Windows 2000/XP SP Deployment

 

How can I install service packs on my Windows 2000/XP clients by means of Windows Installer and Group Policy?

This scenario explains how to install the service pack from a shared distribution folder on a network by using Windows Installer. This installation method installs the service pack on computers that are already running Windows 2000.
This section assumes that you have a basic understanding of Windows Installer, as well as a working knowledge of Group Policy and Active Directory. For more information about Windows Installer, Group Policy, or Active Directory, see the Microsoft Windows 2000 Professional Resource Kit or the Microsoft Windows 2000 Server Resource Kit (included in the Support.cab file on the service pack CD).
If you plan to deploy the service pack using Group Policy, you are advised to follow the instructions given in article 302430, “HOW TO: Assign Software to a Specific Group By Using a Group Policy,” in the Microsoft Knowledge Base.
Note: This page holds information about the W2K SP4 deployment, but it is also true for SP3 and XP SP1/1a.

Using Windows Installer

Service Pack 4 (as well as SP3) contains a Windows Installer package file (Update.msi) which contains all of the information that Windows Installer requires to install or remove the service pack and to run the Setup user interface. This package file describes the relationships among service pack features, components, and resources. The package file also contains an installation database, a summary information stream, and data streams for various parts of the service pack installation.
You can use the Software Installation and Maintenance feature in Windows 2000, which uses Windows Installer and the Update.msi file to create a Windows Installer package that installs the service pack. The Software Installation and Maintenance feature uses a Group Policy object (GPO) to deploy the package (on networked computers) within Active Directory containers, such as sites, domains, and organizational units that are associated with the GPO.
After you assign the package, Windows Installer installs the service pack automatically when the users start their computers. The users do not choose to install the service pack. Note that only a network administrator or someone who is logged on to a local computer as an administrator can remove the assigned software.
You can determine whether the service pack installation was completed successfully by doing either of the following:

  1. Run winver.exe and view details about the Windows version and service pack that are running on your computer.

 

  1. Use the Event Viewer by clicking Control Panel, clicking Administrative Tools, and then clicking Event Viewer.

To work around an issue caused by the installation not being completed successfully, move the computers out of the scope of the service pack deployment to another organizational unit, restart the computers, move them back to the organizational unit that has the service pack deployed, and then restart the computers a second time. This redeploys the service pack to the client computers. You can use Active Directory Users and Computers to move the computers from one organizational unit to another.

Removing Previously Installed Service Packs

Microsoft does not recommend removing earlier service packs from your computer before you install a new one. However, when you want to prevent the automatic installation of an earlier service pack on computers added to your organizational unit (for example, to prevent computers from being upgraded to Service Pack 3, because SP4 is now available), you can do so by performing the following procedure. For information about removing service packs that were deployed with Group Policy, see Removing a Service Pack Deployed by Using Group Policy later in this guide.
To remove an earlier service pack:

  1. In the console tree, double-click Active Directory Users and Computers to expand the tree, double-click the name of the domain where the organizational unit that is receiving the service pack resides, and then double-click the applicable organizational unit name.
  2. Right-click the Active Directory object that the MSI package is applied to, and then click Properties.
  3. Double-click the GPO you want to edit (for example, Desktop SP4 Upgrade).
  4. In the Group Policy snap-in, double-click Software Settings under the Computer Configuration node.
  5. Right-click the software package you want to stop installing on computers newly added to your organizational unit (for example, Windows 2000 Service Pack 3.
  6. Click All Tasks and then click Remove.
  7. Click Allow users to continue to use the software, but prevent new installations and then click OK.

Assigning Service Pack 4 to Computers

This procedure explains how to assign the service pack to computers managed by a GPO. For your installation, you might want to associate the GPO with a different Active Directory container. To assign the service pack to computers by using Group Policy, you must do the following:

  • Create a shared network distribution folder.
  • Create a group policy for SP4 deployments.
  • Apply the policy to assign the service pack to the computers.

Each of these procedures is explained in detail in the remainder of this section.
If you used Add/Remove Programs to remove a service pack that was deployed by using the Update.msi program, you cannot automatically deploy it again by using Group Policy.
For the following procedure, “E:\” represents the drive of the network or computer where your distribution folder is located.
To create a shared network distribution folder:

  1. Connect to the network or computer on which you want to create the distribution folder.
  2. In the shared folder on the network, create a distribution folder for the service pack.For example, to create a distribution folder named SP4, type the following:mkdir E:\SP4
    You must set the appropriate permissions to share your distribution folder so that users have read and execute access only and administrators have full-control access to the folder.
  3. Copy the service pack files and folders to the source files folder that you created in step 2.
  4. At the command prompt, type E:\SP3\W2ksp4.exe -x, and then press ENTER.
  5. When prompted, provide the path for the folder (for example, the source files folder) to which you want to extract W2ksp4.exe.

To create a group policy for SP4 deployments:
For an SP4 deployment, you can either create a new group policy or use an existing GPO. In the Microsoft Management Console (MMC) console, open the Active Directory Users and Computers snap-in. The Active Directory Users and Computers snap-in includes tools for Group Policy and software installation and maintenance. You can use these snap-ins to assign the service pack to computers in an organizational unit.

  1. In the console tree, double-click Active Directory Users and Computers to expand the tree, double-click the name of the domain where the organizational unit that is receiving the service pack resides, and then double-click the applicable organizational unit name.
  2. Right-click the Active Directory object that the MSI package will be applied to, and then click Properties.
  3. On the Group Policy tab, click New, type Desktop SP4 Upgrade, and then press ENTER.

To apply the group policy and deploy the service pack to the client computers:

  1. On the Organizational Unit Properties page, click the Group Policy tab and then double-click the GPO you want to edit.
  2. In the Group Policy snap-in, double-click Software Settings under the Computer Configuration node.
  3. Right-click Software installation, click New, and then click Package.
  4. In the Open dialog box, browse to the i386\Update folder and then open the Update.msi file.
  5. In the Deploy Software dialog box, verify that the Assigned option is selected, and then click OK.
  6. Close the Group Policy snap-in, the Group Policy page, and the Console menu.