cakirfatih
asked on
How to configure Windows XP Firewall that comes with SP2
Hi guys,
I have a Win 2K DC, with 2K and XP client computers
I have installed XP service pack 2 to my client computers. As most of you know, the firewall is on after the installation is complete. This prevented me from pinging XP PCs in my domain.
I am running some applications that i need to have a connection to XP computers in my domain. For example MacAfee Protection Pilot won't get the status of client PCs, when the firewall is on.
I would like to learn what is the best way to configure Firewall options at XP computers. Are there any group policy settings that i can apply to all XP computers, or any change has to be done at each client computer.
What are the cons and pros of using XP firewall in a domain environment?
thanks
I have a Win 2K DC, with 2K and XP client computers
I have installed XP service pack 2 to my client computers. As most of you know, the firewall is on after the installation is complete. This prevented me from pinging XP PCs in my domain.
I am running some applications that i need to have a connection to XP computers in my domain. For example MacAfee Protection Pilot won't get the status of client PCs, when the firewall is on.
I would like to learn what is the best way to configure Firewall options at XP computers. Are there any group policy settings that i can apply to all XP computers, or any change has to be done at each client computer.
What are the cons and pros of using XP firewall in a domain environment?
thanks
Heres the link for the group policy
http://www.microsoft.com/downloads/details.aspx?FamilyID=dacf095f-fdbd-4c50-bdaa-96ff9f00e007&displaylang=en
If you look in control panel you will see the new security center which lets you modify the firewall.
Hope this helps.
http://www.microsoft.com/downloads/details.aspx?FamilyID=dacf095f-fdbd-4c50-bdaa-96ff9f00e007&displaylang=en
If you look in control panel you will see the new security center which lets you modify the firewall.
Hope this helps.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here is the jist, also, in a mixed environment, M$ recommends using the latest xp adms
Upgrading to the latest Administrative Template files
To upgrade .adm files on a server running Windows 2000 to include Windows XP policy settings
1.
On a computer running Windows XP, navigate to the WINNT/INF folder, which contains the Windows XP .adm files.
2.
Copy system.adm and any of the other .adm files that you need (depending on which components you want to configure) to a shared folder.
3.
Go to a server running Windows 2000 and open a Group Policy object (GPO) using the Group Policy Object Editor. For more information about how to do this, see Appendix B, "Resources for learning about Group Policy," which contains instructions for accessing the Group Policy Help documentation.
4.
Right-click Administrative Templates under either User Configuration or Computer Configuration (it does not matter which one) and select Add/Remove Templates.
5.
In the Add/Remove Templates dialog box, remove the Windows 2000-based .adm files.
6.
Still in the Add/Remove Templates dialog box, add the Windows XP-based .adm files from the shared folder.
7.
Repeat this procedure for each GPO.
Notes
Consider the following when using Administrative Templates:
In a mixed environment, use Windows XP .adm files to administer your GPOs.
Try to apply the same policy settings to both Windows XP and Windows 2000 so that roaming users can have a consistent experience.
Test interoperability of the various policy settings before deployment.
Only configure policy settings on clients using GPOs. Do not try to create these registry values by other methods.
Upgrading to the latest Administrative Template files
To upgrade .adm files on a server running Windows 2000 to include Windows XP policy settings
1.
On a computer running Windows XP, navigate to the WINNT/INF folder, which contains the Windows XP .adm files.
2.
Copy system.adm and any of the other .adm files that you need (depending on which components you want to configure) to a shared folder.
3.
Go to a server running Windows 2000 and open a Group Policy object (GPO) using the Group Policy Object Editor. For more information about how to do this, see Appendix B, "Resources for learning about Group Policy," which contains instructions for accessing the Group Policy Help documentation.
4.
Right-click Administrative Templates under either User Configuration or Computer Configuration (it does not matter which one) and select Add/Remove Templates.
5.
In the Add/Remove Templates dialog box, remove the Windows 2000-based .adm files.
6.
Still in the Add/Remove Templates dialog box, add the Windows XP-based .adm files from the shared folder.
7.
Repeat this procedure for each GPO.
Notes
Consider the following when using Administrative Templates:
In a mixed environment, use Windows XP .adm files to administer your GPOs.
Try to apply the same policy settings to both Windows XP and Windows 2000 so that roaming users can have a consistent experience.
Test interoperability of the various policy settings before deployment.
Only configure policy settings on clients using GPOs. Do not try to create these registry values by other methods.
Is this post still alive????
i swear im not advertising.
I had the same problem in XP clients, so i wrote a handy application to fix this.
"firepanel xp" http://www.router19.org
it has the settings you need.
con: you will have to install this on each workstation locally. you can install via remote admin IF you enabled that in your deployment.
goodluck,
Smokey aka Jaytee50
I had the same problem in XP clients, so i wrote a handy application to fix this.
"firepanel xp" http://www.router19.org
it has the settings you need.
con: you will have to install this on each workstation locally. you can install via remote admin IF you enabled that in your deployment.
goodluck,
Smokey aka Jaytee50
The advantages of having the firewall are that if one of your machines is infected with a trojan or a worm it will probably be prevented from infecting the machines with the firewall on. Also if someone manages to bypass your perimiter secuirty they will also have a harder job compromising individual machines. One thing the XP firewall does not do, as far as I know, is block outgoing traffic, so if a machine is infected it will not be prevented from spewing rubbish onto your LAN, some other products will do that.
The cons are that it adds to the configuration jobs that you will have to do to make new applications work or to troubleshoot!
Overal I would be for it, once it is working it should not cause too much trouble.
Hope that helps
FatLad