Skip to main content

Windows Server 2003 SP2 Blocker Toolkit: Frequently Asked Questions

Published: March 13, 2007

Q.Will the blocker tool, installed to prevent delivery of Windows Server 2003 SP1, work for Windows Server 2003 SP2?
A.Yes. A blocker installed to prevent delivery of Windows Server 2003 SP1 does not need to be re-installed. The blocker will also prevent Windows Server 2033 SP2 delivery through Windows Update (WU) and Automatic Updates (AU).
Q.When will Windows Server 2003 SP2 be delivered through Automatic Updates (AU)?
A.Windows Server 2003 SP2 will be delivered through AU starting June 12, 2007.
Q.When will the blocker toolkit be available?
A.The blocker toolkit is available as of March 13, 2007.
Q.If I need to temporarily disable delivery of Windows Server 2003 SP2, why should I use the toolkit provided by Microsoft? Why should I not just disable Automatic Updates (AU) entirely?
A.Microsoft strongly urges customers not to disable AU because AU provides the ongoing delivery of critical and security updates to all AU-enabled systems, and disabling AU can potentially leave these systems more vulnerable. Windows Software Update Services (WSUS) allows IT professionals complete control over deployment of updates to their systems. Microsoft has specifically created these tools to safely disable and re-enable delivery of Windows Server 2003 SP2 to systems in organizations that cannot use SUS, SMS 2003, or another update-management solution.
Q.Why not block URL access to Windows Update (WU) or Microsoft Update (MU)?
A.This is not recommended because it would stop delivery of all critical and security updates to the organization—not only to Windows Server 2003 systems but to all supported versions of the Windows desktop and server operating systems.
Q.What testing should customers do to validate the Windows Server 2003 SP2 delivery-disabling technology Microsoft is making available before using it?
A.Because the delivery-disabling mechanisms being provided by Microsoft rely on a new registry key that is used only for purpose of disabling and re-enabling delivery of Windows Server 2003 SP2, there should be no additional impact or side effect on the system. No additional testing should be necessary to validate the mechanism.
Q.What registry key is being used to disable delivery of Windows Server 2003 SP2?
A.HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
Q.What is the key value name and what are the value options?
A.

The key value name is "DoNotAllowSP."

If the value is '1' delivery of Windows Server 2003 SP2 through Windows Update (WU)/Microsoft Update (MU) and Automatic Updates (AU) is disabled. If the value is not '1' or if the key doesn't exist, the system will be able to get Windows Server 2003 SP2 if the WU site is accessible or if AU is configured to get updates from WU.

Q.Will this Windows Server 2003 SP2 blocking mechanism also block delivery of Windows Server 2003 SP2 through Software Update Services (SUS) or Systems Management Server (SMS)?
A.No, this mechanism only blocks delivery of Windows Server 2003 SP2 from Windows Update (WU)/Microsoft Update (MU) or directly through Automatic Updates (AU) (if customer is not using SUS). Windows Server 2003 SP2 can still be deployed using SUS, SMS, and other methods while the blocking mechanism is activated.
Q.How does the Microsoft-signed executable software work?
A.It is essentially a small program that accepts one of two command line options (disable and enable) and creates or removes the registry key that controls the ability to deliver Windows Server 2003 SP2 to the system via Automatic Updates (AU) or Windows Update (WU)/Microsoft Update (MU). It is signed by Microsoft, so the operating system knows the executable is provided by Microsoft and is therefore trustworthy.
Q.What is the purpose of the sample script?
A.The sample script is a simple wrapper for the signed executable software that allows specification of the name of the system on which the executable should be run. The system name is specified as a command-line option.
Q.What is the ADM template used for?
A.The Administrative Template (.adm file) allows administrators to import the new group policy settings to block or unblock delivery of Windows Server 2003 SP2 into their Group Policy environment, and use Group Policy to centrally execute the action across systems in their environment.
Q.How long will the temporary disabling mechanism work?
A.The mechanism will work until March 13, 2008, one year after the release of Windows Server 2003 SP2. After Feb. 27, 2008, Windows Update (WU) and Automatic Updates (AU) will ignore the presence of the registry setting and will deliver Windows Server 2003 SP2.
Q.What happens when the blocking mechanism is no longer available?
A.After Feb. 27, 2008, Automatic Updates (AU) and Windows Update (WU) will ignore the presence of the registry setting, and deliver Windows Server 2003 SP2 automatically to all systems configured to receive updates automatically using AU and WU/MU.
Q. Will the tool be localized?
A.The tool will work without modification on any language edition of Windows Server 2003.