Today we released a service pack blocking tool kit. You can probably guess what’s coming very very soon. This blocking tool is available for organizations that would like to temporarily prevent installation of Service Pack updates through Windows Update. This tool can be used with:
- Windows Server 2003 Service Pack 2 (valid through March, 2008)
- Windows XP Service Pack 3 (valid for 12 months following general availability)
- Windows Vista Service Pack 1 (valid for 12 months following general availability)
This toolkit contains three components. All of them function primarily to set or clear a specific registry key that is used to detect and block download of Service Packs from Windows Update. You only need to use the component which best serves your organization’s computer management infrastructure.
- A Microsoft-signed executable
- A script
- An ADM template
- The executable creates a registry key on the computer on which it is run that blocks or unblocks (depending on the command-line option used) the delivery of a Service Pack to that computer through Windows Update. The key used is HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate.
When the ‘/B’ command line option is used, the key value name ‘DoNotAllowSP’ is created and its value set to 1. This value blocks delivery of a Service Pack to the computer through Automatic Update or Windows Update.
When the ‘/U’ command line option is used, the previously created registry value that temporarily blocked the delivery of a Service Pack to the computer through Automatic Update or Windows Update is removed. If the value does not exist on the computer on which it is run, no action is taken.
- The script does the same thing as the executable, but allows you to specify the remote machine name on which to block or unblock delivery of Service Packs.
Note that the executable and script have been tested only as a command-line tool and not in conjunction with other systems management tools or remote execution mechanisms.
- The ADM template allows administrators to import group policy settings to block or unblock delivery of Service Packs into their Group Policy environment. Administrators can then use Group Policy to centrally execute the action across systems in their environment.
Please note that this toolkit will not prevent the installation of the service pack from CD/DVD, or from the stand-alone download package. This simply prevents the service pack from being delivered over Windows Update.