Microsoft is letting customers disable installation of SP2 until they are ready to deal with the multitude of issues it brings.

Users, largely expected to be corporates, can prevent the installation of the newly minted XP service pack while permitting the installation of all other automatic OS updates.

The idea behind it is that smaller organizations may find that the update process overwhelms their resources, whether download bandwidth, or technical staff who will have to manage the fall-out of a massive OS update dropping into most users' machines.

In the Technet section of its site, Microsoft said that, "some organizations have requested the ability to temporarily disable delivery of this update via AU (automatic update) and WU (Windows update) ... these customers would like to temporarily block the delivery of SP2 in order to provide additional time for validation and testing of the update." The move follows IBM's instruction to its employees not to install SP2.

Microsoft explains three ways of disabling the installation. Active Directory users can use group policies via a downloadable Active Directory template. The second uses a downloadable executable -- Microsoft points out that it's signed code -- while the third uses a link over email. All rely on the presence of a new registry key originally created for in-house use during the development of the service pack.

However, Microsoft is encouraging companies to use its Software Update Services or Systems Management Server. In this way, users can enable automatic updates which are then redirected to an internal company server rather than to Microsoft's servers.

The option to disable installation of SP2 while leaving automatic updates enabled expires 120 days after August 16, at which point users who hold back will have little option unless they disable all updates.

It's early days for user feedback, although some posts on technical forums suggest that few problems have so far been detected. However, one user's posting was emblematic of the general attitude: "Oh, I'll put it on a test rig. I'm sure we'll do a write-up. But I'm not letting it within ten feet of a rig whose operation is critical. And the reason is simple. I don't have time to spend four hours trying to coax my system back to life. I'd rather take my chances with the security flaws."