View the Articles concerning XP-SP2
Your Next Gen OS, Code Named Longhorn

Welcome to Microsoft Windows XP Service Pack 2 Page
What you should know be fore you upgrade
The next generation

Home Browsers Microsoft Office 97 Site Search Windows

Windows XP's Service Pack 2 is here.
Are you ready for it?
Go directly to our index
Windows Vista: Here's the new stuff (photo gallery) TechRepublic-offsite

Windows XP SP2 Help & How To's

 

Featured discussion: First hand accounts regarding SP2
deploymentWindows XP Service Pack 2 is Here, but, is it ready? 
Are you ready for it? 
Be sure to check back often for all of the latest updates and concerns on this story:
Our Take on WXP SP 2
Be sure to read other concerns from the major publications
Windows XP SP2's Tools

Our Take on WXP SP2
We have bitten the bullet, closed our eyes and clenched our teeth and installed WXPSP2 on our test machines and our working machine. Read how it went for our test so you can determine if SP2 is something that is right for you. 
Please click here to see our review.
Be sure to read other concerns from the major publications
Microsoft Internet Explorer and the Pluggins
Outlook Express Changes
SP2's information bar

Read the rest of this site before you upgrade
Windows XP Web Site

One other notable item: the Windows XP site has been significantly redesigned, incorporating content on Windows XP Media Center Edition, Windows XP Tablet PC Edition and other related topics that were previously spread out over 11 separate areas. It now features all the how-to content in one spot, and organizes all downloads by type such as software updates, desktop enhancements, tools and utilities.

 

July 7, 2004 A pair of new Internet Explorer threats are currently unpatched
Two new Internet Explorer threats haven't been patched. Since one of them is addressed in Windows XP Service Pack 2, it may not be patched until the release of that Service Pack.

Some Problems to Expect:

Microsoft has compiled a list of incompatible applications that are "broken" by Windows XP Service Pack 2. SP2 was released to manufacturing on August 6.
You receive a "Data Execution Prevention" error message in Windows XP Service Pack 2
Some programs seem to stop working after you install Windows XP Service Pack 2
Your computer stops responding when you restart to complete the installation of Windows XP Service Pack 2
You receive a "Stop: c0000135" and "winsrv was not found" error message after you install Windows XP Service Pack 2
Your CD-RW drive is not recognized as a rewritable drive in Microsoft Windows XP Service Pack 2

With Zone Lab's Zone Alarm Firewall Installed:
    If you install this program, you receive a "PAGE_FAULT_IN_NONPAGED_AREA" error every time your computer starts.
    Or, If you install this program, you receive a Stop error every time your computer starts.
    Or This program does not install. If you try to install it, you receive an "8e" Stop error every time your computer starts.
    Or When you try to remove ZoneAlarm, you receive a Stop error message or your computer restarts before the uninstall  program finishes.
    See: http://www.zonelabs.com

Update: September 5, 2004; We have taken the plung and downloaded and run Windows XP SP2. The only problem, which is explained in this section link: FAQ: Windows XP Service Pack 2 and your Norton security products. 

The news from Redmond is that SP2 is not just a collection of patches, it's a more comprehensive addition of security code as well as other software bits and bobs--like an overhaul of the wireless LAN user interface--that will turn up on users' desktops as well. 

SP2 will trumpet the change to a system generally known as 'delta patching'--a term that Microsoft says will be changed to something "more fluffy" when the pack is eventually released--whereby patches will only download changes to a file, not the entire file itself. It's a change that Microsoft reckons will cut download times by 80 per cent and is aimed as a nod to the dial-up populace. 

So, what's in it? Well, let me tell ya, 

Security:
Security in Windows XP SP-2 is the primary goal of Redmond which means backward compatibility is going to suffer. Microsoft Patch Jobs are risky in any event, but this one is going to be really tough. Yes, you have heard right, the release date has been moved back, then back again, and now it is back even further, but most of the features are now ready for a download. Our tests indicate that SP2 is now ready for prime time. Of course, as with any Microsoft Update, be sure to take all of the proper precautions.
       I want an OS that will work at least as good after the patch as it did before the patch. Am I asking too much? 

