With Windows XP Service Pack 2 now in wide release, many administrators are scrambling to get it rolled out to as many computers in their organization as possible. However, there may be some machines that administrators do not want to have updated, although they may still want them to be able to participate in other automatic software updates (just not Service Pack 2).
There may be several reasons for this. For instance, an administrator may want to compare the behavior of a networked pre-SP2 system with post-SP2 systems under controlled circumstances, or make sure that certain applications on a given system are still running.
The way to accomplish this is by taking advantage of a feature in Automatic Update which can block updates specified in a Registry setting. This can be set either through a policy (to enforce changes across a group of computers) or a simple script run on one computer at a time. In HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows
WindowsUpdate, add or create a DWORD named DoNotAllowXPSP2 and set it to 1.
Because of the importance of Service Pack 2, this feature will only allow SP2 to be blocked in this fashion for 120 days from August 16, 2004 forward.
Microsoft engineers have also written a script that allows the blocking function to be deployed across one or many computers in an organization, which can be found at Microsoft. The script takes a single switch: /b to block, and /u to unblock SP2 auto-delivery.
Full details about the blocking feature can be found on Microsoft's site.
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!
