, this will affect only companies in which the clients update themselves directly from Microsoft. The larger your company, the dumber your decision is to not implement SUS or SMS. If you have 5,000 XP machines, all updates, multiplied by 5,000, are being sent over your WAN link (instead of a single server grabbing them once). Only in small companies of less than a couple dozen computers can I see letting clients manage themselves. In such cases, the impact of Microsoft's decision will be minimal. An administrator can manually disable the firewall on that many and handle service calls. The talk about companies larger than that (50, 500, 5000, etc. computers) using AU without SUS or SMS is silly, since any administrator allowing that is not doing his job, IMO. SUS is free and brainless to set up, for crying out loud.</rant> This post was edited by Osprey on Wednesday, April 06, 2005 at 23:24. |
| #10 By 61 (65.32.174.229) at 4/7/2005 12:14:31 AM |
|
Fanon, No offense, but if you have so many systems that have been compromised, perhaps you should look for a new job.
It's not that hard to put in restrictions and place other preventative methods to keep malicious software from installing. |
| #11 By 7754 (216.160.8.41) at 4/7/2005 10:35:56 AM |
|
There are lots of remote registry editor tools available, both free and for pay.
It's even built into XP. Besides using regedit to manage a remote machine, you can use "reg add \\MachineName\FullRegistryKey /f" to remotely change registry entries from the command line. A little cut, paste, and find and replace action on a text file dump of a list of computers will give you a batch file you can run from your own machine (failing on machines not turned on, obviously). Or, like you mentioned, use "reg add /f" to change the setting from a login script (or a system startup script). |
|
Write Comment
Return to News |
Displaying 1 through 25 of 313 Last | Next |
The time now is
1:47:50 PM
ET.
Any comment problems? E-mail us |