What does Security mean for you?
Well, to put it point blank, if backward compatibility is going to suffer then some of your applications are going to crash and some may crash hard. If your lucky, then the programs will be fixable, if your not, then those programs are going to become history. It also means that some hardware that worked before the install, won't work after the install. So I say, go ahead and take your time Microsoft, take as long as you need, I'm in no great hurry..

The Firewall Saga:
The Windows firewall will benefit from the new release, with the firewall--newly renamed Windows Firewall from Internet Connection Firewall in a nod nod wink wink Marathon-style piece of corporate geekology naming--default switched to on, unless there's another one already in place. Got ZoneAlarm or one of the myriad of other third party firewalls already installed. We believe that one can never have to much protection, in this case, you'll need to tell Windows that the firewall should be on. Bog change? Bog deal! 
          Well, the firewall will be the first thing to load when Windows boots up. I suppose that is a plus though just barely. It's a lesson that Microsoft got from Blaster, where the delay between a machine loading and the firewall kicking in was just long enough for malware writers' creations to get a foothold
          The default settings will also have all ports closed, except when an application needs to send data through--with the idea of scuppering the zombie-making virus plagues of late.
         Things to watch out for include clashes with any alternative firewalls you have installed and disappearing hardware, such as print servers or network storage devices, on a network.
         Windows Firewall is much more configurable and has the added advantage of springing into action during Windows boot up, protecting your system right from the start.
          Another note should be taken here. While Win XP's SP2 Firewall protection is much improved, it doesn't stop outgoing data. This means that if your machine is infected by a key logger or Trojan Horse Virus, they will still be able to phone home with your credit card information. Best advise, grab a copy of Zone Lab's ZoneAlarm. The basic package is free but the pro and premium versions are pay for play.
          View a video from Lockergonme on setting up the WXPSP2's new firewall [Click Here]

Popup Blocking:
          
Adware and spyware writers' favorite tricks will be banned by the pack: Microsoft have promised no more pop-unders, no more unwanted Flash ads, no ads bigger than the screen so that you can't find the close box, that kind of thing.
           For those of you using Flash, there are settings to enable certain pops with the use of "Permission Lists". Think of it as a built in challenge for the spyware writers. Like anything else in the virtual world, it will be circumvented before SP-2 hits the download center.
           Microsoft, after the competition were off licking their wounds, allowed Microsoft Internet Explorer to rest on its laurels. In SP-2 however, MSIE is getting a face lift with the afore mentioned popup blockers and spyware blocking. For my money, the MSIE add on called MyIE2 already has light-years over the current MSIE 6.0 version. We have been using MyIE2 for about eight months now and aside from a program bundled with it called UCMore (If you download and install MyIE2, be sure not to install UCMore...loaded with spyware) which should be avoided like the black plague, we have grown to love it and it has become our exclusive browser now.

In our never say never department:
Sense we wrote the above advise, more Microsoft Internet Explorer flaws have been found. Big surprise? If so, where the heck have you been cyber surfing?  Okay, it shouldn't be any surprise to us least of all but, we got caught with our pants down and it was indeed drafty around here for a time. Okay, so what is the scoop now? Our plan is, to of course, test Microsoft Internet Explorer 6 SP2 when we get the nerve, but for now, we are advising anyone who will listen, to switch to another browser. Our current favorite is Mozilla's FireFox and our favorite email client, other than Outlook which is another lesson in security, is Mozilla's Thunder Bird. Learn more of what we speak [ here ]. Another good choice is Netscape's new browser package, Netscape 7.2. Learn more about this browser from the Netscape website [ here ]

Best advise now? Skip MyIE2, it is simply a pretty face for MSIE which is anything if it isn't secure; which of course, it isn't.

Outlook Express:
"Outlook Express in Windows XP SP2 will now block images automatically in messages from people who are not in your address book."

