Subscribe

Receive updates via email:

 Updates via RSS

Tag Cloud

Blog Archive

Friday, May 09, 2008

Installation of Windows XP Service Pack 3 (SP3)

Earlier this week, I noticed that Windows XP Service Pack 3 (SP3) became available to my IBM -- err, Lenovo -- Thinkpad T61 via a Windows Update notification. I was somewhat surprised since I had not closely tracked or seen a ton of fanfare around Windows XP Service Pack 3.

Still every time I see a Microsoft Windows service pack, my initial reaction is to forget about it until I hear how it is going. That is mainly based on all the experiences I had back in the Windows NT 4.0 days. Does anyone else remember Service Pack 6 turning into Windows Service Pack 6a overnight?

However, I have become more and more confident (careless?) with subsequent operating system service packs from Microsoft, installing both Windows XP Service Pack 2 (SP2) and Vista Service Pack 1 (SP1) on my machines without thinking much of it. Recently I have reached a pretty high level of dissatisfaction with my Windows XP OS on my laptop -- and figured it could not make things worse. So, I downloaded the Windows XP SP3 to install it.

The routine (which I detail below) was a pretty standard Microsoft process -- inspect my system, verify space, backup the files, and then apply the service pack. Follow that up with a reboot and your system is upgraded to Windows Version 5.1 (Build 2600.xpsp.080413-211 : Service Pack 3).

For me, it went flawlessly and had some good surprises. First, my machine had awful performance when going into and coming out of sleep modes on the laptop. It was not uncommon for the XP operating system to take 5 minutes to come out of sleep mode and become usable again. Sleep 3-4 times in a day? Forget about it -- I was better off rebooting. However, since the upgrade I have put the computer to sleep many times and am experiencing excellent performance once again. Much to my surprise. Perhaps I will not have to throw my laptop out a window!

Overall, I am very satisfied with this service pack from Microsoft. Below are some additional details and some shots of the process if you are looking for more information.

Windows XP Service Pack 3 is the last of the Service Packs that Microsoft will be offering on the Windows XP operating system line. While it has been 3 years since Service Pack 2, many corporations and end users have resisted the move to Windows Vista and forced Microsoft to produce this service pack while continuing support for Windows XP.

It is important to know that Microsoft is requiring a minimum OS level of Windows XP Service Pack 1 and recommending Windows XP Service Pack 2 before installing Service Pack 3 on your machine. This is a significant deviation from previous service packs where they were a roll-up of all previous service packs meaning you can just install the latest and greatest. If you are building a Windows XP system from the ground up -- best to start with Windows XP Service Pack 2 and then apply the Service Pack 3.

Of equal note, Windows XP Service Pack 3 is for 32-bit (x86) systems only and is not compatible with 64-bit (x64) versions of Windows XP.

Here are some high level details on the fixes and performance enhancements that Microsoft included in Service Pack 3:

Windows XP SP3 includes all previously released Windows XP updates, including security updates and hotfixes, and select out-of-band releases. For example, the service pack includes functionality previously released as updates, such as the Microsoft® Management Console (MMC) 3.0 and the Microsoft Core XML Services 6.0 (MSXML6).

Microsoft is not adding significant functionality from newer versions of Windows, such as Windows Vista, to Windows XP through XP SP3. For instance, Windows XP SP3 does not include Windows Internet Explorer 7, although Windows XP SP3 does include updates to both Internet Explorer 6 and Internet Explorer 7, and it will update whichever version is installed on the computer. For more information about Internet Explorer 7, visit the Internet Explorer home page.

One notable exception is that, SP3 does include Network Access Protection (NAP) to help organizations that use Windows XP to take advantage of new features in the Windows Server® 2008 operating system.

Knowledge Base article 936929 lists all other all Knowledge Base articles associated with updates that are included in Windows XP SP3. The following sections also provide a high-level description of the functionality included in Windows XP SP3.
Previously Released Functionality

MMC 3.0
MMC 3.0 is a framework that unifies and simplifies day-to-day system management tasks in Windows by providing common navigation, menus, toolbars, and workflow across diverse tools. Microsoft Knowledge Base article 907265 describes this functionality in detail.

MSXML6
MSXML6 provides better reliability, security, and conformance with the XML 1.0 and XML Schema 1.0 W3C Recommendations. It also provides compatibility with System.XML 2.0.

Microsoft Windows Installer 3.1 v2 (3.1.4000.2435)
Windows Installer 3.1 is a minor update to Windows Installer 3.0, which Microsoft released in September 2004. Windows Installer 3.1 contains new and enhanced functionality. Additionally, Windows Installer 3.1 addresses some issues that Microsoft found in Windows Installer 3.0. Microsoft Knowledge Base article 893803 describes this functionality.

Background Intelligent Transfer Service (BITS) 2.5
BITS 2.5 is required by Microsoft System Center Configuration Manager 2007 and Windows Live™ OneCare™. BITS 2.5 helps improve security. If you use BITS to transfer data, the new features also improve flexibility. Microsoft Knowledge Base article 923845 describes BITS 2.5.

