SP2 Upgrade, Remote Desktop, and DameWare

[HeelSiders]

I have quite a number of system that I need to upgrade to SP2. Although
deployment via SMS or SUS would make sense I don't have those resources
readily available. I have been using Remote Desktop (and/or DameWare) to run
the WindowsXP-KB835935-SP2-ENU.exe patch locally on each system. The
persistent problem I've encountered is once the reboot occurs the Windows
Security Center splash screen is the very first thing that appears and asks
me to select either, "Help protect my PC by turning on Automatic Updates now"
or "Not right now", and then I have to click the Next button. Afterwards, I
now have access to the login screen and I can use CTRL-ALT-DEL to login. But
prior to that I can neither use Remote Desktop or DameWare to access the
system remotely. Every single instance I had to acknowledge the Windows
Security Center splash screen in person. Is there a way for me to disable
that screen prior to reboot?

 

[JN]

If you are setup as a Domain you can use Group Policies to configure the
Automatic Update settings which should prevent you from having to see that
AU box at logon. Take a look at the policy settings and determine what is
right for your enviroment.

Personally I would suggest you seriously look into WSUS 3 which is a free
service from MS which allows you to bring down locally the updates for
Windows 2000+, Office, Project, Visual Studio, and a whole host of other MS
products. With WSUS it automatically copies the MS updates to the server
and you just approve what you want deployed and it does it automatically.
In your case you would have just approved SP2 to deploy to your network and
everyone would have gotten it automatically over night and you would not
have to logon to any machine.

What is also probably happening in your current situation is the Windows
Firewall is probably set to enabled without exception rules until you
acknowledge the Security Center settings. Personally, on a relatively small
network like a single subnet of about 100 or so computers I have the
firewall group policies setup for off while on the domain and on while not
logged onto the domain. This way it when something like this happens, the
Windows firewall is not enabled.

Now this may sound risky if you don't have other effective measures in place
to prevent rouge viruses from spreading incase a guest brings one in. For
example on my network only approved MACs are allowed on the domain, guests
use a seperate wireless network, every client has a top notch AV solution,
Web access from employees restricts downloadz\s and filters questionable
sites, almost nobody has local admin rights, and there is no direct access
to the Internet for any user. If you have all this in place or other
measures you should not need Windows firewall blocking you when you are
trying to run your network. If you don't have all that in place you can
setup rules in Group Policies as well to configure Windows Firewall.