MCSA/MCSE Self-Paced Training Kit (Exam 70-214): Implementing and Administering Security in a Microsoft Windows 2000 Network (Pro-Certification)
Lesson 1: Working with Service Packs and Hotfixes
Between operating system version releases, Microsoft releases regular updates to correct bugs and security vulnerabilities. Updates are distributed in two basic forms:
-
Service packs are packages that contain a large number of updates.
-
Hotfixes are small, incremental updates released between service packs.
In this lesson, you will use Windows 2000 tools to install service packs and hotfixes, manage existing updates, and create an integrated installation of Windows 2000 that includes all updates.
After completing this lesson, you will be able to
-
Install service packs and hotfixes
-
Determine current hotfix status
-
Combine hotfixes with Windows 2000 installation
Estimated lesson time: 30 minutes
Understanding Service Packs and Hotfixes
A service pack contains all of the updates for an operating system over a period of time, and all the updates found in previously released hotfixes. Service packs are eventually rolled into the distribution of the operating system; for example, Microsoft Windows 2000 is currently available with Service Pack 3.
Service packs become a stable part of the operating system. Fixes in service packs continue to work as you uninstall and reinstall other components, unless you uninstall the service pack. Hotfixes, on the other hand, can be overridden by the installation of new software. If you install a hotfix and then later update a component affected by the hotfix, you will need to reinstall the hotfix.
You can easily install both service packs and hotfixes on a single machine using an executable file. You can also combine them with a network installation share and automatically install them when clients are installed from that share. This process is known as slipstreaming.
Checking Service Pack and Hotfix Status
To check the current service pack and hotfix status of a computer, you can use the Qfecheck.exe program, available for download from the Microsoft support Web site. Go to http://support.microsoft.com/ and search for Knowledge Base Article Q282784. Qfecheck.exe is delivered in the form of a hotfix. Once you have downloaded the .exe file, run it to install Qfecheck.
Versions of Qfecheck are available for all versions of Microsoft Windows 2000 and Windows XP.
The Qfecheck utility reads the information about installed hotfixes that Windows 2000 and Windows XP store in the Windows registry. You can also examine this information directly at the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates.
Qfecheck.exe Options
To display a Qfecheck report, run Qfecheck.exe from the command prompt. The report includes the current service pack level of the operating system and a list of installed hotfixes. Qfecheck indicates whether each hotfix is current on the system or needs to be reinstalled. You can use the command-line parameters listed in Table 14.1 to modify the report output.
Option | Purpose |
/v | Use verbose output. |
/q | Use quiet mode (no output). |
/l | Save output to default file. |
/l:file | Save output to specified file. |
/? | Display a list of options. |
If you use the /l option to save the report output to a file, Qfecheck uses the name of the local computer and a .log extension as the file name. You can also specify a file name for the report, which can be a UNC path to a network share.
Managing Service Packs and Hotfixes
To upgrade computers on a small network, you can manually install service packs and hotfixes when you download them, or install them from a CD or downloaded file source.
Installing a Service Pack
Download the latest service packs for your operating system from the Microsoft Web site. Service packs are typically distributed in two downloadable forms:
-
Express Installation. Use this option when you do not need the software for additional computers. Download and install the service pack on a single computer. This option scans the computer and downloads only the updates needed.
-
Network Installation. Use this option when you need to install the service pack on other computers or deploy it across a network. This option includes the entire service pack in a single .exe file.
For enterprise deployment of service packs, you need the network installation download or a service pack CD. The service pack is distributed in the form of an .exe file. For example, the distribution file for Windows 2000 Service Pack 3 is W2ksp3.exe. You can execute this file directly to install the service pack on the current computer. This extracts the files to a temporary directory and runs the Update.exe program, which performs the update.
Extracting a Service Pack
Instead of installing a downloaded service pack on the local computer, you can extract the files to a directory. This allows you to make the service pack available over the network or to specify options to Update.exe (for example, to expand the service pack into a slipstream installation share), as described later in this lesson.
To extract the files from a service pack executable, use the -x option following the .exe file at a command prompt. For example, type w2ksp3.exe -x to extract the Windows 2000 Service Pack 3 files. When you use this option, you are prompted for a destination directory for the service pack files.
Installing a Hotfix
Hotfixes are distributed as .exe files, similar to service packs, but they are typically smaller in size. Microsoft uses a standard naming convention for hotfixes:
Q######_XXX_YYY_ZZZ_LL.exe
In this system, Q###### is the Microsoft Knowledge Base article number describing the hotfix:
-
XXX is the operating system.
-
YYY is the service pack level required for the hotfix.
-
ZZZ is the hardware platform.
-
LL is the language.