While I applaud Microsoft's efforts, I am not sure that it is a good idea to make this a sticky problem by default.

According to Microsoft's Knowledge Base, they have an article on this topic and a solution to turn off the new default:

"Images are blocked when you open an e-mail message in Outlook Express on a Windows XP Service Pack 2-based computer"
http://support.microsoft.com/default.aspx?kbid=843018

There are 3 work arounds to this problem:

1. Educate your email list members to add you to their address book (You should be doing this already anyway)...
2. Educate your email list members on how to turn off the "Block images and other external content in HTML e-mail" option.

Here's how:
1. Click Start, point to Programs, and then click Outlook Express.
2. On the Tools menu, click Options, and then click the Security tab.
3. Click to clear the Block images and other external content in HTML e-mail check box.
4. Click Apply, and then click OK.

3. This last one you may not like, but here it is: Don't publish in HTML emails. By sending plain text emails, you will improve your email deliverability rate because most spam scoring systems rank html emails as "closer to spam" than plain text. It's just an ugly, but true fact.

I personally lean towards option #1 above as the more friendly approach to this problem.

If your email list members are B2C (Business to Consumer focused), perhaps this won't be a big deal for you as your end users may not be using the corporate standard of Microsoft Outlook for their email program.

Administrators Rule, in 2:
          Corporate networks will also be able to gain greater control of policies to stop the security slackers bringing in viruses via connections to infected work laptops or home PCs. As system administrators often vocally testify, end users are still a key area of security weakness; Microsoft is banking on dialogue to conquer the problem. Neglecting to reboot a machine after installing a patch is one bugbear - it leaves users thinking they're patched and leaving their machine wide open as ever.

Microsoft Internet Explorer and the Pluggins

While security experts applaud Microsoft's recently released Service Pack 2, some companies that distribute their software over the Web are watching the product's introduction with dread and suspicion.

For years, software developers have offered applications to the world in Microsoft's Internet Explorer Web browser through the company's powerful proprietary API (application programming interface) called ActiveX. The technology starts up external applications, or "plug-ins," within a Web page. 

But a tool that can run good software in a browser can also run bad software, and as a result ActiveX has been implicated in a wide array of security scenarios, most recently in the surreptitious installation of adware, spyware and worse.

Microsoft's long-delayed and glitchy Service Pack 2, the security-focused update for the Windows operating system released this month, clipped ActiveX's wings with a more cautious alert system that springs into action when a Web site tries to run an ActiveX control, sprout a pop-up window or run other code.

In the past, IE prompted users with a simple "yes" or "no" option on a security screen before allowing plug-in installations. With SP2, Microsoft blocks ActiveX controls from running by default and flashes an explicit warning that unknown software can cause harm to a PC. Users who still want to install a plug-in must now take a series of complex steps to override the protection scheme.

The changes have alarmed some software vendors that depend on ActiveX and has aroused suspicion that Microsoft is using security imperatives to further its strategic ends.

The good news?
Well, sorta!
          Microsoft says the dialogue boxes will be "more persistent"--one item will see the 'Remind me later' option for the post-patch reboot disappearing altogether. The number of times such rebooting is needed has also shrunk, the theory goes.
          When will SP-2 be out?  It hasn't been decided, but word from Redmond is; the Microsoft team was working on a provisional timetable that would see the service pack hit users at the end of July. Of course they are very careful not to say of what year.

The question isn't if to switch to SP2 but when.  The prudent course is to wait a few weeks after the final public release of SP2 - let other people and companies be the guinea pigs. Give other software makers a chance to update their products to full SP2 compatibility and install those updates before you install SP2.

Before you install any version of SP2, follow some basic precautions:

When the final release of Service Pack 2 does arrive, you'll find it's no mere patch. In fact, SP2 is no mere service pack. It's a major upgrade and installing it is not dissimilar to upgrading from, say, Windows Me to Windows XP. The service pack, as it currently stands, weighs in at about 275 megabytes and you'll need around 800M of free disk space to install it -- appreciably more if you want to create an uninstallation folder, which is a must.

