Microsoft has released the Windows Service Pack Blocker Tool Kit yesterday. It can be used to block the deployment of Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 for 12 months following general availability of the service packs.
The toolkit contains three components which all set or clear a Registry key that blocks or allows the installation of the service pack 1 via Windows Update. Why three and not one component? Because different computer infrastructures may required different means of blocking the service packs from being installed.
Included in the bundle are the following three components:
► A Microsoft-signed executable
► A script
► An ADM template
Note that the executable and script have been tested only as a command-line tool and not in conjunction with other systems management tools or remote execution mechanisms.
A Microsoft-signed executable
The executable creates a registry key on the computer on which it is run that blocks or unblocks (depending on the command-line option used) the delivery of a Service Pack to that computer through Windows Update. The key used is HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate.
When the ‘/B’ command line option is used, the key value name ‘DoNotAllowSP’ is created and its value set to 1. This value blocks delivery of a Service Pack to the computer through Automatic Update or Windows Update.
When the ‘/U’ command line option is used, the previously created registry value that temporarily blocked the delivery of a Service Pack to the computer through Automatic Update or Windows Update is removed. If the value does not exist on the computer on which it is run, no action is taken.
The script does the same thing as the executable, but allows you to specify the remote machine name on which to block or unblock delivery of Service Packs.
An ADM template
The ADM template allows administrators to import group policy settings to block or unblock delivery of Service Packs into their Group Policy environment. Administrators can then use Group Policy to centrally execute the action across systems in their environment.
The Windows Service Pack Blocker Tool Kit prevents only the installation of a service pack via Windows Update. It is still possible to update the system by downloading the service pack separately or by applying the patch from CD/DVD or other media.
The Windows Service Pack Blocker Tool Kit can be downloaded from directly from Microsoft’s Download Center