Microsoft KB Archive/940469

= MBSA 2 and other programs do not offer Windows Server 2003 SP2 as an update on a Windows Server 2003-based computer that has the Windows Server 2003 SP2 Blocker Toolkit installed =

Article ID: 940469

Article Last Modified on 9/5/2007

-

APPLIES TO


 * Microsoft Baseline Security Analyzer 2.0

-



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
On a Microsoft Windows Server 2003-based computer, you use the Windows Server 2003 SP2 Blocker Toolkit to temporarily disable the automatic update to Windows Server 2003 Service Pack 2. However, you may find that the following programs do not offer Windows Server 2003 SP2 as an update:
 * Microsoft Baseline Security Analyzer (MBSA) 2.0
 * Windows Server Update Services (WSUS) 2.0
 * Windows Server Update Services (WSUS) 3.0
 * Microsoft Windows Update

For example, when you use MBSA 2 to scan for updates, the Security Update Scan Results table may not include Windows Server 2003 SP2.



CAUSE
This issue occurs because of the detection logic that is included with the Windows Server 2003 SP2 Blocker Toolkit. Windows update programs verify the value of the DoNotAllowSP registry entry in the following registry subkey:

If the value of the DoNotAllowSP registry entry is set to 1, the following programs cannot deliver a Windows Server 2003 SP2 update:
 * Windows Update (WU)
 * Microsoft Update (MU)
 * Automatic Updates (AU)

When you install Windows Server 2003 SP2 Blocker Toolkit, the DoNotAllowSP registry entry is created automatically, and the value is set to 1.

This behavior is by design.



WORKAROUND
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To work around this issue, follow these steps:  Click Start, type regedit, and then click OK. In Registry Editor, locate the following registry subkey, and then click it:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

 In the details pane, right-click DoNotAllowSP, and then click Modify. Make sure that the Value data box has no data, and then click OK. Exit Registry Editor.

Notes The Windows Server 2003 SP2 Blocker Toolkit includes the following:
 * An ADM template that lets you configure this setting by using the Active Directory directory service.
 * A .cmd file that you can deploy by using a logon script to configure this setting.

<div class="moreinformation_section">

MORE INFORMATION
For more information about the Windows Server 2003 SP2 Blocker Toolkit, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=fc145b0b-c148-445a-82ba-9b2f3aef6e60&DisplayLang=en

To review a FAQ document about the Windows Server 2003 SP2 Blocker Toolkit, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/windowsserver/bb335196.aspx

Keywords: kbtshoot kbexpertiseinter kbprb KB940469

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.