By Jerry Honeycutt
Talk about a Windows network operating system for more than a few minutes and the words “service pack” are likely to pop up. From the NT days to the current Windows 2000 fare, Microsoft has periodically used service packs (SPs) to update its network operating systems in order to plug holes, fix bugs, and add features.
The latest pack for Windows 2000 is SP2. (You can download it from CNET's Download.com.) While Microsoft considers some packs required updates, SP2 has been tabbed a recommended update. In other words, install SP2 if you find that it fixes a compelling problem.
Depending on how you fared with previous even-numbered service packs and whether you're superstitious, you might shy away from SP2. But our experience with it is positive. We started W2ksp2.exe from the SP2 CD. After accepting the license agreement and choosing to back up system files before applying the service pack, the process was completely hands-free, if a bit time-consuming. After rebooting, we noticed no significant changes, per Microsoft's commitment not to add new features via service packs.
CNET and TechRepublic
This article first appeared on CNET's Enterprise Business site. TechRepublic is part of the CNET family of Web sites dedicated to educating and empowering people and businesses in the IT field.
We heard rumors of some problems with SP2, so we headed straight for the alleged hot spots. But we didn't have any trouble connecting to the network or the Internet, and all of our devices worked properly. Having used SP2 for some time, we can report no problems with stability. Our overall impression is that SP2 manages to swat many bugs while causing little residual havoc.
SP2 contains fixes for a variety of trouble spots:
- Application compatibility
- Base operating system
- Directory services
- Internet Information Services/COM+
- Management and administration
- Microsoft Data Access Components (MDAC)
- Microsoft Message Queuing (MSMQ)
- Terminal services
Most of the fixes are for the base operating system, directory services, networking, and security.
Start it up
You install and deploy SP2 the same way the first service pack was installed; the only difference is the filename: W2kwp2.exe. Note that Microsoft slipstreamed SP1 into SP2, so if you haven't done so already, you don't have to install SP1 before installing SP2. If you did install SP1, there's no need to uninstall it before installing SP2.
Keeping Windows up to date
Microsoft has a useful Web page that should help you keep up with recent hotfixes. Windows 2000 Post-SP2 Hotfixes lists each hotfix and links to the knowledge base article that discusses it. Since the release of SP2, 273 hotfixes have been posted.
Included with SP2 is Update.msi, which lets you deploy SP2 using group policy. This makes SP2 far easier to deploy than any previous Windows 2000 or NT service packs. And because software installed via a group policy has elevated privileges, deploying SP2 to locked-down desktops is much easier. Incidentally, you must assign SP2 to computers; you can't assign or publish it on a per-user basis.
Slug some bugs
When we first saw SP2's bug-fix list, we were overwhelmed because the sheer number of changes is astounding. Many of the fixes are substantial, while others just wipe out a few minor annoyances (copying file permissions, scheduling backups that failed after changing tapes, and so on).
The core operating system gets a blast from SP2. Most of the fixes address hardware-related issues. Some of them deal with memory leaks, access violations, and so forth, and others are for specific devices. For example, HP OfficeJet G-series fax and printer devices now work properly with SP2, and connectivity problems with some IEEE 1394 high-speed devices such as video cameras have been corrected.
There are a large number of suspend and hibernation bugs on the list, too. This is good news for all laptop users who lose their network connections after resuming from hibernation. Similarly, SP2 makes it less likely you'll lose USB devices or have hung video after resuming. And some applications, such as utilities that Toshiba installs, will now run properly after resuming.
Most of SP2's fixes are desktop-oriented and somewhat generic, but the service pack does include many enterprise-oriented updates. There are a large number of fixes for Active Directory, security, and networking that will improve Windows 2000's stability. Nothing on the list is jaw-dropping or an absolute must-have fix, but taken together, they help shore up Windows 2000 for the enterprise.
First, do no harm
A service pack is supposed to fix things, naturally, but sometimes in the course of doing so, it may actually create new problems. SP1 was fairly well mannered and did a lot more good than harm. Still, there were items for SP2 to clean up:
- SP1 broke some Winsock applications; SP2 corrects the problem.
- SP1 caused some digital cameras to hang the computer when used with NetMeeting; it's corrected with SP2.
- SP2 restores some of the speed SP1 caused Norton AntiVirus 7.0 to lose.
- SP1 often interfered with rejoining a domain on a multihomed computer; SP2 fixes this.
- SP2 remedies the SP1-induced problem where the Multilingual User Interface converts the language of some menu items to English.
- Upgrading Windows NT 4.0, Terminal Service Edition to Windows 2000 Server with Windows 2000 SP1 stores the incorrect version information in the Registry; SP2 ensures that the correct version is entered in the Registry.
- SP1 didn't update the file Fp30reg.dll correctly; SP2 does.
Even more secure
SP2 now includes 128-bit encryption; 56-bit isn't even an option. The service pack automatically upgrades your computer to high encryption, and even if you remove SP2, you can't revert to low encryption. This isn't a problem for most users because high encryption is more desirable.
In the enterprise, high encryption spans all encryption services. This includes Kerberos, Encrypting File System, RAS, RPC, SSL/TLS, IPSec, Terminal Services RDP, and CryptoAPI.
The inclusion of 128-bit encryption as a standard feature also means that you don't have to customize your Windows 2000 deployment shares and CDs to include the High Encryption Pack. Remember Rsaenhs.dll, the file you put in your $OEM$ distribution folders in order to upgrade encryption? You can forget about it now.
Other security fixes are mostly user interface updates for access control lists and other security features. Also included are stability-enhancing updates and fixes that address a number of vulnerabilities. SP2 includes all regression-tested security fixes for Windows 2000.
Not quite perfect
Microsoft has acknowledged some known issues related to SP2. Here are some of the more prominent of those issues:
- Like SP1, SP2 axes BlackICE Defender; a patch for this problem is already available at the Network ICE Web site.
- By design, you cannot install SP2's Adminpak on earlier versions of Windows 2000. The service pack levels of Adminpak and Windows 2000 must be the same.
- SP2 doesn't remove SP1 from the Add/Remove Programs list.
- Norton AntiVirus displays error messages after you install SP2. The solution, and a bit of common sense, is to disable all antivirus software before installing a service pack.
- After installing SP2 on a computer containing an NCR Storage Cabinet array, it can take up to an hour to restart the computer. The file Disk.sys is incompatible with some SCSI devices; Microsoft has a fix available at its Windows 2000 Post-SP2 Hotfixes page.
On the whole, SP2 leaves behind few stumbling blocks, but it's far from earthshaking. It does what it's supposed to do in the same way that a refrigerator keeps your food cold. In other words, SP2 is something of a yawner—but that's not a bad thing. When you've fixed all the big things, you polish the chrome, and that's exactly what Microsoft has done with the last couple of service packs.
Jerry Honeycutt is a writer and speaker who contributes frequently to CNET Enterprise. He is the author of Introducing Microsoft Windows 2000 Professional as well as many other books. For more articles by this author and other CNET Enterprise authors, click here.
This article was originally published by CNET on Aug. 6, 2001.