[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 212
  • Last Modified:

How to configure Windows XP Firewall that comes with SP2

Hi guys,
I have a Win 2K DC, with 2K and XP client computers
I have installed XP service pack 2 to my client computers. As most of you know, the firewall is on after the installation is complete. This prevented me from pinging XP PCs in my domain.

I am running some applications that i need to have a connection to XP computers in my domain. For example MacAfee Protection Pilot won't get the status of client PCs, when the firewall is on.

I would like to learn what is the best way to configure Firewall options at XP computers. Are there any group policy settings that i can apply to all XP computers, or any change has to be done at  each client computer.

What are the cons and pros of using XP firewall in a domain environment?

thanks
0
cakirfatih
Asked:
cakirfatih
  • 4
1 Solution
 
fatladCommented:
Within the advanced settings for the XP firewall there are options to set what traffic will be allowed through, including a tab for ICMP settings. You can also set the firewall to allow ports to be open to specific addresses. Not sure how to set these through a GPO, not really my area, but I suspect you can.

The advantages of having the firewall are that if one of your machines is infected with a trojan or a worm it will probably be prevented from infecting the machines with the firewall on. Also if someone manages to bypass your perimiter secuirty they will also have a harder job compromising individual machines. One thing the XP firewall does not do, as far as I know, is block outgoing traffic, so if a machine is infected it will not be prevented from spewing rubbish onto your LAN, some other products will do that.

The cons are that it adds to the configuration jobs that you will have to do to make new applications work or to troubleshoot!

Overal I would be for it, once it is working it should not cause too much trouble.

Hope that helps

FatLad
0
 
vandCommented:
Heres the link for the group policy

http://www.microsoft.com/downloads/details.aspx?FamilyID=dacf095f-fdbd-4c50-bdaa-96ff9f00e007&displaylang=en

If you look in control panel you will see the new security center which lets you modify the firewall.

Hope this helps.
0
 
vandCommented:
Since you have 2000 server you will need to import the adms

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/31_xpapc.mspx
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
vandCommented:
Here is the jist, also, in a mixed environment, M$ recommends using the latest xp adms

Upgrading to the latest Administrative Template files
To upgrade .adm files on a server running Windows 2000 to include Windows XP policy settings
1.
 On a computer running Windows XP, navigate to the WINNT/INF folder, which contains the Windows XP .adm files.
 
2.
 Copy system.adm and any of the other .adm files that you need (depending on which components you want to configure) to a shared folder.
 
3.
 Go to a server running Windows 2000 and open a Group Policy object (GPO) using the Group Policy Object Editor. For more information about how to do this, see Appendix B, "Resources for learning about Group Policy," which contains instructions for accessing the Group Policy Help documentation.
 
4.
 Right-click Administrative Templates under either User Configuration or Computer Configuration (it does not matter which one) and select Add/Remove Templates.
 
5.
 In the Add/Remove Templates dialog box, remove the Windows 2000-based .adm files.
 
6.
 Still in the Add/Remove Templates dialog box, add the Windows XP-based .adm files from the shared folder.
 
7.
 Repeat this procedure for each GPO.
 

Notes

Consider the following when using Administrative Templates:

In a mixed environment, use Windows XP .adm files to administer your GPOs.

Try to apply the same policy settings to both Windows XP and Windows 2000 so that roaming users can have a consistent experience.

Test interoperability of the various policy settings before deployment.

Only configure policy settings on clients using GPOs. Do not try to create these registry values by other methods.
0
 
vandCommented:
Is this post still alive????
0
 
Jaytee50Commented:
i swear im not advertising.

I had the same problem in XP clients, so i wrote a handy application to fix this.

"firepanel xp"   http://www.router19.org

it has the settings you need.

con: you will have to install this on each workstation locally. you can install via remote admin IF you enabled that in your deployment.

goodluck,
Smokey aka Jaytee50
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now