Windows XP Firewall & LAN/Domain Configuration

  • Thread starter Thread starter Research Services
  • Start date Start date
R

Research Services

Has anyone developed a minimal list of TCP/UDP Ports to open on the built-in
Windows XP Internet Connection Firewall to allow the client machine to work
properly in a LAN Windows 2000 Active Directory Domain?


We have heard that the ICF was originally intended for home users. But with
the recent announcement of the heightened security enhancements in SP2 for
Windows XP it really sounds like Microsoft is changing that to include those
on a LAN.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp

If they are turning ICF ON by default with SP2 that certainly applies to the
thousands of XP machines we have on our LAN so we expect a way to configure
the advanced settings of ICF with Group Policies.
 
Actually, if a W2k3 member is any indicator, there is not
much needed. The ICF allows returns for anything originated
inside. There is very little in a default AD environment that
is invasive toward the client from the domain; mostly only
optionals like remote management tools reaching in, expecting
such as Remote Reg Svc, admin shares, SMS discoveries, etc..

But you pose good questions which are, AFAIK, at this point
not resolved : whether it will default on only for stand-alones,
whether a new .adm will be provided to extend policies into
new areas (ICF), etc..
 
Back
Top