What are Service Packs and HotfixesService packs and hotfixes are network updates that need to be applied to network computers. Hotfixes are also sometimes referred to as security hotfixes or security fixes. Before delving into the differences between service packs, and hotfixes; you can think of a service pack as being a collection of updates, or large executable files that relate to an Operating System (OS), and a hotfix as being one or multiple files that are applied to the OS to fix a specific critical problem. Service packs typically deal with setup, security, and application compatibility enhancements or issues, while hotfixes corrects a particular critical OS problem. Show
Service packs usually improve the reliability and security of the OS. They are issued by Microsoft every couple of months to basically ensure that the OS is up to date, and to correct issues. Service packs improve on the functionality of a computer when they include new tools and capabilities. They can also contain device drivers. Hotfixes on the other hand deals with fixing a particular critical system fault. A hotfix can include once-off fixes for a server or client fault/problem. Hotfixes can be downloaded from the Windows Update site, or from the TechNet Security page at www.microsoft.com/technet/security/default.asp. The Microsoft Network Security Hotfix Checker (HFNetChk) included with the Microsoft Baseline Security Analyzer (MBSA) tool can be used to determine whether your network computers have all the necessary hotfixes. This powerful tool can speedily check all your network computers. The MBSA tool can also be used to identify security misconfigurations and weaknesses. One of the following methods is typically used to deploy updates on existing computers:
Automatic Updates, manual deployment, and Windows Update can only deploy the update to a single computer or a small number of computers, while Software Update Services (SUS), Group Policy, and scripting, can apply updates to multiple computers. Software Update Services (SUS) can only be used to deploy service packs and hot fixes for Windows 2000, Windows XP and Windows Server 2003 computers. Scripting and SMS can be used to deploy hot fixes and service packs to all the versions of Windows computers. The Software Installation and Maintenance feature of Group Policy, and scripting work well when a large number of network computers require the identical update. Preparing for Service Pack/Hotfix DeploymentThe common tasks that should be included when you plan for deploying updates are listed below:
Before you deploy service packs and hotfixes, you should carefully test the updates to determine what impact the updates have on the OS. Testing is often considered the most intricate component of actually deploying updates. After the updates have been tested, you can deploy them. You would normally use scripting as the deployment method for new computers. Updating the Windows Setup files ensures that new computers have the service pack applied when they are installed. How to use Windows Update to analyze if a computer needs to be updatedBefore you can deploy service packs or security fixes on your existing computers, you have to determine the status of these computers. Windows Updates works well where the number of computers that need to have service packs/hotfixes applied are relatively small.
How to use Microsoft Baseline Security Analyzer (MBSA) to check for missing hotfixesMBSA can be run on Windows 2000, Windows XP and Windows Server 2003 computers to scan for security weaknesses and missing hotfixes. MBSA works for
When MBSA is run from the GUI, it places reports in the SecurityScans folder of the user profile that creates the reports. You can also use MBSA to analyze for updates from the command-line. You can use the following steps to run MBSA from the GUI to analyze a computer for needed hotfixes
How to use Microsoft Network Security Hotfix Checker (HFNetChk) to scan for missing hotfixes/service packsThe Microsoft Network Security Hotfix Checker (HFNetChk) that is included in the Microsoft Baseline Security Analyzer tool can be used to analyze one or multiple computers for necessary service packs. The attractive feature of this tool is that it can be scripted to scan a number of different configurations. It can also scan for necessary updates for one or multiple products. HFNetChk can scan the following:
The HFNetChk tool uses a XML file when it runs that contains detailed information on all the available hotfixes for many products. The XML file is
downloaded from the Microsoft Web site when it is not includd in the directory from where HFNetChk is run. The XML file has a digitally signed CAB format. When downloaded, the file is compressed. Then, when HFNetChk runs, it uses this file. It initially scans your existing computers to find out what OSs, programs and service packs have been installed. It then uses the XML file to determine if any hotfixes or service packs are required for each computer's configuration. After the scan is
completed, HFNetChk provides information about all the updates that are needed to ensure that the computers are secure and current. It does not display information on any updates that are considered unimportant.
When HFNetChk locates the registry key, it proceeds to compare the existing file version and checksum with the information available in the XML file. When HFNetChk cannot locate the registry key, it automatically considers the update as not being installed on the computer. The syntax of the HFNetChk tool and a description of its associated switches are detailed below:
[-r range] [-history level] [-t threads] [-o output] [-x datasource] [-z] [-v] [-s suppression] [-nosum] [-u username] [-p password] [-f outfile] [-about] [-fh hostfile] [-fip ipfile] [-fq ignorefile]
How to manually deploy service packs/hotfixesYou can manually install an update from a network share, CD-ROM, or by using Windows Update. Use the steps below to deploy updates using a network share
How to use Windows Update Catalog to obtain necessary service packs/hotfixesCorporate Windows Update has since been replaced by Windows Update Catalog and Software Update Services. Windows Update Catalog includes the same capabilities as Corporate Windows Update. Use the steps below to obtain updates using Windows Update Catalog:
How to use Windows Update to deploy service packs/hotfixesWindows Update is ideal for deploying updates on single computer, or a small number of computers (less than 5)
How to install and use Software Update Services (SUS) to deploy service packs/hotfixesYou have to install the required SUS files before you can use it, or the Automatic Updates feature to deploy service packs and hotfixes. Use the following URL to obtain the necessary SUS files from the Microsoft Website: www.microsoft.com/windows2000/downloads/recommended/susserver/default.asp. Before installing SUS, ensure that your system meets the following SUS requirements:
To install and set up SUS to deploy updates, use the following steps:
How to install Automatic Updates client software on client computers, and use it to install service packs/hotfixesIn order to install Automatic Updates on client computers so that they can access the updates made available by SUS, you have to download and install the Automatic Updates client software. For downloading, use www.microsoft.com/windows2000/downloads/recommended/susclient/default.asp. You can only use Automatic Updates on:
To install and configure Automatic Updates on your client computers to deploy updates, use the following steps:
How to deploy service packs using the Software Installation and Maintenance feature of Group PolicyYou can use the Software Installation and Maintenance Group Policy feature to deploy any required service packs. When using Group Policy you can use one of two methods to deploy the updates:
Use the following steps to deploy updates using Group Policy
How to install service packs using Systems Management Server (SMS)You can use SMS to install service packs on SMS client computers from a network distribution share. Using SMS for deploying updates involves the following steps:
How to create a SMS package for a service pack
How to distribute the SMS package to the distribution points that you have identified
How to create an SMS advertisement to inform clients of pending service packs
installations Use the following steps for this task
What tools are installed hotfixes and service packs for Windows?Windows Update provides hotfixes and service packs for Windows computers.
Which Windows built in utility helps you delete unnecessary files from your computer?To delete temporary files: In the search box on the taskbar, type disk cleanup, and select Disk Cleanup from the list of results.
What program is always updated on Patch Tuesday?What is Patch Tuesday? Patch Tuesday, the colloquial term for Microsoft's Update Tuesday that falls on second Tuesday of every month. That is when Microsoft rolls out patch updates to improve security of Microsoft applications.
What must be enabled in order for Sync Center to be set up?Before Sync Center can sync any network files to your device, you must enable offline files: Type control panel in the Windows search box and select the Control Panel app. You must use the legacy Control Panel utility, not the current Windows Settings app, to configure Sync Center.
|