Changes to Functionality in Microsoft Windows XP Service Pack 2
Part 6: Computer Maintenance
Microsoft Corporation
Published: September 15, 2004
Authors: Starr Andersen, Technical Writer; Vincent Abella, Technical Editor
This document is Part 6 of “Changes to Functionality in Microsoft® Windows® XP Service Pack 2,” and provides detailed information about the security technologies included in Windows XP Service Pack 2 that help to inform the user about security and ensure that computers have current security updates. These technologies are either designed to help provide security or have been improved to provide more security than before. You can obtain the other parts of the paper in the Microsoft Download Center, at http://go.microsoft.com/fwlink/?LinkId=28022.
This document applies to Microsoft Windows XP Service Pack 2 (SP2) for the 32-bit versions of Windows XP Professional and Windows XP Home Edition. It does not describe all of the changes that are included in the service pack, but instead highlights those changes that will have the most impact on your use of Windows XP SP2 and provides references to additional information.
Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 6: Computer Maintenance 1
Filter for Add or Remove Programs
What does the filter for Add or Remove Programs do?
Who does this feature apply to?
What existing functionality is changing in Windows XP Service Pack 2?
Filtering out updates from the Change or Remove Programs list
What settings are added or changed in Windows XP Service Pack 2?
Do I need to change my code to work with Windows XP Service Pack 2?
Microsoft Windows Update Services and Automatic Updates
What do Windows Update Services and Automatic Updates do?
What new functionality is added to this feature in Windows XP Service Pack 2?
Support for Applications and Hardware Drivers
Support for Additional Update Categories
Automatic Prioritization and Download of Critical Updates
Client Side Targeting
Scriptable APIs
Automatic Detection, Download, and Installation
No Interruption During Update Installation
Install Updates at Shutdown
Extensible Management Capabilities
Background Intelligent Transfer Service (BITS)
Scheduling and Notification Options
Self-updating for Client Computers
Improved Update Applicability Rules
Resultant Set of Policy
What does Resultant Set of Policy do?
RSoP Use with Windows Firewall Enabled
Administering Remote RSoP with GPMC SP1
Administering Remote RSoP with the RSoP MMC snap-in
Delegating access to Group Policy Results
Remotely editing a local Group Policy object
Security Center
What does Security Center do?
Registry settings
Group Policy settings
Setup
What does Setup do?
Package Installer for Windows
Windows Installer 3.0
What does Windows Installer 3.0 do?
Patch Management Support
Smaller & Reliable Patches
Patch removal
Source List support
Sequencing
FTP and GOPHER is no longer supported
Windows Installer service is no longer interactive
Windows Update
What does Windows Update do?
Updates for Microsoft Applications
Express and Custom Installation Options
Windows Update and Microsoft Update Home Page
Content Organization and Navigation
Supportability
The filter for Add or Remove Programs provides a means for the user to select whether or not updates, such as security updates downloaded from the Microsoft Web site, are displayed in the Currently installed programs list.
Add or Remove Programs can be used by any user with Administrator credentials on their local computer. Although some applications can be installed or removed by non-administrators, most do require administrative credentials.
Detailed description
The Change or Remove Programs list in Add or Remove Programs displays installed programs that the user can change or remove. This list also shows updates to Windows or other programs that have been installed.
In Windows XP Service Pack 2 (SP2), the user is able to choose whether to show or hide updates for Windows and other programs in this view. A new Show updates check box appears above the list, which enables the user to toggle between showing or hiding installed updates.
Why is this change important?
Software vendors are creating more software updates and releasing them more frequently than ever before. These frequent updates help to increase the reliability and security of user’s systems. However, by showing every update in the Change or Remove Programs list in Add or Remove Programs, the list of installed programs is overwhelmed by the list of installed updates. A new option to filter out the updates from the list and only show installed programs makes this list easier for users to read.
What works differently? Are there any dependencies?
By default, Change and Remove Programs will not show installed updates to Windows. To see the updates that have been installed, you can select the Show Updates check box at the top of the list.
Any program can take advantage of this feature by marking their updates so that they are hidden when appropriate. Windows programs that were written before the release of Windows XP Service Pack 2 will be shown regardless of the filter option selection.