To install a hotfix on a local computer, run the executable file. Because the changes made by hotfixes are usually rolled into a service pack, the hotfix verifies that you have the correct service pack level. If you have a newer service pack, the hotfix is not required, and the installer exits without making any changes.
The hotfix installation is actually performed by an Update.exe program located within the self-extracting archive. As with service pack distributions, you can use the -x option with a hotfix to extract its files into a directory for later use.
Most hotfixes require you to reboot the computer to complete the installation. If you are installing multiple hotfixes, you must reboot after each one and before installing the next. You can avoid this by using the Qchain utility, described in Lesson 3.
Removing a Service Pack or Hotfix
If a service pack or hotfix causes incompatibilities with software or causes other issues, you can remove it. The current service pack and any installed hotfixes are listed with other installed software in the Add/Remove programs control panel. Hotfixes are listed with the Q###### number that uniquely identifies each hotfix. To uninstall a service pack or hotfix, select its entry from the list and click the Change/Remove button.
You cannot remove service packs or hotfixes that were installed from an integrated (or slipstream) installation of the operating system with fixes. Also keep in mind that uninstalling a service pack may affect any software that was installed after the service pack.
Slipstreaming Service Packs and Hotfixes
When you are deploying operating systems on multiple computers, it can be cumbersome to install numerous service packs and hotfixes after each installation. Windows 2000 and Windows XP support slipstreaming to solve this problem. You can update a network installation share with a service pack and any number of hotfixes, which will then be transparently installed with the operating system.
If you do not already have a network installation share, create one by copying the I386 folder of the operating system CD to a shared folder. This process is described in the "Practice: Managing Service Packs and Hotfixes" section of this lesson.
Adding a Service Pack to a Network Installation Share
The Update.exe program included with each service pack includes an option to update a network installation share with the service pack files. To use this option, you must first extract the service pack files to a folder using the -x option on the distributed .exe file.
After the files are extracted, you can update the network share. From the I386\Update directory of the service pack files, execute the following command:
update.exe -s:folder
For folder, specify the folder where the installation files were extracted. This should be the parent folder to the I386 folder containing the installation files.
Adding Hotfixes to a Network Installation Share
Adding a hotfix to a network installation share is a more complex process. You should do this only with critical hotfixes released after the most recent service pack. To add a hotfix, extract its files using the -x option to the .exe file, and then perform these basic steps:
-
Copy the .cat (catalog) file and the .exe file for the hotfix into the I386\svcpack directory. Create this directory if it does not exist.
-
Copy the hotfix binary files into the network installation folder.
-
Create a Svcpack.inf file describing the additional hotfix to be installed.
The details of these steps are described in the "Practice: Managing Service Packs and Hotfixes" section of this lesson.
Especially when installing multiple hotfixes, you might find it easier to use Group Policy to install the updates after installation, as described in Lesson 3, or use RIS to create an image, as described in the next section.
Working with Remote Installation Services
Remote Installation Services (RIS) provides an automated way to manage the installation of client operating systems. The RIS server stores an operating system installation image. Clients can connect using a network computer with a pre-execution environment (PXE) boot ROM or using a network installation floppy disk.
Installing RIS
RIS is included with Windows 2000 Server. The installation process for RIS is described in the "Practice: Managing Service Packs and Hotfixes" section of this lesson. RIS requires the following components and services to work:
-
Access to a Domain Name System (DNS) server.
-
Access to a Dynamic Host Configuration Protocol (DHCP) server.
-
Access to Active Directory. This means RIS should be installed on a domain controller or member server.
-
An NTFS-formatted disk for storage of operating system images. This must not be the same disk as the system drive (usually C).
After RIS is installed, you must authorize it in Active Directory. You can do this using the DHCP management console.
Creating a RIS Installation Image
For RIS to work, you need to create an installation image. This will provide the necessary installation files to clients when the operating system is installed. There are two ways to create the installation image:
-
From an installed system, use the Riprep.exe utility, located in the \RemoteInstall\Admin\I386 folder on the RIS server. This utility scans an existing Windows 2000 Professional system and creates a remote installation image to match it, including any installed hotfixes, service packs, and applications.
-
From an installation CD or network share, use the Risetup.exe utility. This method does not require an existing system. If you use a network share that has been updated with slipstreamed hotfixes or service packs, installed clients will be configured with the updated system.
To create the installation image you will need an NTFS volume with at least as much space requied by the installation CD or network share files. The drive cannot be the system volume, so you might need to install a new drive or partition a drive to support RIS.
RIS supports the installation of client operating systems only, currently including Windows 2000 Professional. It cannot be used to deploy server operating systems.
Installing Clients with RIS
You can install an operating system on a client with RIS if it has a network card with a PXE boot ROM, or using a remote installation boot disk. To create a boot disk, use the Rbfg.exe program, located in the \RemoteInstall\Admin\I386 folder on the RIS server.
In this practice, you install hotfixes and service packs manually and using slipstreaming, check service pack status, and use RIS to remotely install an operating system with updates.
Exercise 1: Manually Installing a Service Pack and a Hotfix
In this exercise, you use the Qfecheck.exe program to check a computer's current service pack and hotfix status, and practice manually installing a service pack and hotfix.
To check hotfix and service pack status
Perform this procedure on any Windows 2000 or Windows XP computer. You should have already downloaded the appropriate .exe hotfix file for your operating system, as described in this lesson.
-
Double-click the downloaded .exe file to install the Qfecheck.exe file.
-
Open a command prompt.
-
From the command prompt, type qfecheck and press Enter. A summary of hotfix status is displayed, as shown in Figure 14.1.
Figure 14-1. Qfecheck.exe output
To install a service pack
Perform this procedure on a Windows 2000 computer.
The service pack installation program may vary slightly with each service pack. Follow the specific instructions available with the service pack.
-
Download the service pack .exe file (network installation) from the Microsoft Web site.
-
Launch the .exe file (for example, W2ksp3.exe) from the command prompt or the Run dialog box.
The installer extracts the files and begins the installation. This might take several minutes. The setup wizard then displays an introductory page.
-
Click Next to continue. The license agreement for the service pack appears.
-
Select the I Agree option, and click Next to continue. On the Select Options page, you are prompted to indicate whether to archive replaced files for later removal, as shown in Figure 14.2.
Figure 14-2. Archiving options
-
Select the Archive Files option, and click Next.
The wizard now updates the computer with the service pack components. This might take several minutes. After the installation, a completion message appears, as shown in Figure 14.3.
Figure 14-3. Completing the service pack installation
-
Click Finish to restart the computer and apply the service pack.
To install a hotfix
-
Download the hotfix .exe file.
-
Launch the .exe file from the command prompt or Run dialog box.
In most cases, you are not prompted for any information. Some hotfixes have a more complex installation procedure and might display one or more dialog boxes. When the installation is finished, a message appears indicating that the update was successful, as shown in Figure 14.4.
Figure 14-4. The hotfix is now installed
Restart the computer after the hotfix is installed.
Exercise 2: Slipstreaming Service Packs and Hotfixes
In this exercise, you add a service pack and hotfix to a network installation share using the Windows 2000 slipstreaming features.
To add a service pack to a network installation share
Perform this procedure from a Windows 2000 Server computer.
-
Download or transfer the service pack .exe file to the C drive.
-
Create a directory called c:\Win2000\I386 and copy the contents of the I386 directory on the Windows 2000 Professional installation CD to it. If you already have a network installation share, you can skip this step.
-
From the command prompt or Run dialog box, type c:\w2ksp3.exe /x.
-
Type C:\SP3 and click OK.
The service pack installation files are now extracted to C:\SP3\I386. This might take several minutes.
-
Click OK to exit.
-
From the command prompt or Run dialog box, type C:\SP3\I386\Update\Update.exe -s:C:\Win2000 and then press Enter.
The Windows 2000 Service Pack Setup progress window displays a progress indicator, shown in Figure 14.5, and the service pack changes are applied to the installation files.
Figure 14-5. Applying the service pack to the installation files
-
Click OK to exit the update program.
If you have a service pack later than service pack 3 (SP3), use the appropriate file name instead.
The service pack installation program extracts the files and then prompts you for an installation directory.
Installations using the updated installation share will now automatically include the service pack.
To add a hotfix to a network installation share
Perform this procedure from the Windows 2000 Server computer that holds the network installation share you created in the previous procedure.
-
Download the hotfix file to the hard drive.
In this example, the file is C:\Q322842_W2K_SP4_X86_EN.exe.
-
From the command line, type md c:\Win2000\I386\svcpack and press Enter.
This creates a svcpack directory under the network installation folder.
-
Type copy /b C:\Q322842*.exe C:\Win2000\I386\svcpack\Q322842.exe and press Enter.
This copies the service pack to the installation folder using an 8-character file name.
-
Type md c:\hotfix to create a temporary location to extract the hotfix files.
-
Type C:\Win2000\I386\svcpack\Q322842 /x and press Enter.
You are prompted for a location for the hotfix files, as shown in Figure 14.6.
Figure 14-6. Extracting the hotfix files
-
Type c:\hotfix and click OK. The hotfix files are now extracted.
