Installation, security woes dog NT 4.0 SP4 By Bob Trott InfoWorld Electric Posted at 1:01 PM PT, Feb 9, 1999 Microsoft is dealing with more woes surrounding Service Pack 4 (SP4) of Windows NT Server 4.0. The software giant is working on an SP4 installation problem that affects users with specific configurations, and plans to issue a fix this week. And Microsoft support line engineers compounded worries for some customers by describing the fix as a "major re-release" of the service pack. According to Microsoft, the Y2ksetup.exe file included with the "full download" and CD versions of SP4 causes Microsoft Message Queue Server (MSMQ) to be uninstalled on NT servers that have both Site Server Express 2.0 and the NT Option Pack version of MSMQ. A Microsoft representative said that no core SP4 components were affected, and that the problem does not affect users who installed MSMQ from NT Server 4.0, Enterprise Edition. However, the company's handling of the issue confused some customers. One user, who was working to deploy SP4 over hundreds of NT servers worldwide, said he was told by Microsoft engineers to hold off on the deployment until a "major re-release" of the service pack was released. One Microsoft official, referring to an internal document, called the service pack refresh "SP4a." "In our particular case it throws off months of preplanning to hit 400-plus servers worldwide," said the IT manager, who requested anonymity. The representative said Microsoft was not planning a re-release of SP4, and said the reference to "SP4a" was a "typo." However, the representative also said Microsoft would use the installation fix as a chance to update NT's Java virtual machine to bring it into compliance with a federal judge's order in the lawsuit brought against Microsoft by Sun Microsystems. Microsoft this week also posted to its Web site a fix for a security hole in SP4 that could allow a user to log on interactively and connect to network shares using a blank password. Information on the bug can be found at www.microsoft.com/security/bulletins/ms99-004.asp. The flaw mainly affects NT servers that serve as domain controllers in environments with DOS, Windows 3.1, Windows for Workgroups, OS/2, or Macintosh clients. "In general, customers who have deployed only Windows NT, Windows 95 and Windows 98 client workstations are not at risk from this vulnerability," the company stated. Microsoft Corp., in Redmond, Wash., can be reached at www.microsoft.com. Bob Trott, is InfoWorld's Seattle bureau chief. From MAILER-DAEMON@cs.depaul.edu Tue Feb 9 17:09:57 1999