Solved

How to configure Windows XP Firewall that comes with SP2

Posted on 2004-08-25
6
192 Views
Last Modified: 2013-11-16
Hi guys,
I have a Win 2K DC, with 2K and XP client computers
I have installed XP service pack 2 to my client computers. As most of you know, the firewall is on after the installation is complete. This prevented me from pinging XP PCs in my domain.

I am running some applications that i need to have a connection to XP computers in my domain. For example MacAfee Protection Pilot won't get the status of client PCs, when the firewall is on.

I would like to learn what is the best way to configure Firewall options at XP computers. Are there any group policy settings that i can apply to all XP computers, or any change has to be done at  each client computer.

What are the cons and pros of using XP firewall in a domain environment?

thanks
0
Comment
Question by:cakirfatih
  • 4
6 Comments
 
LVL 3

Expert Comment

by:fatlad
Comment Utility
Within the advanced settings for the XP firewall there are options to set what traffic will be allowed through, including a tab for ICMP settings. You can also set the firewall to allow ports to be open to specific addresses. Not sure how to set these through a GPO, not really my area, but I suspect you can.

The advantages of having the firewall are that if one of your machines is infected with a trojan or a worm it will probably be prevented from infecting the machines with the firewall on. Also if someone manages to bypass your perimiter secuirty they will also have a harder job compromising individual machines. One thing the XP firewall does not do, as far as I know, is block outgoing traffic, so if a machine is infected it will not be prevented from spewing rubbish onto your LAN, some other products will do that.

The cons are that it adds to the configuration jobs that you will have to do to make new applications work or to troubleshoot!

Overal I would be for it, once it is working it should not cause too much trouble.

Hope that helps

FatLad
0
 
LVL 6

Expert Comment

by:vand
Comment Utility
Heres the link for the group policy

http://www.microsoft.com/downloads/details.aspx?FamilyID=dacf095f-fdbd-4c50-bdaa-96ff9f00e007&displaylang=en

If you look in control panel you will see the new security center which lets you modify the firewall.

Hope this helps.
0
 
LVL 6

Accepted Solution

by:
vand earned 500 total points
Comment Utility
Since you have 2000 server you will need to import the adms

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/31_xpapc.mspx
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 6

Expert Comment

by:vand
Comment Utility
Here is the jist, also, in a mixed environment, M$ recommends using the latest xp adms

Upgrading to the latest Administrative Template files
To upgrade .adm files on a server running Windows 2000 to include Windows XP policy settings
1.
 On a computer running Windows XP, navigate to the WINNT/INF folder, which contains the Windows XP .adm files.
 
2.
 Copy system.adm and any of the other .adm files that you need (depending on which components you want to configure) to a shared folder.
 
3.
 Go to a server running Windows 2000 and open a Group Policy object (GPO) using the Group Policy Object Editor. For more information about how to do this, see Appendix B, "Resources for learning about Group Policy," which contains instructions for accessing the Group Policy Help documentation.
 
4.
 Right-click Administrative Templates under either User Configuration or Computer Configuration (it does not matter which one) and select Add/Remove Templates.
 
5.
 In the Add/Remove Templates dialog box, remove the Windows 2000-based .adm files.
 
6.
 Still in the Add/Remove Templates dialog box, add the Windows XP-based .adm files from the shared folder.
 
7.
 Repeat this procedure for each GPO.
 

Notes

Consider the following when using Administrative Templates:

In a mixed environment, use Windows XP .adm files to administer your GPOs.

Try to apply the same policy settings to both Windows XP and Windows 2000 so that roaming users can have a consistent experience.

Test interoperability of the various policy settings before deployment.

Only configure policy settings on clients using GPOs. Do not try to create these registry values by other methods.
0
 
LVL 6

Expert Comment

by:vand
Comment Utility
Is this post still alive????
0
 
LVL 1

Expert Comment

by:Jaytee50
Comment Utility
i swear im not advertising.

I had the same problem in XP clients, so i wrote a handy application to fix this.

"firepanel xp"   http://www.router19.org

it has the settings you need.

con: you will have to install this on each workstation locally. you can install via remote admin IF you enabled that in your deployment.

goodluck,
Smokey aka Jaytee50
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Lets look at the default installation and configuration of FreeProxy 4.10 REQUIREMENTS 1. FreeProxy 4.10 Application - Can be downloaded here (http://www.handcraftedsoftware.org/index.php?page=download) 2. Ensure that you disable the windows fi…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now