In Win2k Server, how can you verify that SP4 is properly installed? I know you can go to My Computer and right click and it will tell you that SP4 is installed, but I was wondering if there was another way to verify that it is installed properly, perhaps by the size and date of the NTOS kernel or some other critical file. Anyone have any information on the matter?
How do you verify that Service Pack 4 is installed?
- Thread starter GoingUp
- Start date
Product:Windows 2000 SP4
Version:5.0.2195.6717
Modified: 06/19/2003
Product:Windows 2000 SP3
Version:5.0.2195.5438
Modified: 7/22/2002
Product:Windows 2000 SP2
Version:5.0.2195.2951
Modified: 5/4/2001
Check your ntoskrnl.exe and compare it to the above versions. With SP4 it should be 5.0.2195.6717 or HIGHER. If you have all the latest security updates (namely KB835732 aka MS04-011) ntoskrnl.exe will be a newer version.
You can also use SFC /SCANNOW. When SP4 (or any security update) is installed it will update the catalog files. Running SFC should tell you if any files have been changed since. If something is amiss it will attempt to correct it using your DLLCACHE folder. If that version is damaged as well it will prompt you for either your 2k CD or your SP4 CD as necessary.
Version:5.0.2195.6717
Modified: 06/19/2003
Product:Windows 2000 SP3
Version:5.0.2195.5438
Modified: 7/22/2002
Product:Windows 2000 SP2
Version:5.0.2195.2951
Modified: 5/4/2001
Check your ntoskrnl.exe and compare it to the above versions. With SP4 it should be 5.0.2195.6717 or HIGHER. If you have all the latest security updates (namely KB835732 aka MS04-011) ntoskrnl.exe will be a newer version.
You can also use SFC /SCANNOW. When SP4 (or any security update) is installed it will update the catalog files. Running SFC should tell you if any files have been changed since. If something is amiss it will attempt to correct it using your DLLCACHE folder. If that version is damaged as well it will prompt you for either your 2k CD or your SP4 CD as necessary.
It's the Microsoft Baseline Security Analyzer. It's a free download from Microsoft.
Gsellis: Yes, there is a way to verify the SP installed correctly. There is an svcpack.log file in your systemroot that will tell you. It's a bit difficult to read. There are some 'error' messages that will appear in the log that are normal. In truth, the best way to tell is just to pay attention during the install. I have never seen a service pack install fail silently. If it's going to fail it WILL give an error message. The only real way to shoot yourself in the foot is to abort the reboot that follows the install.
gsellis
Diamond Member
- Dec 4, 2003
- 6,061
- 0
- 0
Yes, but it does not verify the files in the SP are still the correct files. It verifies that the correct updates are installed. Two different things. If the system is not caching the dlls, etc through SFC, the files can have been installed correctly and then been replaced by an application.
The log may apply in this case. Good post Smilin.
SFC is just an application that leverages WFP.
SFC/WFP will actually check each file to see if it is the proper one. It will compare these to the catalogs. If a file is ever replaced by an application WFP will kick in and fix it with a copy from dllcache. SFC isn't even aware of service packs or updates. It doesn't know what file belongs to what service pack. It only knows about the catalog and the files.
In fact you can take perfectly correct files and drop them on the system and they will be rejected. They have to be installed by an update or service pack that also updates that catroot files. It's the same reason that makes you have to slipstream a service pack into an install source rather than just copying the updated files into the source. If you copy sp4 files on to a retail source and then install from it WFP will freak out and try to roll everything back to sp0.
SFC/WFP will actually check each file to see if it is the proper one. It will compare these to the catalogs. If a file is ever replaced by an application WFP will kick in and fix it with a copy from dllcache. SFC isn't even aware of service packs or updates. It doesn't know what file belongs to what service pack. It only knows about the catalog and the files.
In fact you can take perfectly correct files and drop them on the system and they will be rejected. They have to be installed by an update or service pack that also updates that catroot files. It's the same reason that makes you have to slipstream a service pack into an install source rather than just copying the updated files into the source. If you copy sp4 files on to a retail source and then install from it WFP will freak out and try to roll everything back to sp0.
One last one concerning the version number of the ntoskrnl.exe file. Does the version differ if we are using a multi processor system instead of a single processor system? Will the SP4 version be *.*.*.6717 no matter what after we install SP4 regardless of the # of processors?
Yes, it should be.
ntoskrnl.exe is basically the same as ntkrnlmp.exe (which is renamed to ntoskrnl.exe during install) only it has MP optimizations disabled.
Remember, if you have the latest updates applied your version will actually be greater. MS04-011 updates ntoskrnl.exe
ntoskrnl.exe is basically the same as ntkrnlmp.exe (which is renamed to ntoskrnl.exe during install) only it has MP optimizations disabled.
Remember, if you have the latest updates applied your version will actually be greater. MS04-011 updates ntoskrnl.exe
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter