How to Import XP SP2 ADM

  • Thread starter Thread starter Diane
  • Start date Start date
D

Diane

We want to block the auto update of XP SP2 for a period of
time and it would be advantageous to the use ADM file MS
provides. However, since we mostly deal with small
customers only a few of our clients use AD. As such, we
have no experience importing an ADM file and feeling
confident it will work. Can someone advise what we would
need to do to use the ADM to effect the SP2 auto update
120 day block? I can see in the AD properties for the
Users a tab for Group Policy with an Add button.
Presumably, I can add the ADM, but then what? Is is
applied by virtue of this add or is there something else
required? There is also a check box for "Block Policy
Inheritance" which I'm not sure I would want to enable or
not. And finally, how can I tell the policy is really in
effect.

Thanks for all help. I realize this is probably a really
basic question, but we just don't deal with this area at
all and don't have the cycles to apply the block system by
system.

Diane
 
Thanks. This helps my understanding of ADM. Please see
the following link for info. about the 120 day block. I'm
am trying to use the noxpsp2.adm file from the download
available at this link, not the sp2 system.adm.

http://www.microsoft.com/technet/prodtechnol/winxppro/maint
ain/sp2aumng.mspx

I have now realized an additional question of at what
level do I add this policy. Is the user object (not sure
this is the right terminology) the appropriate place?

Again, apologies for the back to basics questions here. I
can see this whole area deserves more attention as it can
clearly save us a lot of time.

Thanks again,
 
I presume you want to use the system.adm file from service pack 2 to take
advantage of the additional group policies availiable with its release to
control Windows XP clients.

The policies you already have in place will remain for clients and all new
settings will be set to not configured. You can then go ahead and change
these as you wish to turn off things such as windows firewall on the domain
etc.

Im not sure what you mean by delaying the deployment of SP2 by 120 days.
The adm file will not achieve that. What engine are you using to deploy the
service pack?

Block policy inheritence stops policys above it in the OU stucture from
effecting client/machines in a lower down OU much like NTFS file
permissions.

To see what policies are in effect on a windows XP client simply run
rsop.msc from any client.

Hope this helps
 
Hi,

Ive looked at the article.

How many clients are you talking about here? Are you suggesting all clients
download and install there own updates off the internet? I would suggest
you make a SUS server as discussed in that document which is like a mirror
of windows update on your LAN. Not only does this save you loads in terms
of bandwidth it also allows you to control what updates and when clients
will reciveve them. it will also silently install them without their
knowledge. The great thing its also free. This will allow you to deploy SP2
as and when you are ready.

If you do go down the line of this ADM file then i would personally deploy
it to the OU where the computers live rather that the users as it effects
the computers.

Hope this helps.
 
Hi,

Thanks very much for reviewing the article and your
follow-on suggestions. The SUS looks like a great option
and bandwidth saver. The price is certainly right.

Our largest AD using client is under 75 users, the other
few vary in the 20 - 30 range. We certainly knew SP2 was
coming, but somehow missed that it would be an automatic
update. SUS clearly helps us get a hold on these
situations.

Very appreciative of you help. Have an enjoyable weekend.

Diane
 
yes SUS is best for domains of that size,

you then have exact control of what updates go out instead of relying on
users to do it themselves.

there is an ADM file that comes with SUS that allows you to add a snap in to
the group policy, apply this in the computers OU and that will allow you to
configure where clients look for their updates.

you may also then want to disable automatic updates and access to windows
update for your clients.

Cheers
 
Back
Top