Changes and enhancements to Windows XP Support Tools under SP2

Microsoft Windows XP Service Pack 2 attempts to fix a multitude of bugs and security holes. Such a pervasive change to an operating system will likely create at least a few problems. That is why Microsoft supplies several helpful support tools, many of which are updated for the pack release.

Windows XP Service Pack 2 (SP2) is a complex update with many ramifications for IT pros. TechRepublic's Windows XP Service Pack 2 Quick Guide drills down on critical SP2 need-to-know areas, with sections on fundamentals, changes that occur after installation, deployment procedures, problem areas, and removal.

With Windows XP Service Pack 2 (SP2), Microsoft is making a major change to the way the operating system works. Besides the usual bug fixes and security patches, the company is also implementing numerous enhancements to the way security is handled at the OS level. For system administrators and other IT professionals maintaining enterprise-level networks, these changes will inevitably cause problems with installed applications and systems.

This is why Microsoft has created the Windows XP Service Pack 2 Support Tools. With these tools in hand, a network administrator can diagnose problems, troubleshoot configuration conflicts, and formulate proper solutions. However, the tools are definitely designed for the professional, and few contain nice GUIs or step-by-step instructions, so great care should be exercised when using them.

We can't get into detailed guidelines for each of these tools in this article, but we can give you a general overview of what some of these tools do and point you to places where more information is available. We'll concentrate on the tools that change with the installation of SP2.

Tool list

Here is a list of the tools modified and/or updated by SP2, as provided by Microsoft, and a brief description of their functions:

ipseccmd.exe: This command-line tool manages and monitors IPSec policies.

To add rules to existing IPSec policies, you would use the default dynamic mode available with this tool. The typical syntax to add a rule using ipseccmd.exe follows this pattern (which is also available in the Support Tools Help File that installs with the tools by default):

  • ipseccmd [\\ComputerName] -f FilterList [-n NegotiationPolicyList] [-t TunnelAddr] [-a AuthMethodList] [-1s SecurityMethodList] [-1k MainModeRekeySettings] [-1p] [-1f MMFilterList] [-1e SoftSAExpirationTime] [-soft] [-confirm] [{-dialup | -lan}]

The ipseccmd.exe tool is updated by SP2 to include, among other things, improved online help that can be accessed using the /?switch.

Formatting legend

The syntax lines used in this article are displayed using the typical Microsoft conventions, shown in this table:




Information that the user must supply


Elements that the user must type exactly as shown

Ellipsis (...)

Parameter that can be repeated several times in a command line

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

Set of choices from which the user must choose only one

Courier font

Code or program output

httpcfg.exe: The HTTP Configuration Utility is used to control configuration information for the HTTP driver.

The HTTP Configuration Utility was originally part of the Windows Server 2003 set of support tools, but it has been brought over to XP with the release of SP2. Here is the basic syntax for this tool:

  • httpcfg {set | query | delete} {ssl | query | iplisten} [/i Ip:Port] [/h SSL Hash] [/g "{GUID}"] [/c StoreName] [/m CheckMode] [/r RevocationFreshness] [/x UrlRetrievalTimeout] [/t SslCtlIdentifier] [/n SslCtlStoreName] [/f Flags] [/u {http://URL:Port/ | https://URL:Port/}] [/a ACL]

This utility allows the user to communicate over HTTP without using Microsoft Internet Information Services (IIS).

replmon.exe: The Active Directory Replication Monitor tool is used to view Active Directory configurations.

SP2 updates this tool to resolve an inability to display more than 200 replication partners. The Active Directory Replication Monitor has a graphical user interface with context-sensitive menus and can be used to generate general status reports, display topology, etc.

Iadstools.dll: This is a support DLL for Active Directory Service Interfaces.

SP2 updated this tool to resolve a problem in which the GetDirectPartnersEx function did not support more than 200 ConnectionObjects. You can use the ladstools.dll in combination with Visual Basic Scripts to extract Active Directory information and to access the associated APIs.

extract.exe: This is the utility for extracting individual files from CAB files.

The extract.exe tool is basically the same after SP2, except that additional parameters for bounds-checking have been added to the available options.

bitsadmin.exe: This utility controls the Background Intelligent Transfer Service (BITS).

Originally part of Windows Server 2003, the command-line utility BITS is used to transfer files asynchronously between a client and a server. SP2 added several new command-line options to the utility, including an option that transfers a single file by using a single command, and another option that repairs a corrupted BITS installation.

netdom.exe: This utility is used to manage domain configurations.

The netdom.exe tool has been updated by SP2 to include options for adding a computer to a domain or workgroup and for renaming computers already in the domain. The general syntax for this command-line utility follows this pattern:

  • netdom Operation [Computer] [{/d: | /domain:}Domain] [Options]


Microsoft recommends that you uninstall any previous versions of the Support Tools before you run the SP2 Tools installation program. You should also keep in mind that the XP Support Tools will install only on a system with the XP operating system.

About Mark Kaelin

Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to,, and TechRepublic.

Editor's Picks