Update:
Rough patches for Microsoft's SP2
Roundup: Redmond puts automatic updates on hold to let businesses uncover glitches. Also: Some security work remains to be done.
C|Net | Read Full Story
I don't want to be an I told you so, but........................


The Conflab About XP-SP2:
Don't update without it
Q&A

For more on SP2 see this Microsoft Beta News article: Service Pack 2 for Windows XP

Microsoft extends block to SP2 auto update
Corporate customers now have until early 2005 to tinker with things before ingesting XP's Service Pack 2.
C|Net | Read Full Story

PC makers: Look before taking SP2 leap
Many PC makers have a list of drivers and other patches that should be in place before installing the OS update.
C|Net | Read Full Story

Ready to install SP2?
Problems, delays dominate headlines; CNET expert offers advice for home users.
Dan Farber

Microsoft recommends uninstalling SP2 to some AMD users
Microsoft has published an article in its online Knowledge Base that addresses an incompatibility between a security feature in SP2 and AMD64-based systems in certain configurations. The article says that the normally prescribed method for dealing with such incompatibilities "may" work, but goes on to say that the only guaranteed fix is to uninstall SP2. READ FULL STORY | ZdNet

ZDNet tests uncover SP2/VPN conflict
ZDNet's tests of Microsoft's Service Pack 2 for Windows XP have uncovered a conflict between SP2 and virtual private networks that rely on both the L2TP and Network Address Translation (NAT) standards. In tests, installation of SP2 resulted in the disruption of previously functioning VPN connectivity. Microsoft officials claim that the change in Windows' default behavior was intended, but will be adding a document to its online knowledge base that explains how to restore connectivity. George Ou reports on this issue, and has the fix.
READ FULL STORY | ZdNet
See also: Stumbling over SP2

 
Robert Vamosi

Security Watch: Windows XP SP2 more secure? Not so fast
by Robert Vamosi

It's late. It's large. But Microsoft's much heralded Windows XP Service Pack 2 has finally arrived. Right now, manufacturers and large-systems operators are getting their first look at the final version of SP2. By the end of the month, automatic desktop downloads will be available via Windows Update, then on free CDs. At first glance, the release suggests that Microsoft has finally gotten serious about upgrading Windows' security. But before you get too excited, please take a moment with me to slice through some of the hype and hoopla coming out of Redmond, Washington. Toward eliminating Internet threats, there's still a lot of work yet to be done--both by Microsoft and by you and me.

Microsoft lists SP2 conflicts
The company has issued a list of nearly 50 software applications and games that may encounter problems with its Windows XP Service Pack 2 update.
Related items:

David Berlind
IE flaw under SP2: User’s problem or Microsoft’s?
As digital security evolves and improves, hackers will turn more and more to seducing users into doing something that they wouldn’t otherwise do - an art known as social engineering. The shift raises the question of how far must a vendor such as Microsoft go to protect end-users from social engineers. Dragging and dropping objects on Web pages -- what the user must do in order for this most recent exploit to be successful -- is not unheard of. For example, it’s a commonly used technique for online games such as chess. The malicious code’s ability to self-install itself on next boot-up seems a little lax as well. So, who’s to blame if you get snared in a social engineer’s net? You, or Microsoft?
READ FULL STORY | ZdNet
Special Report: SP2 on the hot seat

SP2's new firewall: Better than nothing, but not good enough
Even before Microsoft's XP Service Pack 2 (aka *Security* Pack 2) was released to manufacturing Friday, Zone Labs had jumped on the new Windows security API with compatible versions of its personal firewall products. Are the third-party products from Zone Labs, Sygate and others better than the new Windows firewall? Absolutely. Are they as good as they can be? Hardly. With so much work to be done on personal firewall technology, the dedicated vendors may indeed stay ahead of Microsoft. But, should Microsoft go out and buy a big security provider, the entire game will change.
READ FULL STORY | ZdNet.com

