XP SP 2 Firewall and my Domain

[Marc R. O'Connor]

HI,
Does any one know about the interaction of the ICF and a Windows 2000
domain. I was always under the impression that the firewall will wreak
havoc on a domain and it has been my experience when certain users decide
to download ZoneAlarm on their work station I get AD, DNS and other
issues. Any idea how this should be handled with SP2? Any good sources of
reading?

Cheers,
Marc

 

[Miha Pihler]

Hi Marc,

Here is a good starting point.

Windows XP Service Pack 2
Resources for IT Professionals

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx

I hope this helps,

Mike

 

[Will Denny]

Hi Marc

There are News Groups specific to SP2 - you might like to try those:

http://communities.microsoft.com/newsgroups/default.asp?icp=xpsp2&slcid=us

 

[Bruce Chambers]

Greetings --

The "next generation" Windows Firewall included with SP2, while
vastly superior to the original ICF in terms of visibility, usability
and configurability, is still rather lacking, as a solid security
component. It still can't supplant 3rd-party solutions, nor is it
intended to do so; rather, it's intended to complement them. And, like
the original ICF, it will not monitor out-going traffic.

It's most important virtues, I think, are it's improved
compatibility with internal LANs and its configurability via group
policies. Now, there's a simple, cheap tool that system admins can
use to protect the LAN workstations from that occasional - but not
rare enough - fool who manages to bypass the perimeter firewall and
manually install some malware that could then spread throughout the
LAN via shared drives.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Torgeir Bakken \(MVP\)]

HI,
Does any one know about the interaction of the ICF and a Windows 2000
domain. I was always under the impression that the firewall will wreak
havoc on a domain and it has been my experience when certain users
decide to download ZoneAlarm on their work station I get AD, DNS and
other issues. Any idea how this should be handled with SP2? Any good
sources of reading?

Hi

I run WinXP SP2 (beta) with the firewall enabled. This computer is
joined to an AD domain, and I have no problems with this.


For more information, see the Windows Firewall chapter in the document
02_CIF_Network_Protection.DOC, downloadable from
http://www.microsoft.com/downloads/...d7-b791-40b6-8364-685b84158c78&DisplayLang=en

Note: WinXPSP2_Documentation.zip contains all the .doc downloads...


Also, many FW settings will be configurable through Group Policy.

More on this in WF_XPSP2.doc ("Deploying Windows Firewall Settings
for Microsoft Windows XP with Service Pack 2") at
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1


There is also a SP2 Group Policy Settings Reference spreadsheet
available, GroupPolicySettings_PreRelease.xls can be downloaded
from here:

Group Policy Settings Reference for Windows XP Professional
Service Pack 2 Release Candidate 2
http://www.microsoft.com/downloads/...c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en

Note that the "Update History" part only covers new settings in RC2,
it does not cover any previous SP2 history.


Also note that there are separate newsgroups available for SP2:

Welcome to Windows XP SP2 Technical Preview Newsgroups
http://communities.microsoft.com/newsgroups/default.asp?icp=xpsp2&slcid=us