Service Pack 2: This time, it's serious

Microsoft is about to make Service Pack 2 a must-have for enterprise XP installations. It's time to get with the programme
Written by Leader , Contributor

Although XP's Service Pack 2 has been around since last August, system administrators have been unenthusiastic about its deployment. Fewer than 25 percent of enterprise PCs running XP have been upgraded to SP2.

That's not surprising: although SP2 introduces a number of important and overdue features to Windows, it has a reputation for stopping things from working. By some measures, up to 70 percent of existing enterprise network applications have problems when untweaked SP2 is applied. Nobody wants that pain.

Yet given that the original mess is largely of its own making, Microsoft has been behaving with pragmatic good sense in cleaning things up. During the wilderness years of Windows security, much software was written that of necessity assumed an open system. By introducing much-needed security in stages, Microsoft has given system administrators time to learn how to work in the new environment.

That time is running out. As of 12 April, Microsoft's deferment option — where admins could take advantage of an option blocking the automatic download of the software pack — expires and SP2 will become an almost-compulsory update for XP installations. You can put it off even longer by assuming responsibility for deploying all updates and patches via a local server, but — unless you have critical reasons for further delay — now is a very good time to go with the flow.

Last month would have been better. Microsoft recommends, and we concur, that you roll out SP2 on a representative sample of clients first, taking the opportunity to fine-tune the group policies needed to avoid machine-by-machine configuration. There is copious online help available, although you will need to take care about clear demarcation between domains. Third party tools are available, but probably not necessary.

Bite the bullet. There are genuine concerns about Microsoft forcing updates for revenue reasons, but not in this case. The framework in SP2 is going to provide the basis for client, server and application security for the foreseeable future. It cannot be put off forever.

Editorial standards