-
From the command prompt, type these commands to copy the catalog file and binary files:
copy c:\hotfix\update\Q322842.cat c:\Win2000\I386\svcpack
copy c:\hotfix\*.dll c:\Win2000\I386
copy c:\hotfix\*.exe c:\Win2000\I386
copy c:\hotfix\*.sys c:\Win2000\I386
copy c:\hotfix\uniproc\*.* c:\Win2000\I386\uniproc\*.*
-
Create a new text file at c:\Win2000\I386\Svcpack.inf, and add the following contents:
[Version]
Signature="$Windows NT$"
MajorVersion=5
MinorVersion=0
BuildNumber=2195
[SetupData]
CatalogSubDir="\i386\svcpack"
[ProductCatalogsToInstall]
Q322842.cat
[SetupHotfixesToRun]
Q322842.exe /q /n /z
The hotfix is now integrated into the installation files. To include additional hotfixes, add the appropriate lines to the ProductCatalogsToInstall and SetupHotfixesToRun sections.
Exercise 3: Using Remote Installation Services
In this exercise, you install RIS, create an installation image from a network installation share, and use RIS to install Windows 2000 Professional on a client computer.
To install RIS
Perform this procedure from a domain controller or member server.
-
In Control Panel, double-click Add/Remove Programs.
-
Click Add/Remove Windows Components. The Windows Components Wizard displays a list of currently installed components, as shown in Figure 14.7.
Figure 14-7. Windows Components Wizard
-
Select the Remote Installation Services check box, and click Next. The RIS server software is installed, which can take several minutes.
After the installation, the Windows Components Wizard displays a completion message.
-
Click Finish to exit the wizard.
You are prompted to restart the computer. You must restart before using RIS.
To create the RIS operating system image
Perform this procedure on the computer that has RIS installed. You will need an NTFS disk other than the system volume.
-
From the command prompt or Run dialog box, type risetup.exe. The Remote Installation Services Setup Wizard displays an introductory page.
-
Click Next to continue. You are prompted for a folder to serve as the root location for remote installation files, as shown in Figure 14.8.
Figure 14-8. Specify a remote installation folder
-
Type E:\RemoteInstall in the Path box and click Next.
Substitute the drive letter of your non-system NTFS volume above.
The Initial Settings page appears, as shown in Figure 14.9.
Figure 14-9. RIS Initial Settings page
-
Select the Respond To Client Computers Requesting Service check box, and click Next.
You are prompted for the location of the source installation files.
-
Specify the network installation folder. If you used the instructions in Exercise 1, this will be C:\Win2000.
You are prompted for a name for the OS installation image folder, as shown in Figure 14.10.
Figure 14-10. RIS installation image folder page
-
Accept the default setting of win2000.pro, and click Next.
You are prompted for a description and help text for the operating system image, as shown in Figure 14.11.
Figure 14-11. RIS description and help text boxes
-
Click Next to continue. The Review Settings page summarizes the settings you specified.
-
Click Finish to create the installation image.
The remote installation image is now created. This process will take at least a few minutes to complete.
-
Click Done to exit the setup wizard.
To authorize RIS in Active Directory
Perform this procedure from a domain controller.
-
Click Start, point to Settings, point to Administrative Tools, and then click DHCP to launch the DHCP management console.
-
Select DHCP in the console tree.
-
From the Action menu, choose Manage Authorized Servers. The Manage Authorized Servers dialog box appears, as shown in Figure 14.12.
Figure 14-12. Manage Authorized Servers dialog box
-
Click Authorize. You are prompted for the name or IP address of the server to authorize.
-
In the Name Or IP Address box, type the IP address of the computer running RIS, and click OK.
-
Click the Close button to exit the dialog box.
You do not need to perform this step if you installed RIS on the same machine as the DHCP server.
The following questions are intended to reinforce key information in this lesson. If you are unable to answer a question, review the lesson and try the question again. Answers to the questions can be found in the appendix.
-
Which utility displays a summary of service pack and hotfix levels for a computer?
-
Which type of update is not affected by other software updates?
-
What is the name for the process of adding updates to a set of operating system installation files?
-
From what two sources can Remote Installation Services (RIS) create an installation image?
-
What are the requirements for the disk used to store a RIS installation image?
Lesson Summary
-
Service packs are major updates to an operating system. You can install a service pack using a downloaded .exe file, or from a CD. More recent versions of the operating system often include service packs.
-
Hotfixes are simple updates released after a service pack and integrated into the next service pack. A hotfix is distributed as an .exe file. You can install hotfixes at any time, as long as they are newer than the currently installed service pack.
-
The Qfecheck.exe utility displays the service pack level for a computer and a list of hotfixes that have been installed after the service pack. This information is useful for determining which upgrades are needed on a computer.
-
Service packs and hotfixes can be slipstreamed, or integrated into a set of installation files for the operating system. When the operating system is then installed, it will include the updates.
-
Remote Installation Services (RIS) is a Windows 2000 Server component that allows you to store an installation image for a client operating system. You can then install the operating system on clients using PXE boot ROMs or a network installation floppy disk.