Windows XP Service Pack 2 (SP2) is a complex update with many ramifications for IT pros. TechRepublic’s Windows XP Service Pack 2 Quick Guide drills down on critical SP2 need-to-know areas, with sections on fundamentals, changes that occur after installation, deployment procedures, problem areas, and removal.

With Windows XP Service Pack 2 (SP2), Microsoft is making a major
change to the way the operating system works. Besides the usual bug fixes and
security patches, the company is also implementing numerous enhancements to the
way security is handled at the OS level. For system administrators and other IT
professionals maintaining enterprise-level networks, these changes will
inevitably cause problems with installed applications and systems.

This is why Microsoft has created the Windows XP Service
Pack 2 Support Tools
. With these tools in hand, a network administrator can
diagnose problems, troubleshoot configuration conflicts, and formulate proper
solutions. However, the tools are definitely designed for the professional, and
few contain nice GUIs or step-by-step instructions, so great care should be
exercised when using them.

We can’t get into detailed guidelines for each of these
tools in this article, but we can give you a general overview of what some of
these tools do and point you to places where more information is available. We’ll concentrate on the tools that change with the installation of SP2.

Tool list

Here is a list of the tools modified and/or updated by SP2,
as provided by Microsoft, and a brief description of their functions:

ipseccmd.exe: This command-line tool manages and monitors IPSec policies.

To add rules to existing IPSec policies, you would use the default dynamic mode available
with this tool. The typical syntax to add a rule using ipseccmd.exe follows this
pattern (which is also available in the Support Tools Help File that installs
with the tools by default):

  • ipseccmd [\\ComputerName]
    -f FilterList [-n NegotiationPolicyList] [-t
    TunnelAddr] [-a AuthMethodList] [-1s SecurityMethodList]
    [-1k MainModeRekeySettings] [-1p] [-1f MMFilterList]
    [-1e SoftSAExpirationTime] [-soft] [-confirm]
    [{-dialup | -lan}]

The ipseccmd.exe tool is updated by SP2 to include, among
other things, improved online help that can be accessed using the /?switch.

Formatting legend

The syntax lines used in this article are displayed using
the typical Microsoft conventions, shown in this table:




Information that the user must supply


Elements that the user must type exactly as shown

Ellipsis (…)

Parameter that can be repeated several times in a command

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|).
Example: {even|odd}

Set of choices from which the user must choose only one

Courier font

Code or program output

httpcfg.exe: The HTTP Configuration Utility is used to control
configuration information for the HTTP driver.

The HTTP Configuration Utility was originally part of the Windows
Server 2003 set of support tools, but it has been brought over to XP with the
release of SP2. Here is the basic syntax for this tool:

  • httpcfg
    {set | query | delete} {ssl | query | iplisten}
    [/i Ip:Port] [/h SSL Hash] [/g “{GUID}”]
    [/c StoreName] [/m CheckMode] [/r RevocationFreshness]
    [/x UrlRetrievalTimeout] [/t SslCtlIdentifier]
    [/n SslCtlStoreName] [/f Flags] [/u {http://URL:Port/
    | https://URL:Port/}] [/a ACL]

This utility allows the user to communicate over HTTP
without using Microsoft Internet Information Services (IIS).

replmon.exe: The Active Directory Replication Monitor tool is used to view
Active Directory configurations.

SP2 updates this tool to resolve an inability to display
more than 200 replication partners. The Active Directory Replication Monitor has a graphical user
interface with context-sensitive menus and can be used to generate general
status reports, display topology, etc.

Iadstools.dll: This is a support DLL for Active Directory Service

SP2 updated this tool to resolve a problem in which the GetDirectPartnersEx function did not
support more than 200 ConnectionObjects. You
can use the ladstools.dll in
combination with Visual Basic Scripts to extract Active Directory information
and to access the associated APIs.

extract.exe: This is the utility for extracting individual files from CAB

The extract.exe tool is basically the same after SP2, except that
additional parameters for bounds-checking have been added to the available

bitsadmin.exe: This utility controls the Background Intelligent Transfer
Service (BITS).

Originally part of Windows Server 2003, the command-line
utility BITS is used to transfer files asynchronously between a client
and a server. SP2 added several new command-line options to the utility,
including an option that transfers a single file by using a single command, and
another option that repairs a corrupted BITS installation.

netdom.exe: This utility is used to manage domain configurations.

The netdom.exe tool has been updated by SP2 to include options for
adding a computer to a domain or workgroup and for renaming computers already
in the domain. The general syntax for this command-line utility follows this

  • netdom
    Operation [Computer] [{/d: | /domain:}Domain]


Microsoft recommends that you uninstall any previous
versions of the Support Tools before you run the SP2 Tools installation
program. You should also keep in mind that the XP Support Tools will
install only on a system with the XP operating system.