WinXP SP2 Adoption Slow In Enterprise, Picks Up In SMB

ISVs and partners say large corporations are postponing the second Windows service pack because of application compatibility problems and the extensive amount of testing necessary. What's more, large companies can do without SP2 for some time since they already have enterprise-level firewalls and other security applications, observers say. Gartner Group, for example, advises customers to wait until new No Execute (NX) processors ship in 2005. "A lot of customers are holding off," said Todd Swank, Director of Marketing for Northern Computer Technologies, Burnsville, Minn. "This is bigger than a service pack and some people say it's like a brand new operating system."

ISVs in the desktop management space concur.

"We've made greater inroads into small and midsize organizations, but no one with 500 seats and above is going to deploy now, "said Brian Styles, CTO of ScriptLogic, an ISV whose Desktop Authority 6.0 application assists in Windows desktop deployments and management. "The bigger the organization, the slower the approach will be. The resellers that handle smaller accounts, like 100 and 200 users, are more aggressive with the rollout of SP2 because there's less risk."

Still, one survey released last week from market research firm InsightExpress shows that most larger organizations do expect to deploy SP2 in the coming months. According to that survey of117 IT executives from midsize and large companies, 79 percent say they plan to deploy SP2 by mid 2005.

It won't be a slam dunk. That same survey, commissioned by management software vendor SupportSoft, reveals that more than 50 percent of respondent expect the SP2 deployment process to disrupt business continuity. Seventy-five percent cite application incompatibilities as their biggest worry.

Following the release of the security-oriented Windows XP SP2 to OEMs on August 6 -- and to the general community a few weeks later -- users encountered significant application incompatibilities related to strengthened security and by turning on the Windows Firewall by default. At the time, Microsoft confirmed that more that 50 mainstream applications would not run properly with Service Pack 2. In September, Microsoft gave businesses permission to block the service pack from automatic download until April of 2005, giving time for more testing. The original cutoff date was to have been in midDecember.

Service Packs from Microsoft and other software vendors usually contain bug fixes or minor updates. As such, they're usually downloaded immediately, without disrupting users. But Service Pack 2 is considered more of an upgrade than a service pack.

Capgemini spent three months testing applications with SP2 and developing a custom version of Windows XP, including "most of the SP2 code" for its clients and will begin deploying it soon to more than 55,000 desktops over a six week period.

But while enterprise adoption is occurring in pockets, the SMB space is showing most of SP2-related activity say Microsoft Gold Certified partners working in the enterprise and SMB markets. "It's a wide mix of customers deploying SP2, but yes, SMB customers tend to deploy it faster because they have less to worry about," said Ken Winell, president of Econium, Totowa, N.J.

Some unique drivers in the SMB market are spurring SP2's deployment. Customers can implement SP2 more quickly because they have fewer applications to test. Additionally, many SMB customers are more vulnerable than large companies to the problems SP2 aims to protect they tend to have few security applications.

"An enterpriseclass account will typically have adequate security procedures from a firewall perspective, and also have appropriate intrusion detection systems," said Phil Ernst, president of Convergence Technology Consulting, Bowie, Md., which has performed numerous SP2 deployments for SMB customers. "The SMB space is a mixed bag. Best practices costs money, and in some cases too much for many SMB organizations. Either they lack the internal expertise for controlling updates, lack the funds, or both."

Convergence and other SMB partners that reported significant services revenue for SP2 deployments recommend a number of tools. These range from Group Policy in Active Directory to Microsoft Software Update Services or third-party products from ISVs such as ScriptLogic, of Boca Raton, Fla., or ManageSoft, in Boston.

"All enterprise are holding off as extensive testing is going on," said Steven Kros, San Jose-based technology evangelist for ManageSoft. "A number of customers have rolled out SP2 without any problem -- smaller organizations with less than 3,000 devices. Typically, the ones that have rolled out SP2 are organizations with more control over the desktop."

Partners in the enterprise and SMB markets may drag their feet but they may have no choice after 2005. OEMs have begun preloading Windows XP SP2 on most new PCs, and Microsoft is making it increasingly difficult for systems builders to access older versions of the Windows XP code. One system builder, for example, wanted the Windows XP Service Pack 1 code though distribution but got turned down. "I thought it was supposed to be available until December but we couldn't get it," said one Microsoft solution provider.

Despite that solution provider's difficulty obtaining SP1 code, Microsoft maintains that the earlier service pack is still available. "For the past 60 days the significant majority of our shipments have been SP2. However, System builders can order either SP2 or SP1," said Kurt Kolb, general manager, Worldwide System Builder Channel and License Compliance.

Microsoft said it started shipping XP SP2 to all authorized distributors in early October, and is now shipping SP2 to all authorized resellers and OEMs.

Although Microsoft encourages immediate deployment of SP2, the Redmond, Wash. software vendor is taking heed of the problems that occurred with SP2 and will try to make the process easier for the security service pack planned for the Windows Server 2003, Most significantly, Microsoft will turn the firewall off by default in the server update, now due in the second quarter of 2005.