Datasheet
4
CHAPTER 1
GETTING AND INSTALLING SP1
Getting SP1
Assuming that you need SP1, you can get SP1 in a number of ways:
◆
Automatically via Microsoft Update
◆
Automatically through Windows Server Update Services
◆
Order it on CD from Microsoft
◆
Download it from Microsoft
Anyone who’s used a computer in the past few years knows by now that (1) Microsoft code has
bugs, (2) some of those bugs can enable bad guys to write programs that enable those bad guys to
control our computers, and (3) sadly, this isn’t just a remote possibility, it happens a few times a
year. Worms with names like Code Red, Nimda, Spida, SQL Slammer, Blaster, Sasser, and Zotob
have, at various times between early 2000 and now, caused havoc amongst Microsoft users and the
Internet as a whole. So most of us know by now that Security Rule Number One is “patch!” The sec-
ond Tuesday of every month, Microsoft releases announcements of discoveries of various security
bugs and patches to fix those bugs so that the worms stay away. This monthly event, known as
“Patch Tuesday” to us already overworked administrator types, means that we’ve got to get the
latest patches and get them on our systems.
Most of us get and deliver those patches in one of two ways. First, we can have every one of our
servers and workstations connect daily to a special website run by Microsoft called Microsoft
Update.
TIP
Despite the fact that the website in question is probably one of the ten most visited and well
known websites in the universe, let me offer its URL for the sake of completeness:
http://
update.microsoft.com
. (And I do mean “universe”—I’ve heard rumors that Microsoft’s web
server logs indicate some patch downloads occurring to clients using IPv
35
!)
Any system running Windows 2000 (Server or Pro) with SP3 or later, Windows XP with SP1 or
later, and any copy of Server 2003 have built into them some web tools that can be configured to
automatically hook up to Microsoft Update. It’s a nice, convenient way to get patches without
thinking about it. But it
can
be a bit of a pain in the neck, as there have been a few Patch Tuesdays
when I left a file unsaved on my Desktop only to stumble into my office the next morning with a
hot mug of Earl Grey (Twinings or Stash, of course) in my hand and see the Windows “Please press
Ctrl-Alt-Del” Welcome screen on my monitor. (I’m such a Boy Scout that I configured Microsoft
Update to reboot my system automatically if it deems it necessary, so it’s really my fault, not
Microsoft’s.)
Microsoft Update’s not a bad answer for patching, but if you’ve got a bunch of systems, then
it can be horribly inefficient in terms of download bandwidth. For example, a while back Microsoft
released a service pack for Internet Explorer 6 that ran around 10MB. Now, that may not seem like
much, but consider what happened on the evening of Patch Tuesday at a company with 1000
workstations. In total, that firm would have downloaded that same 10MB 1000 times, turning a
small 10MB download into a bandwidth-squandering 10 GB. Ugh.
So Microsoft offers Windows Server Update Services (WSUS), an application that you can run
on a 2000 or 2003 server. WSUS acts as a kind of “local Microsoft Update.” Whatever server you’ve
installed WSUS on sucks down the patches from Microsoft’s Microsoft Update servers, and then
you configure your internal systems to no longer check with Microsoft’s servers for patches but
instead to look to your WSUS server.
56452.book Page 4 Wednesday, August 30, 2006 4:52 PM