MS preps service pack blocker tool for Windows 7, Server 2008 R2 Microsoft has prepped its Windows Service Pack blocker tool kit to include its upcoming service packs for Windows 7 and Windows Server 2008 R2. The SP1s for both operating systems hit Release Candidate status late last month, but they’re not expected to reach manufacturers until early next year. Ahead of that, MS has updated …
... who thinks that this is ridiculous? To publish a software package that prevents the automatic download/install of another software package? And then to put an end-of-life date into that "blocker tool"?
Coming next: A nail-hammering preventer tool - a steel cap you can put over a nail to prevent automatic hammering of that nail, for those who have opted to automatically hammer on anything sticking out of their wall. But that "hammer blocker tool" will self-destruct in 6 months, to ensure that all nails are safely hammered down.
BTW, is there a something akin to a Darwin Award for software companies?
It's just one of many ways for IT administrators to control the roll-out of Windows 7 SP1, while leaving Automatic Updates enabled - and it's absolutely the worst one. I've been using Windows Server Update Services (WSUS) for the last few years, which I have set to automatically approve security updates and notify me about new service packs and optional updates. Because my company is based on two different sites, with a lot of mobile users who rarely come to their 'home' site, and our main site currently has relatively poor upstream bandwidth, they get notifications of approved updates from our WSUS server but the actual updates come from Microsoft's content-distribution network. If your connectivity is better, you might save bandwidth by keeping a copy of the updates locally.
However, WSUS does really require a domain, because the server URL is set through Group Policy's Local Computer Policy - without a domain you have to configure it on each computer. If your company is small enough that you don't have a domain, or a dedicated server to install WSUS on, you might need a different solution to control the installation of the service pack, and this is it. Microsoft make it expire after six months because you only have two years to get onto the latest service pack, after it's released, before security updates will not be built for the previous one.
Larger companies with full-time IT staff should look into System Center Configuration Manager.
Let me splain.
In sane places, you download the fixes for the fuxes. You store them in a central place so as not to over-stress your Internet pipe. You then give your TEST servers a little poke, and they partake of the alledgedly fixed software. You very carefully test whether this makes them fall over in interesting ways. If they don't, then you give your PRODUCTION servers the same little poke and hope that you didn't miss anything.
In insane places, every server wants to be connected to the Internet to function at all, and to acertain that you're not a filthy pirate. As an aside, these boxes will then automatically download the MS fixes as soon as they become available, and politely ask you whether you want to reboot or yes. Only NOW, for people who have a screw loose and actually allow this to happen to any server they care about, there is an ADDITIONAL tool that PREVENTS this thing from happening, should you lack the wit to keep it from happening in the first place. Which will be automatically installed at the next automatic update. Are you with me so far? Well, then. When six months have passed, the fixpack blocker will then cease to block the fixes that you shouldn't have let the machines install in the first place, presumably causing them to be installed automatically after all, unless you have had the notion to disable that behaviour in a more permanent way in that time.
And yes, I agree. That is madness.
But then again, I also think that putting a firewall on your machine to block people from haxoring into your system's less secure facilities, should be a practice abandoned in favour of fixing the sodding leaks in the faulty facility in the first place, or not running that facility in the first place.
So yes, while people are crowing that here MS has given us yet another feature to control the deployment of their shit on our servers, I would argue that there should be only one way. One that works properly.
I think it is perfectly acceptable for a grace period to apply before an SP becomes mandatory. Microsoft has a support policy and rolling service pack levels are part of that policy. 1 year should also be enough time to test how a service pack upgrade will affect services.
I don't think this approach is new either
and he didn't give me a choice, just smoothly invited me to go through software download and 'take it......'
I 'suspect' Macs, but now have to support them on a 75:1 ratio to win machines :(
In this week of harmony I have seen my workstations taken to a new level of 'diferentness' and my few, only kept for novelty, servers to 'doomed, and we don't give a f*** how much they cost' !
I am kinda non-plussed........ I hated them when told I had to support them, and now hate the supplier for dumping the poor little, trendy, shiny, use**ss b**stards when they are beyond the Profit, ooooops pale!
when MZ gets his way, this will be automatically be added to my cv when I email it and I will never work with Macs agai........................UGGGGGGGGHHHHHHHHHHHHHH!!!!!!!!
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
