Quandary: Is Windows Desktop Search Installing Itself?
At least two independent, private network administrators have reported on their blogs since yesterday that their Windows Server Update Service has downloaded and deployed to their network clients the most recent update to Microsoft's Windows Desktop Search engine, even though those services are set up not to deploy updated software automatically.
"Thank you Microsoft, for once again bypassing my Windows update policies," wrote admin Robert Kloosterhuis this morning. "I can now go explain to my managers why 500 workstations and 12 servers have ended up with Microsoft Desktop Search, without anyone's explicit approval."
Microsoft itself is not pushing WDS 3.01 as mandatory to Windows clients through its own Update service. In a check this morning using an XP-based system on a network where WSUS is not employed, Microsoft Update showed the WDS update patch as an optional download rather than a critical one.
A Microsoft KnowledgeBase article published last week describes Desktop Search 3.01 as a minor improvement, including restricting itself to indexing the Outlook inbox when the e-mail client is running in Cached Exchange Mode (while it's not consistently polling for data from Exchange on the network) and adding support for a multitude of new Group Policy Objects.
While such an update may be welcomed by some desktop clients, it's theoretically unnecessary for it to be installed to other servers, and most likely unwanted for file servers and domain controllers. It is, after all, "Desktop Search." There could also be repercussions in the fact that client systems, once updated with a local search engine they've never had before, will start indexing themselves on startup, slowing down that process considerably.
But as Windows Server Update Services Program Manager Bobbie Harder explained - or tried to explain - on her team's blog today, administrators who saw WDS 3.01 automatically installed probably had already flagged the original WDS 3.0 specifically for automatic installation, so the "applicability rules," as she puts it, were applied to subsequent revisions...by design.
"WSUS by default is set to auto-approve update revisions to minimize administrative overhead and make sure distribution 'just works,'" Harder wrote. Her theory is that admins purposefully checked WDS 3.0 for distribution, and therefore subsequent metadata patches as well as software patches, such as the 3.01 update, were automatically checked for distribution as well.
"That said, we will be tightening the criteria for revisions," she continued, "so that auto-approval of revision behaviors are more predictable and of similar scope as the original approved update, as we appreciate the confusion this behavior caused." Harder did not explain why this behavior has not been seen before, with services that are checked for distribution and then subsequently patched.
Administrator Sadjad Bahmanpour may have been the first to recognize the unwanted behavior on his server logs, reporting it to his Windows Live blog space yesterday. In an update to that post, Bahmanpour rejoiced in its discovery by the world at large, saying, "Now the WORLD is angry about Microsoft, I FOUND IT FIRST :D"