09-16-2004, 12:38 AM
Well being at a University that was rolling it out before it was publically available thanks to some phone calls, and being the Tier 2 support who gets to work directly with most of the students I can say a fair bit about it.
I have been running it on my work machine for at least 3 weeks now. Our package for work systems disable the firewall and roll back the Kerberos API so that it doesn't break our domain logins. We have found that there are some issues with having a roaming profile on an AFS drive and using the openAFS 1.2.9b client for access to that. The main issue is that after hitting a secure site the profile redirection for Favorites in IE breaks. If you aren't redirecting the Favorites we haven't seen any issues with IE. This is actually an issue with the older OpenAFS client we use for other compatibility reasons. The Kerberos issues are because we don't use an MS Kerberos controller prefering the more stable *nix based ones.
On a standard install (i.e. student machines) we have about 70% success rate for install. The big problem systems are generally laptops, not really surprising considering the higher percentage of proprietary hardware in those. Most people have no problems with it. Norton Internet Security does seem to reset itself after the SP2 install though so that you have to go through and redo the program scan so that things can get out to the internet, but not a big deal. For most of the students no problems. Some reports of sluggish systems after an install. A reinstall of the SP has generally fixed those. We are often turning off the File and Print sharing blocking that is on by default in the built in firewall though.
The huge benefit for us and the reason we started to apply it to systems so early is all the security patches are rolled up in it. The slow down in spread of virus has been tremedous on the resnet (student residential housing subnet) thanks to SP2 installs. Considering I found the newest strain of sdbot on Monday (thank you sysinternals) on an unpatched student system (McAfee should have the extra.dat for cleaning it rolled into the next sdat release, should be tomorrow or maybe it came out today, today was a long day) I'm very grateful for the ease of getting the security roll-ups installed. Though it was neat sending a file to McAfee and Symantec (though we are a McAfee campus) and having them go, hmm we've never seen that before, we'll get back to you, I would rather not have to do that everyday. It took them both about an hour to say that they had something that should clean it. I've tested the McAfee update it worked. But again, getting the systems up to date so that they can't get hit in the first place is what I care about.
That being said, I haven't installed it at home yet because of some old legacy hardware I have and problems I had with it after installing SP1 on the system. Considering that I am using drivers from Windows 2000 for the old SCSI card I keep dragging along with me to run the old CD-RW and CD-ROM that I have, I don't feel like wedging those back in again like I had to after the SP1 update.
If you've been keeping your system up to date and it isn't running in a network environment where it can cause problems (say a university network) then I would wait till SP2a before updating, though I doubt most of you would have any problems. If you haven't been patching, then I would suggest putting it on just to get the security roll-ups. If you have a prebuilt system (Dell, Gateway, Compaq) you are less likely to have any issues than if you have a custom built system since more testing was done on those standard system configs. It isn't the plague or anything. It can be unistalled (I have done so several times without using rollback, just using its unistall feature), and I have only seen once case out of literally over 1000 where the system was rendered unbootable by it, and that was on a highly modified laptop system. But since all the data on that system had been backed up a re-install was doable.
Just some of my thoughts on the matter.
I have been running it on my work machine for at least 3 weeks now. Our package for work systems disable the firewall and roll back the Kerberos API so that it doesn't break our domain logins. We have found that there are some issues with having a roaming profile on an AFS drive and using the openAFS 1.2.9b client for access to that. The main issue is that after hitting a secure site the profile redirection for Favorites in IE breaks. If you aren't redirecting the Favorites we haven't seen any issues with IE. This is actually an issue with the older OpenAFS client we use for other compatibility reasons. The Kerberos issues are because we don't use an MS Kerberos controller prefering the more stable *nix based ones.
On a standard install (i.e. student machines) we have about 70% success rate for install. The big problem systems are generally laptops, not really surprising considering the higher percentage of proprietary hardware in those. Most people have no problems with it. Norton Internet Security does seem to reset itself after the SP2 install though so that you have to go through and redo the program scan so that things can get out to the internet, but not a big deal. For most of the students no problems. Some reports of sluggish systems after an install. A reinstall of the SP has generally fixed those. We are often turning off the File and Print sharing blocking that is on by default in the built in firewall though.
The huge benefit for us and the reason we started to apply it to systems so early is all the security patches are rolled up in it. The slow down in spread of virus has been tremedous on the resnet (student residential housing subnet) thanks to SP2 installs. Considering I found the newest strain of sdbot on Monday (thank you sysinternals) on an unpatched student system (McAfee should have the extra.dat for cleaning it rolled into the next sdat release, should be tomorrow or maybe it came out today, today was a long day) I'm very grateful for the ease of getting the security roll-ups installed. Though it was neat sending a file to McAfee and Symantec (though we are a McAfee campus) and having them go, hmm we've never seen that before, we'll get back to you, I would rather not have to do that everyday. It took them both about an hour to say that they had something that should clean it. I've tested the McAfee update it worked. But again, getting the systems up to date so that they can't get hit in the first place is what I care about.
That being said, I haven't installed it at home yet because of some old legacy hardware I have and problems I had with it after installing SP1 on the system. Considering that I am using drivers from Windows 2000 for the old SCSI card I keep dragging along with me to run the old CD-RW and CD-ROM that I have, I don't feel like wedging those back in again like I had to after the SP1 update.
If you've been keeping your system up to date and it isn't running in a network environment where it can cause problems (say a university network) then I would wait till SP2a before updating, though I doubt most of you would have any problems. If you haven't been patching, then I would suggest putting it on just to get the security roll-ups. If you have a prebuilt system (Dell, Gateway, Compaq) you are less likely to have any issues than if you have a custom built system since more testing was done on those standard system configs. It isn't the plague or anything. It can be unistalled (I have done so several times without using rollback, just using its unistall feature), and I have only seen once case out of literally over 1000 where the system was rendered unbootable by it, and that was on a highly modified laptop system. But since all the data on that system had been backed up a re-install was doable.
Just some of my thoughts on the matter.
---
It's all just zeroes and ones and duct tape in the end.
It's all just zeroes and ones and duct tape in the end.