I've been toying with it for a few days now, and so far the only quirks I've found relate to Symantec AntiVirus and the integrated firewall that's now on by default. The security settings seem to operate in two different modes, depending upon whether or not you're in a domain. If you're not in a domain, it'll come up with a three-part screen telling you all about your automatic update, firewall, and antivirus settings. In this mode it currently does not detect Symantec AntiVirus as being an AV program, and warns you that you don't have any AV software installed. You can manually tell it "Oh yes I do!" and it'll stop bugging you, but it's yet another thing to configure. I filed this as a bug with Microsoft, so hopefully they'll adapt it to detect SAV Corp. Edition.

In "domain" mode, it doesn't pester you about your AV software, and you don't see that same screen, though it'll tell you that your administrator is controlling your automatic updates if you're doing it via Group Policy. The firewall is turned on again, and this is where the fun begins.

With the firewall on, SAV is prevented from listening on UDP port 2967, which it needs to do in order to receive "pushes" of antivirus defs from the server. The clients will still be updated when they check in on their schedule, but that may be several hours. The client also shows up as being "offline" in the Symantec management software.

Fortunately, you can open up that port manually in the firewall and restore all of that functionality, but it'd be a major pain to do that on each box. The good news is, you don't have to. You can use the netsh command from a login script, or better yet, use the new Group Policy option to do it for all computers. You can even choose to disable the firewall completely if you want.

The firewall acts much like ZoneAlarm, or any of the other common ones, in that it now prompts you for action when launching applications that use your network connection, and asks you to allow or disallow the connection for that app. It's a bit annoying authorizing all your apps at first, and will certainly generate some end-user questions, but, like taking your shoes off at the airport, it's probably just something we have to get used to in the name of increased security.

The SP also includes a new version of IE, with an integrated pop-up blocker. It seems to work well, but isn't particularly fancy. The newer version of IE seems faster to me as well, but I could be wrong, it's just a subjective thing.

The new version of Windows Update is much slicker, and it "feels" a little more reliable than the old version. The Group Policy for doing updates now includes a new option for "install at shutdown" so that when a user shuts down their PC, they're given the option of "Update and Shutdown" so that the updates can be applied and the machine shutdown as the user leaves, which could be handy.

There are quite a few more changes, and I'd urge you to read up about them and begin testing the Service Pack, as it's going to make support a bit tricky in the short term, but hopefully much easier in the long-term.