On August 1, Microsoft released the latest service pack for its Win2K line of OSs. Service Pack 3 (SP3) provides fixes for a wide range of issues in the areas of application compatibility, operating system reliability, security, and setup. Updates from earlier service packs are also included in SP3, so if you’re updating for the first time, you needn’t download SP1 and SP2.

An overview of the key features and fixes of Win2K SP3 will help you better understand what changes you can expect to see and how they might affect your current setup.

Options for obtaining SP3
You can get the update in one of two ways: You can download it from Microsoft’s Win2K page or you can order it on CD. If you decide you’d rather have SP3 on CD instead of downloading it, you’ll have to pay $14.95 plus $5.00 shipping and handling. If you choose to download the update, you have the option of selecting either the Express Installation or the Network Installation.

The Express Installation option automatically detects which version of Win2K you are using and installs only those updates you need. If you’re running Win2K Server, for example, only the updates that apply to Win2K Server are installed.

The Network Installation option is a 125-MB download that includes all files needed for all versions of the Win2K family, including Win2K Professional, Server, Advanced Server, and Windows 2000 with Server Appliance Kit. This is the download net admins should select for deploying SP3 over the network.

Included updates
As I mentioned, the service pack offers key updates in the areas of application compatibility, directory services, networking, and security, which I will cover in this section. However, this isn’t a comprehensive list of updates—more of a description of the changes that may affect users. For detailed information about all of the changes offered in SP3, be sure to visit Microsoft’s SP3 page.

Application compatibility fixes
Microsoft has addressed a number of application compatibility issues in SP3. The fixes relating to problems with running specific applications on Win2K include:

  • Resolving installation and removal problems with the following programs: Exchange Server 5.5 from BackOffice Small Business Server 4.5, OmniPage Pro 11.0, and Trend Micro PC-cillin 2000.
  • Fixing an issue with 16-bit programs calling for successive large memory allocations.
  • Correcting a number of issues with MS-DOS-based programs.

Directory services corrections
SP3 also fixes many issues relating to directory services. The problems range from annoying lockout errors to DNS issues. Among directory services fixes in SP3 are the following:

  • When using lockout policies, a previously locked account unlocked by the administrator would have been locked after only one failed logon attempt.
  • When using Run As, users may have been unable to share folders on a remote computer.
  • Users with Write permissions received an error message when attempting to add multiple users to a universal distribution list in Microsoft Outlook.
  • The Active Directory Users And Computers management console would quit when selecting multiple users and then clicking Send Mail.

Some of the networking issues resolved in SP3 include the following:

  • Win2K wouldn’t allow infrared ports to be mapped to virtual COM ports.
  • When the Negotiate Multi-Link For Single-Link Connection option was enabled, users encountered errors when attempting to connect to ISPs via dial-up connections.
  • A delay of 20-30 seconds would occur when users attempted to open a computer folder on a NetWare network from a Windows 2000 computer running Microsoft Client Service for Netware.
  • Domain controller systems could hang for extended periods of time at the Preparing For Network Connections screen when NetBIOS was enabled.
  • Programs that change default domain controller group policies on the systems on which they were installed could cause failure in the application of policy changes.
  • In some instances, DHCP servers attempted to assign reserved addresses to nonreserved clients.
  • File sharing violations on remote folders could cause errors in successful threads opening the shared file under certain circumstances.

The latest service pack for Win2K also includes a number of security-related fixes designed to patch discovered vulnerabilities. Some of the important security issues fixed in SP3 are:

  • An unchecked buffer created a vulnerability in Media Player 6.4, 7, and 7.1.
  • RasDisable and RasForce WinLogon policies could have been bypassed.
  • When Win2K was configured to authenticate against an MIT Kerberos domain, users attempting to change their passwords would receive an error message stating that their password must be 18,770 characters long.
  • A buffer-overflow vulnerability in HyperTerminal could have allowed arbitrary code to be run on a user’s computer under special circumstances.
  • The Win2K Telnet service contained a denial of service vulnerability that could have prevented an idle Telnet session from timing out. Multiple sessions could have prevented other users from establishing Telnet sessions.
  • An unchecked buffer in the Win2K Event View opened a vulnerability that could have allowed malicious code to be run.
  • An FTP vulnerability in IIS 4.0 and IIS 5.0 allowed unauthorized users to log in to the domain Guest account under certain conditions.

Known issues
Microsoft has acknowledged that users are experiencing some issues after installing SP3. Most of the issues appear to be related to incompatibilities between SP3 and older Win2K components. The following are a few of the problems that users have thus far reported with SP3:

  • Some users reported that they cannot start Office programs after installing SP3.
  • Installing some hotfixes released after SP3 can cause conflicts that result in the loss of functionality of either SP3 or the hotfix features.
  • If you use SP3 features to hide desktop icons or Start menu commands for Internet Explorer, Outlook Express, and Windows Media Player and then you uninstall SP3, you can’t restore desktop access to these programs.
  • Installing SP3 causes custom Internet printing ASP files to be overwritten.
  • After installing SP3, users can’t run Internet Explorer 5.5 (SP1) because SP3 doesn’t update Mshtml.dll. Users must update to IE 5.5 SP2 or IE 6.0.
  • Launching the Win2K SP3 setup wizard by double-clicking W2ksp3.exe in Windows Explorer can cause an error that shuts down Explorer.
  • When using IE 4.01 (SP2) or earlier, users may not be able to obtain certificates from Certification Authorities after installing SP3. Users must upgrade to IE 5.5 or later.

With SP3, Microsoft has addressed many issues relating to compatibility and security and has fixed problems in an effort to make Win2K a more secure and stable platform. SP3 is a needed step toward making Win2K a better all-around OS for users, but it’s not perfect. For answers to other general questions about SP3, check out Microsoft’s SP3 FAQ page.