Why is MS acting so weird about SP2?

[Rombus]

I work for the Kent State ResNet department, and we decided we are going to push out SP2 to our residence hall students to help keep our network secure. We started looking at ways to distribute it to our students, since windows update isn’t the most reliable way to do it since over half of our students don’t WU no matter how much we tell them.



We were surprised to find that we cant distribute SP2 over any medium without MS approval! So we cant setup a internal server, we can’t burn it to our own disks. My boss found out that MS is offering SP2 CDs to universities and colleges so we started to look into that. Turns out we can get 1 CD for every 25 students, but to do so we have to agree to a 25 page legal document that goes so far as to tell us exactly when to stop distribution and to destroy the CDs we were given. Also according to the document we have to track what students we have given it to.



So……the question on all our minds is Why? Why is MS so strict about SP2? It would seem that you would want this distributed in any means possible so that a majority of your user base is protected.



Does this seem backwards to anyone else?

 

[t. shuffle]

I read today where MS had a site shut down that was offering it as a torrent file.
I can understand that, as they have no way of guaranteeing the integrity of the file, but what you describe does seem pretty odd.

 

[SJConsultant]

Where are you getting this information? As far as I read in the network install EULA, the only restrictions are that is must be deployed on systems which have a valid license.

 

[Carlosinfl]

amazing...they make it so difficult to patch up their own bs operating system.

Linux

 

[HHunt]

<paranoia>Perhaps the installer will phone home, and provide information that will be combined with the information on who got sp2, to track down all illegal copies?</paranoid>

No, I can't really find a way to make that work, but it's a nice theory

 

[Ranma_Sao]

Can you please link to where you read that? I'm interested in reading that, since I haven't heard that at work.

 

[[MS]]

So……the question on all our minds is Why? Why is MS so strict about SP2? It would seem that you would want this distributed in any means possible so that a majority of your user base is protected.

SP2 contains a lot of changes, there is good reason to be cautious.

SP2 changes some of the security settings in XP, adds new security in several places, and puts backwards compatibility as a lower priority. In the past, application compatibility was higher priority than it is now. Given these change in functionality, there is bound be some configurations or applications which have issues.

While I have no internal knowledge of why the rollout is slower, the first thing that goes though my mind is “So we don’t hurt our customers”. Because of the major changes, it seems to make sense that there would be a staggered roll out. It seems like the people that first got the final are in the best position to evaluate whether anything was missed (current beta testers, system builders, MSDN subscribers…etc). Because of the major changes, it makes sense not to dive in head first, regardless of any danger. It’s also possible that support is still ramping up for the release. I’d anticipate a spike in the number of support requests and if the support teams weren’t able to find enough people to hire, the staggered roll out may help ensure that any customers in need are able to get help.

So, while I can’t directly answer your question, there are a lot of logical reasons that could explain what’s happening (without going into conspiracy theories ).

 

[[MS]]

amazing...they make it so difficult to patch up their own bs operating system.

I'd think it far more likely that they simply want to limit any harm done to customers in case new issues turn up that require changing the service pack. Servicing hundreds of millions of machines is not a trivial thing.

 

[Rombus]

Here is the link to the PDF file we were looking at during work today (Sorry about not linking to it before, but I couldn’t find it the first time)
HEVDP Guide

One thing I did notice on this read though is that they are giving the students Norton Internet security 2k4 too, but I cant seem to grasp why! The onboard firewall has been improved, so why give another firewall program. I guess if they are providing licenses for IS2k4 too, then I could see the strictness of the CD, but it still doesn’t explain not being able to produce our own CDs or offer a server.



As for us not being able to provide a local place to download the service pack, the only thing I have to back that up is part of a email after our Network services department talked to our universities MS Contact:

Per all that MS has sent us so far:

Providing a local download copy of SP2 for University-owned machines ( with our MS agreement ): OK Providing a local download copy of SP2 for non University-owned machines:
NOT OK.

Non-university owned machines need to acquire SP2 through normal consumer channels, i.e. Windows Update.

Ill see if I can’t get something more firm info on Monday.


Last year at this time it was Blaster, This year its SP2….Ahhh the life of a student LAN admin

 

[jlee123]

Rombus,

Your best bet is probably to setup a SUS Server http://www.microsoft.com/sus. SUS is a free MS product that allows you to run your own Automatic Updates server. Then, using Active Directory or by some other means of changing registry settings on student's machines (network login script? file they must run in order to connect to network?) get each client to look at the SUS Server for updates. This method will get your XP as well as 2000 clients up to date. It can't be illegal either, MS is the one offering it! On a side note, I highly doubt MS would ever prosecute a university, business or organization for offering SP2 via network share . That'd be stupid.

 

[Rombus]

Rombus,

Your best bet is probably to setup a SUS Server http://www.microsoft.com/sus. SUS is a free MS product that allows you to run your own Automatic Updates server. Then, using Active Directory or by some other means of changing registry settings on student's machines (network login script? file they must run in order to connect to network?) get each client to look at the SUS Server for updates. This method will get your XP as well as 2000 clients up to date. It can't be illegal either, MS is the one offering it! On a side note, I highly doubt MS would ever prosecute a university, business or organization for offering SP2 via network share . That'd be stupid.

Network Services is already running an Akimi (Sp) server so we have a local server for windows update, The question here isnt how to deploy but why limit it so much?

Also, what you purpose might work in a small enviroment, or if we prepare for a semester or two and get approval from all the other departments, but in 2 weeks we have roughly 7000 students move in, and theres no way in heck we could implement that