IPSec Simple Policy Update for Windows Server 2003 and Windows XP
This update helps simplify the creation and maintenance of IPSec filters, reducing the number of filters that are required for a server and domain isolation deployment. The Simple Policy Update removes the requirement for explicit network infrastructure permit filters and introduces enhanced fallback to clear behavior. Microsoft Knowledge Base article 914841 describes this previously released update in more detail.

Digital Identity Management Service (DIMS)
DIMS make it possible for users who log on to any domain-joined computer to silently access all of their certificates and private keys for applications and services.

Peer Name Resolution Protocol (PNRP) 2.1
This update enables Windows XP SP3–based programs that use PNRP to communicate with Windows Vista programs that use PNRP. Microsoft Knowledge Base article 920342 describes this previously released update.

Remote Desktop Protocol 6.1
Remote Desktop Protocol (RDP) used for communication between the Terminal Server and the Terminal Server Client. RDP is encapsulated and encrypted within TCP. This update better facilitates communication between machines running Windows XP and Windows Vista. Knowledge Base article 186607 describes RDP. Knowledge base article 951616 describes RDP 6.1.

Wi-Fi Protected Access 2 (WPA2)
This update to Windows XP provides support for WPA2, the latest standards-based wireless security solution derived from the IEEE 802.11i standard. Microsoft Knowledge Base article 893357 describes this update.

New and Enhanced Functionality
"Black Hole" Router Detection
Windows XP SP3 includes improvements to black hole router detection (detecting routers that are silently discarding packets), turning it on by default.

Network Access Protection (NAP)
NAP is a policy enforcement platform built into Windows Vista, Windows Server 2008, and Windows XP SP3 with which you can better protect network assets by enforcing compliance with system health requirements. Using NAP, you can create customized health policies to validate computer health before allowing access or communication; automatically update compliant computers to ensure ongoing compliance; and optionally confine noncompliant computers to a restricted network until they become compliant. For more information about NAP, see Network Access Protection: Frequently Asked Questions.

CredSSP Security Service Provider
CredSSP is a new Security Service Provider (SSP) that is available in Windows XP SP3 via Security Service Provider Interface (SSPI). CredSSP enables an application to delegate the user’s credentials from the Client (via Client side SSP) to the target Server (via Server side SSP). Windows XP SP3 involves only the Client side SSP implementation and is currently being used by RDP 6.1 (TS), though it can be used by any third party application willing to use the Client side SSP to interact with applications running Server side implementations of the same on Vista / LH Server.
There is a technical specification of this SSP available at the Microsoft Download Center.

Note that CredSSP is turned OFF by default in Windows XP SP3. To enable CredSSP, administrators can modify the following registry keys:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
In the value “Security Packages” of type REG_MULTI_SZ, add “tspkg” in addition to SSP-specific data already present.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
In the value “SecurityProviders” of type REG_SZ, add “credssp.dll” in addition to SSP-specific data already present.

Descriptive Security Options User Interface
The Security Options control panel in Windows XP SP3 now has more descriptive text to explain settings and prevent incorrect settings configuration. Figure 1 shows an example of this new functionality.

Enhanced security for Administrator and Service policy entries In System Center Essentials for Windows XP SP3, Administrator and Service entries will be present by default on any new instance of policy. Additionally, the user interface for the Impersonate Client After Authentication user right will not be able to remove these settings.

Microsoft Cryptographic Module
Implements and supports the SHA2 hashing algorithms (SHA256, SHA384, and SHA512) in X.509 certificate validation. This has been added to the crypto module rsaenh.dll.
XP SP2 crypto modules Rsaenh.dll/Dssenh.dll/Fips.sys had been certified according to FIPS 140-1 specifications. The Federal Information Processing Standard (FIPS) 140-1 standard has been replaced by FIPS 140-2, and these modules have been validated and certified according to this standard. For more information, see the Microsoft Kernel Mode Cryptographic Module.

Windows Product Activation
As in Windows Server 2003 SP2 and Windows Vista, users can now complete operating system installation without providing a product key during a full, integrated installation of Windows XP SP3. The operating system will prompt the user for a product key later as part of Genuine Advantage.

As with previous service packs, no product key is requested or required when installing Windows XP SP3 using the update package available through Microsoft Update.

Note The Windows Product Activation changes in Windows XP SP3 are not related to the Windows Vista Key Management Service (KMS). This update affects only new operating system installations from integrated source media. This update affects the installation media only and is not a change to how activation works in Windows XP.

Here are the installation steps:
1. Basic introduction to the Windows XP Service Pack 3, click next to continue.

Basic introduction to the Windows XP Service Pack 3, click next to continue.
2. Legal and licensing information for Windows XP Service Pack 3, select the I Agree radio button and click next.

Legal and licensing information for Windows XP Service Pack 3, select the I Agree radio button and click next.
3. Select your installation folder for Windows XP Service Pack 3.

Select your installation folder for Windows XP Service Pack 3.
4. Expect the Windows XP Service Pack 3 installation to take about 30 minutes.

Expect the Windows XP Service Pack 3 installation to take about 30 minutes.
5. The installation completes for Windows XP Service Pack 3, now it is time to reboot your computer and click Finish.

The installation completes for Windows XP Service Pack 3, now it is time to reboot your computer and click Finish.

0 comments: