Service Packs

Microsoft releases Service Packs to consolidate critical updates, security rollups, hot-fixes, driver updates, and feature enhancements. You must stay current with Service Packs to maintain the security and integrity of your enterprise network. Software Update Services, discussed in the previous Topic, does not distribute service packs. To keep your network completely up to date with critical patches, you need to implement the skills covered in this Topic, which will allow you to deploy service packs by means of Group Policy.

Downloading and Extracting Service Packs

When a service pack is released, Microsoft makes it available for installation and download from the Microsoft Web site. A service pack can be installed directly from a Microsoft server, in which case the client launches the service pack setup from the Microsoft site and a small setup utility is downloaded to the client. That setup utility reconnects to the Microsoft server and controls the download and installation of the entire service pack. Service packs are generally sizeable, so performing this task machine-by-machine is not an efficient deployment strategy in all but the smallest environments.

Service packs can also be obtained on CD from Microsoft and through many Microsoft resources, such as TechNet and MSDN. Service Pack CDs often include extras, such as updated administrative tools, new policy templates, and other value-added software. In an enterprise environment, it is therefore recommended to obtain the service pack media.

When you do not have access to a CD containing the service pack, and you want to deploy the service pack to more than one system, you can download the entire service pack as a single file, again from the Microsoft Web site. The service pack executable, if launched (by double-clicking, for example), triggers the installation of the service pack. This single-file version of the executable can also be extracted into the full folder and file structure of the service pack, just as it would be on the service pack CD, but without the value adds.

To extract a service pack, launch the executable from a command prompt with the -x switch. For example, to extract Windows XP Service Pack 1, type xpsp1.exe -x. You will then be prompted for a folder to which the service pack is extracted. Once the pro­cess is complete, you will see the full service pack folder structure contained in the tar-get folder. You can then launch installation of the service pack, just as from the CD, by double-clicking I386\Update\Update.exe.

Deploying Service Packs with Group Policy Service Pack installation requires administrative credentials on the local computer, unless the service pack is installed via Group Policy or Systems Management Server (SMS). Because service packs apply to systems, it is necessary to assign the service pack through computer-based, rather than user-based, group policy.

To distribute a service pack, create a shared folder and either extract the service pack to that folder or copy the contents of the service pack CD to the folder. Then, using the Active Directory Users And Computers snap-in, create or select an existing GPO. Click Edit and the Group Policy Object Editor console appears, focused on the selected GPO.

Expand the Computer Configuration\Software Settings node. Right-click Software Installation and choose New, then Package. Enter the path to the service pack’s Update.msi file. Be certain to use a UNC format (for example, \\Server\Share) and not a local volume path, such as Drive:\Path. In the Deploy Software dialog box, select Assigned. Close the Group Policy Object Editor console. Computers within the scope of the GPO—in the site, domain, or OU branch to which the policy is linked—auto­matically deploy the service pack at the next startup.