Keystroke loggers must send Microsoft back to firewall drawing board
Are you as scared as I am? Neither Internet Explorer nor the best anti-virus defenses were well-prepared to do a thing about one of the two keystroke loggers that dominated this week's tech headlines. Here's one thing this disturbing news made clear to me: Microsoft will be making a critical mistake if its new personal firewall included with Service Pack 2 to Windows doesn't have a facility for outbound blocking. Here's why your security could depend on it.
READ FULL STORY | ZdNet.com

See also: Why your personal firewall could be obsolete

Internal IBM memo: 'Don't install SP2 yet'
IBM last week told employees to hold off installing SP2 until the company can fully test and customize it. IBM's technology department, which maintains about 380,000 desktop PCs, said the delay is "due to known application problems and incompatibility with IBM workstation applications." While testing new software may be standard operating procedure for any conscientious IT shop, SP2's stew of new Windows components mixed with patches, bug-fixes, and critical security updates released since SP1 complicates the regression testing that large enterprises must go through to ensure the compatability of software. Could IBM's leaked memo affect the approach that other companies take to SP2?
READ FULL STORY

SP2: Just how useful is it?
As the latest offensive in Microsoft's Trustworthy Computing Initiative, the just released Windows XP Service Pack 2 is facing some high expectations. Sure, SP2 is a must-have, but just how useful is it? Considering SP2's extremely flawed firewall coupled with the lack of hardware support for an imporant feature known as Data Execution Prevention, customers must be realistic about how secure SP2 will make their systems--and what they should do in addition to SP2 to buttress their security. In this audiocast, David asks Rich Kaplan, vice president of Microsoft's Security Business & Technology Unit, how SP2 measures up.
PLAY AUDIO

Windows XP SP2 RC2 and the New Windows Update

Windows XP SP2 RC2 and the new Windows Update   

Microsoft Windows XP Service Pack 2 (SP2) Release Candidate 2 (RC2) is now available for testing in both downloadable "network installer" and Windows Update-delivered "single machine update" versions. If you are only updating one machine, you should install Windows XP SP2 RC2 through Windows Update. In most cases, your download time will be greatly shortened, and you will also have the Release Candidate version of the Windows Update V5 client installed. If you are updating multiple machines, download the full installation package. Read more.


Windows XP SP2's Tools:

Tool list

Here is a list of the tools modified and/or updated by SP2, as provided by Microsoft, and a brief description of their functions:

ipseccmd.exe: This command-line tool manages and monitors IPSec policies.

To add rules to existing IPSec policies, you would use the default dynamic mode available with this tool. The typical syntax to add a rule using ipseccmd.exe follows this pattern (which is also available in the Support Tools Help File that installs with the tools by default):

The ipseccmd.exe tool is updated by SP2 to include, among other things, improved online help that can be accessed using the /?switch.

Formatting legend

The syntax lines used in this article are displayed using the typical Microsoft conventions, shown in this table:

Format

Meaning

Italic

Information that the user must supply

Bold

Elements that the user must type exactly as shown

Ellipsis (...)

Parameter that can be repeated several times in a command line

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

Set of choices from which the user must choose only one

Courier font

Code or program output


httpcfg.exe: The HTTP Configuration Utility is used to control configuration information for the HTTP driver.

The HTTP Configuration Utility was originally part of the Windows Server 2003 set of support tools, but it has been brought over to XP with the release of SP2. Here is the basic syntax for this tool:

This utility allows the user to communicate over HTTP without using Microsoft Internet Information Services (IIS).

replmon.exe: The Active Directory Replication Monitor tool is used to view Active Directory configurations.

SP2 updates this tool to resolve an inability to display more than 200 replication partners. The Active Directory Replication Monitor has a graphical user interface with context-sensitive menus and can be used to generate general status reports, display topology, etc.

Iadstools.dll: This is a support DLL for Active Directory Service Interfaces.