How do I resolve these issues?
To turn off the filter feature on a single computer, use the following procedure:
1. Open Registry Editor.
To do this, click Start, click Run, type regedit, and then press ENTER.
2. Navigate to the following registry key:
\\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows \CurrentVersion\Policies\Uninstall
3. Select the DontGroupPatches key.
By default, the DWORD value is equal to 0.
4. Change the DWORD value to 1 to disable the filter feature.
Caution "Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
In an enterprise environment, you can create a Group Policy object to modify the registry setting that controls the filter feature to make the Add or Remove Programs icon in Control Panel work as it did in Service Pack 1 for Windows XP.
Setting name
Location
Previous default value (if applicable)
Default value
Possible values
DontGroupPatches
HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\ CurrentVersion\
Policies\Uninstall
REG_DWORD:0
REG_DWORD:1
Programs do not need to change in order to continue to work with Add or Remove Programs in Windows XP Service Pack 2. If a program is not changed to use the new feature, it will continue working as it did in Service Pack 1.
A program can take advantage of the new filtering option by marking its updates so that they are not shown by default. Details on how to mark programs as updates will be made available on MSDN at a later time.
Windows Update Services (formerly known as Software Update Services) enables administrators to streamline and automate the process of deploying critical updates and security updates to client computers running Microsoft Windows XP Professional or Microsoft Windows 2000 Professional, as well as to Windows 2000 Server and Windows Server 2003 computers.
Windows Update Services includes the following components:
· Windows Update. The Microsoft Web site that includes all available Microsoft updates by product and update type. Changes to Windows Update are described later in this document.
· Microsoft Windows Update Services. The Windows Update Services server component for management and distribution of updates. This component will be released at a future date. For more information, see the Windows Update Services page on the Microsoft Web site at http://go.microsoft.com/fwlink/?linkid=29906.
· Automatic Updates. The client component which enables computers to connect either directly to Windows Update or to a server running Windows Update Services to receive updates. The Automatic Updates component is included in Windows 2000 Service Pack 3 and later, Windows XP and later, and Windows Server 2003. Windows XP Service Pack 2 and the new Automatic Updates client component can run in either the Software Update Services 1.0 environment or in the new Windows Update Services environment.
Note The rest of this section describes Automatic Updates in Windows XP Service Pack 2.
Automatic Updates connects periodically to Windows Update on the Internet, or to a Windows Update Services server on your corporate network. Once it discovers new updates that apply to the computer, Automatic Updates can be configured to install all updates automatically (which is preferred) or to notify the computer’s administrator or users whose computers have been configured to receive notification. After an administrator selects which updates should be downloaded, Automatic Updates downloads and installs those updates.
All users and administrators of computers running Windows XP and Windows 2000 Server and later.
The latest version of Automatic Updates offers expanded support for Microsoft products, including Microsoft Office, Microsoft SQL Server, and Microsoft Exchange. It also provides for distribution of updated hardware drivers.
What threats does it help mitigate?
In the past, Automatic Updates could only distribute critical updates for the Windows operating system. This version allows for updating applications and drivers in addition to the operating system. Keeping these applications and drivers up-to-date with the latest security fixes can result in reducing the attack surface and exposing fewer known security vulnerabilities.
What works differently?
Administrators will have more types of updates to choose from when reviewing Automatic Updates notifications.
Previous versions of Automatic Updates allowed only distributing and installing critical updates. This version includes support for the following categories:
· Security updates
· Critical updates
· Update roll-ups
· Service Packs
Additional types of updates may be available for customers using an Intranet-based Windows Update Services server.
By adding support for a wider range of updates, particularly security updates, Automatic Updates helps to make the process of keeping computers up-to-date and secure more reliable and easier to manage.
In the past, Microsoft released a number of recommended updates that were not considered critical and thus were not automatically installed. Users had to connect to the Windows Update site and install them manually. Because the process was manual, it was possible for users to not install updates in a timely manner and thus expose their computer to possible attacks. This change allows the new categories to be automatically installed similar to critical updates.
...
Amiga789