Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to configure Windows XP Firewall that comes with SP2

Posted on 2004-08-25
6
Medium Priority
?
204 Views
Last Modified: 2013-11-16
Hi guys,
I have a Win 2K DC, with 2K and XP client computers
I have installed XP service pack 2 to my client computers. As most of you know, the firewall is on after the installation is complete. This prevented me from pinging XP PCs in my domain.

I am running some applications that i need to have a connection to XP computers in my domain. For example MacAfee Protection Pilot won't get the status of client PCs, when the firewall is on.

I would like to learn what is the best way to configure Firewall options at XP computers. Are there any group policy settings that i can apply to all XP computers, or any change has to be done at  each client computer.

What are the cons and pros of using XP firewall in a domain environment?

thanks
0
Comment
Question by:cakirfatih
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 3

Expert Comment

by:fatlad
ID: 11892866
Within the advanced settings for the XP firewall there are options to set what traffic will be allowed through, including a tab for ICMP settings. You can also set the firewall to allow ports to be open to specific addresses. Not sure how to set these through a GPO, not really my area, but I suspect you can.

The advantages of having the firewall are that if one of your machines is infected with a trojan or a worm it will probably be prevented from infecting the machines with the firewall on. Also if someone manages to bypass your perimiter secuirty they will also have a harder job compromising individual machines. One thing the XP firewall does not do, as far as I know, is block outgoing traffic, so if a machine is infected it will not be prevented from spewing rubbish onto your LAN, some other products will do that.

The cons are that it adds to the configuration jobs that you will have to do to make new applications work or to troubleshoot!

Overal I would be for it, once it is working it should not cause too much trouble.

Hope that helps

FatLad
0
 
LVL 6

Expert Comment

by:vand
ID: 11893041
Heres the link for the group policy

http://www.microsoft.com/downloads/details.aspx?FamilyID=dacf095f-fdbd-4c50-bdaa-96ff9f00e007&displaylang=en

If you look in control panel you will see the new security center which lets you modify the firewall.

Hope this helps.
0
 
LVL 6

Accepted Solution

by:
vand earned 2000 total points
ID: 11893097
Since you have 2000 server you will need to import the adms

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/31_xpapc.mspx
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 6

Expert Comment

by:vand
ID: 11893132
Here is the jist, also, in a mixed environment, M$ recommends using the latest xp adms

Upgrading to the latest Administrative Template files
To upgrade .adm files on a server running Windows 2000 to include Windows XP policy settings
1.
 On a computer running Windows XP, navigate to the WINNT/INF folder, which contains the Windows XP .adm files.
 
2.
 Copy system.adm and any of the other .adm files that you need (depending on which components you want to configure) to a shared folder.
 
3.
 Go to a server running Windows 2000 and open a Group Policy object (GPO) using the Group Policy Object Editor. For more information about how to do this, see Appendix B, "Resources for learning about Group Policy," which contains instructions for accessing the Group Policy Help documentation.
 
4.
 Right-click Administrative Templates under either User Configuration or Computer Configuration (it does not matter which one) and select Add/Remove Templates.
 
5.
 In the Add/Remove Templates dialog box, remove the Windows 2000-based .adm files.
 
6.
 Still in the Add/Remove Templates dialog box, add the Windows XP-based .adm files from the shared folder.
 
7.
 Repeat this procedure for each GPO.
 

Notes

Consider the following when using Administrative Templates:

In a mixed environment, use Windows XP .adm files to administer your GPOs.

Try to apply the same policy settings to both Windows XP and Windows 2000 so that roaming users can have a consistent experience.

Test interoperability of the various policy settings before deployment.

Only configure policy settings on clients using GPOs. Do not try to create these registry values by other methods.
0
 
LVL 6

Expert Comment

by:vand
ID: 12201262
Is this post still alive????
0
 
LVL 1

Expert Comment

by:Jaytee50
ID: 12278072
i swear im not advertising.

I had the same problem in XP clients, so i wrote a handy application to fix this.

"firepanel xp"   http://www.router19.org

it has the settings you need.

con: you will have to install this on each workstation locally. you can install via remote admin IF you enabled that in your deployment.

goodluck,
Smokey aka Jaytee50
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question