SP2 updated this tool to resolve a problem in which the GetDirectPartnersEx function did not support more than 200 ConnectionObjects. You can use the ladstools.dll in combination with Visual Basic Scripts to extract Active Directory information and to access the associated APIs.

extract.exe: This is the utility for extracting individual files from CAB files.

The extract.exe tool is basically the same after SP2, except that additional parameters for bounds-checking have been added to the available options.

bitsadmin.exe: This utility controls the Background Intelligent Transfer Service (BITS).

Originally part of Windows Server 2003, the command-line utility BITS is used to transfer files asynchronously between a client and a server. SP2 added several new command-line options to the utility, including an option that transfers a single file by using a single command, and another option that repairs a corrupted BITS installation.

netdom.exe: This utility is used to manage domain configurations.

The netdom.exe tool has been updated by SP2 to include options for adding a computer to a domain or workgroup and for renaming computers already in the domain. The general syntax for this command-line utility follows this pattern:

Installation

Microsoft recommends that you uninstall any previous versions of the Support Tools before you run the SP2 Tools installation program. You should also keep in mind that the XP Support Tools will install only on a system with the XP operating system.


Q&A

Will ZoneAlarm work with Windows XP SP2?

Q: I already have the ZoneAlarm Pro firewall. Is it better to use the SP2 firewall and turn off ZoneAlarm or the other way around? Thanks.

Question posted by: Tobias

A: Use them both. The Windows XP SP2 firewall blocks only incoming traffic; it does nothing against spyware or Trojan horses that will try to broadcast your Web surfing habits or credit card information out to the Internet. A good third-party firewall such as ZoneAlarm will stop malicious traffic that's both inbound and outbound.


Windows XP won't boot after installing SP2 
– a BIOS update may be necessary

Installing Microsoft Windows XP Service Pack 2 on a PC with a "Prescott" CPU and certain chip sets can cause it to fail to reboot completely. The problem can be solved with a workaround or a BIOS update.

Depending on the chipset, motherboard manufacturer, BIOS version, and CPU, installing Microsoft Windows XP Service Pack 2 can result in an unbootable computer system. The problem is generally associated with Intel "Prescott" CPUs and its chipsets, but not every such combination will cause a problem. As of this writing, motherboards exhibiting the behavior include:

* Albatron PX865 PE Pro
* Shuttle SB61G2
* Jetway i875P
* Soyo P4I865P
* Aopen AX4SG Max
* Asus P4P800-E deluxe
* Abit IS7-V
* Foxconn 865A01-G-6EKRS

Technically speaking, the problem revolves around the machine's BIOS not installing a production level microcode update. To check whether the BIOS is at the correct level, download the Intel Processor Frequency ID utility. The microcode version is identified by this utility as CPU Revision, which should equal at least 8.

Solution 1

If the Intel utility shows that you have the wrong microcode version, the primary solution to the problem is to update the system BIOS for your motherboard before you install SP2. Here are some motherboard manufacturer links:

BIOS updates

BIOS updates can be dangerous—please follow the manufacturer's instructions very closely to avoid a major catastrophe.

Solution 2

If you have already installed XP SP2 and have a PC that will not boot because of this microcode version problem, there are two workarounds you can try to get to a bootable state.

In the BIOS setup you should temporarily disable the L1 and L2 cache. On some motherboards, this will allow the computer to boot. You should then remove SP2, turn the L1 and L2 cache back on, and then update the BIOS to reflect the correct microcode version. After completing these steps, you should be able to re-install SP2 without running into this particular problem again.

If disabling L1 and L2 cache does not work, you can use a second workaround suggested by a representative at Intel: Boot the problem computer with an alternative OS or to the safe mode command line if possible. Assuming you can get to the Windows directory on the boot partition, navigate to this file and change its name so that it does not load the next time the machine is booted:

windows\system32\drivers\update.sys

After rebooting you should be able to install XP SP2, but keep in mind this is a temporary fix—the system will be unstable until you update the BIOS and reactivate the update.sys file