Ted said:
Me too, but is it the firewall or XP is the problem ?
It's the SP2 firewall, alright. With SP2 the firewall blocks damn near
everything at startup except DHCP, DNS and communication with a Domain
Controller for policies. Then later (when it's too late anyway, in most
cases) your custom settings _might_ take effect (if you're lucky). You
have to disable it in the registry so it doesn't block almost everything
at startup (when you really _need_ it to be unblocked in many cases). M$
calls it "boot-time policy"; from:
http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall.aspx
" In Windows XP Service Pack 2, the firewall driver has a static rule,
called the boot-time policy. It performs stateful filtering and eliminates
the window of vulnerability while the computer is booting. This new policy
rule allows the computer to open ports so that basic networking tasks such
as DNS and DHCP may take place. It also allows communication with a domain
controller to obtain appropriate policies. Once the firewall service is
running, it loads and applies the run-time Windows Firewall policy and
removes the boot-time filters. (The boot-time policy cannot be
configured.)
There is no boot-time security if Windows Firewall/Internet Connection
Sharing (ICS) is set to Disabled. "
That last two sentences are lies. "Boot-time policy" _can_ be configured
and even _disabled_ in the registry, and furthermore it still imposes
"boot time security" even whe WF/ICS is set to disabled through the
recommended methods by M$, without disabling it directly the registry.
Without specific registry entries concerning the boot-time policy you have
no control over it, i.e. you have to nip it in the bud, so to speak.
Here is an example of a .reg file we have had to import into all our XP
SP2 machines on a Novell network to enable them to login to Netware
without incident and browse mapped Netware drives (and allow ZfD Remote
Management to connect, but that's another matter), and I suppose that
Windows shares would be affected similarly, but you'll get the idea...
REGEDIT4
; WinXP SP2 Firewall Changes for Novell
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"524:TCP"="524:TCP:*:Enabled:Novell NCP - TCP"
"524:UDP"="524:UDP:*:Enabled:Novell NCP - UDP"
"123:UDP"="123:UDP:*:Enabled:Novell NTP - UDP"
"427:TCP"="427:TCP:*:Enabled:Novell SLP - TCP"
"427:UDP"="427:UDP:*:Enabled:Novell SLP - UDP"
For your particular problems you will have to research the port, name and
protocols for yourself. I apologize, but we are primalily a Netware house
here and have no Windows Servers with mapped shares.
I can only hope this will help lead you to research the issue as it may
apply to your particular situation and is only presented as an example of
how the SP2 Firewall _really_ works (or doesn't, depending on your point
of view).
I thought it was windows problem.
Oh, it _is_, it is a a Windows XP SP2 problem!
I had to allow shares on the whole drive so it will
allow access. It will not accept share access.
Figures. Sucks. Sorry I don't have a more direct solution for you.
Cheers and hopefully happy computing! Live and learn, eh?
And Happy Holidays!
Steve N.
