XP SP2 for corp. use

[- Karl]

By default, XP SP2 will have several features enabled by default which will
have unwanted side effects for corp use (Firewall being on by default is the
biggest one).

I'm sure several people are wondering how will we be able to deploy SP2
without some of the features getting enabled? Will we be able to have some
way to create a custom installation that will disable the features we do not
need? Or is there a script that we will need to deploy afterwards but
before we reboot?

 

[Jupiter Jones [MVP]]

Karl;
The SP 2 newsgroups referenced in this link are the best place to ask
that question:
http://www3.telus.net/dandemar/xpsp2.htm

 

[Mike Kolitz]

Karl,

The Firewall can be manipulated in several different ways. The first - and
easiest, is by using Group Policy, assuming the workstation is a member of
an Active Directory domain. There are new group policy objects in SP2 that
will describe the behavior of the firewall the PC is able to connect to the
domain and when the PC is not.

Secondly, the use of scripts (I.e. System Startup or Logon scripts) can
modify the behavior of the firewall.

Thirdly, there are actually ways to modify the initial firewall state using
a configuration file on the Windows XP SP2 CD, I believe.

Documentation on how to deploy Windows Firewall settings can be found here:
http://www.microsoft.com/downloads/...e1-61fa-447a-bdcd-499f73a637d1&DisplayLang=en

However - and I just wanted to bring this up - there's nothing wrong with
leaving the firewall active in a corporate network environment. There will
no doubt have to be ports opened on the firewall for certain applications to
work correctly, but *some* protection is better than *no* protection.

You might ask why you'd run firewalls on each PC if your network is
protected by one anyway... the same reason that you have anti-virus software
on all PCs and servers... one line of defense isn't always good enough.
Just food for thought...

 

[Rob]

there will be new [firewall] section available for use in an unattended
install that will allow you just adjust features of the firewall when
building a new machine. as far as installing it on already existing
machines with certain settings enabled and disabled..... hmmm, i have no
idea.

 

[Guest]

Multiple measures of protection are needed throughout the network, however if
desktop users need a personal desktop firewall at the office in addition to
the corporate firewall, then something is wrong. It someone can get past the
corp firewall, then they can definitely get past this cheap personal firewall
MS just enabled. Secondly, whoever misconfigured the corp firewall, will most
likely misconfigure the personal desktop firewall too. In the end it's just
another resource hog on the corp desktop that will cost the IT dept even more
money to maintain just so MS can save a little face due to poor management on
their part.