Get IT Done: Prepare to deploy Windows 2000 Service Pack 4

Steps to take before deploying Windows 2000 Service Pack 4

Microsoft has released Win2K Service Pack 4 (SP4), the latest collection of hotfixes and software updates for the Windows 2000 family of products. I'm going to provide an overview of SP4, tell you what I think are the most significant updates, and offer some recommendations for testing and acceptance.

Win2K SP4
Windows 2000 SP4 is cumulative and contains all previous fixes from past service packs. You can download it here. You can also go to the Windows Update Web site and scan your PC, if your network allows this type of behavior.

Important fixes
This service pack includes more than 650 fixes. Let's go over some of what I think are the more important (and most interesting) fixes. Obviously, I can't cover every fix in this article, but you'll find a complete list of all fixes here.

Microsoft has divided the fixes contained in SP4 into a variety of categories. The fixes I'm highlighting are listed under these categories.

Base operating system
Program compatibility
Directory services
Internet Information Services/COM+
  • The SMTP Service May Leak Domain List Memory When You Use the Pickup Folder

  • Setup
  • CPU Utilization in Services.exe Increases to 100 Percent

  • Message queuing
    There are many fixes listed under the Security category, and I would suggest you examine every one of them. Here's that link to the entire list again.

    Terminal Services
    Testing and acceptance
    The rule of thumb for installing a service pack (or any hotfix, for that matter) is to test it first in a simulated environment. Microsoft performs extensive testing, but it's unreasonable to think that it could account for and test every possible hardware and software combination in the world. Nor does it have control over how other software manufacturers develop their programs.

    Consequently, there is risk involved in applying any service pack. This risk can be mitigated by full testing. The company I work for usually performs anywhere from 40 to 60 hours of intense testing on an OS service pack before we certify it for use. (My company sells 911 call center software, which cannot have downtime; therefore, elaborate and intense testing must be performed.)

    After certifying the new service pack for your environment, you need to figure out how to distribute it to the appropriate systems. A variety of options are at your disposal, such as using an MSI file to distribute the service pack via Group Policy, using Windows Update on each machine, distributing it on CD, and managing it with Microsoft Software Update Service (SUS).

    Also, after a few months of a service pack's arrival, the base operating system itself (Windows 2000, in this case) will usually come with the service pack merged or "slipstreamed" into it. Essentially, when you install the OS, the service pack will automatically be part of the OS. However, you can create your own slipstreamed SP4 installation disk if you'd rather not wait for the media to arrive.

    Essential fixes
    An old adage in Microsoft lore suggests that the first three service packs of an operating system should always be installed, and anything after that is really optional. Although there may have been some credence to this interesting philosophy for previous operating systems, Windows 2000 Service Pack 4 is clearly a must for most businesses. Given the aforementioned fixes, it makes sense to get it into your network as soon as possible—after your testing, of course.

    About Jeremy Smith

    Jeremy L. Smith, CISSP, is a cybersecurity and public safety professional who has worked with a variety of agencies to improve the security of their call centers and execute their public safety initiatives more effectively, including 911 call taking,...

    Editor's Picks

    Free Newsletters, In your Inbox