psych0naut
asked on
SP2 Firewall
We will be rolling out SP2 Enterprise Wide at some point over the next several months. Once all our systems are running SP2 how can I turn off the Firewall, which is on by default? Is there some registry hack I can push out? Thx in advance.
Using the above information, I would recommend not turning it off, but instead, using GPO's to only enable the ports that need to be open. By completely turning off the firewall, you are shutting down a big piece of the network security features.
A very good thought.
Some XP2 help as well - General, walkthrough and more follow
Windows XP Service Pack 2 (SP2)
http://support.microsoft.com/gp/windowsxpsp2
Firewall http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Pop up blockers http://support.microsoft.com/default.aspx?scid=kb;en-us;843016
Free XP SP2 CD http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx
Support tools http://support.microsoft.com/default.aspx?scid=kb;en-us;838079
Windows XP Service Pack 2 (SP2)
http://support.microsoft.com/gp/windowsxpsp2
Firewall http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Pop up blockers http://support.microsoft.com/default.aspx?scid=kb;en-us;843016
Free XP SP2 CD http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx
Support tools http://support.microsoft.com/default.aspx?scid=kb;en-us;838079
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How to install Windows XP Service Pack 2 (SP2) by using Systems Management Server
http://support.microsoft.com/kb/842844
Back to work, good luck on your adventure.
":0) Asta
http://support.microsoft.com/kb/842844
Back to work, good luck on your adventure.
":0) Asta
If you find you can't use GPO without a Windows 2003 server, you can still set firewall options via a login script...
Put a line in the login script like:
netsh -f \\servername\netlogon\xpfw
Then put the xpfw.nsh file in the sysvol's scripts directory with entries like:
firewall set portopening protocol = ALL port = 497 name = "Retrospect Backup" mode = ENABLE scope = SUBNET profile = DOMAIN
firewall set portopening protocol = TCP port = 139 name = "File and Printer Sharing" mode = ENABLE scope = SUBNET profile = DOMAIN
firewall set portopening protocol = TCP port = 445 name = "File and Printer Sharing" mode = ENABLE scope = SUBNET profile = DOMAIN
firewall set portopening protocol = UDP port = 137 name = "File and Printer Sharing" mode = ENABLE scope = SUBNET profile = DOMAIN
firewall set portopening protocol = UDP port = 138 name = "File and Printer Sharing" mode = ENABLE scope = SUBNET profile = DOMAIN
Read all about the netsh command in sites like:
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
or
http://www.jsiinc.com/SUBP/tip7900/rh7908.htm
or
http://www.newsarch.com/archive/newsgroup/microsoft/public/windowsxp/general/msg116275.html
or google for your own!
Put a line in the login script like:
netsh -f \\servername\netlogon\xpfw
Then put the xpfw.nsh file in the sysvol's scripts directory with entries like:
firewall set portopening protocol = ALL port = 497 name = "Retrospect Backup" mode = ENABLE scope = SUBNET profile = DOMAIN
firewall set portopening protocol = TCP port = 139 name = "File and Printer Sharing" mode = ENABLE scope = SUBNET profile = DOMAIN
firewall set portopening protocol = TCP port = 445 name = "File and Printer Sharing" mode = ENABLE scope = SUBNET profile = DOMAIN
firewall set portopening protocol = UDP port = 137 name = "File and Printer Sharing" mode = ENABLE scope = SUBNET profile = DOMAIN
firewall set portopening protocol = UDP port = 138 name = "File and Printer Sharing" mode = ENABLE scope = SUBNET profile = DOMAIN
Read all about the netsh command in sites like:
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
or
http://www.jsiinc.com/SUBP/tip7900/rh7908.htm
or
http://www.newsarch.com/archive/newsgroup/microsoft/public/windowsxp/general/msg116275.html
or google for your own!
Thank you. Did you get the solution you needed or would you like to discuss further? It definitely would add value to this question thread for others if you can provide some information on the solution now that it has moved to our PAQ (Previously Asked Questions database).
I've used the Free XP SP2 support Tech Chat interface a few times and have a current issue working; they've been GREAT. I feel this benefits us all in the long run, since some of the issues resulted in new additions to the Microsoft Knowledge Base for other to find and hopefully will be fixed incorporated in the next Service Pack or Windows release. In all, a win/win scenario.
Asta
I've used the Free XP SP2 support Tech Chat interface a few times and have a current issue working; they've been GREAT. I feel this benefits us all in the long run, since some of the issues resulted in new additions to the Microsoft Knowledge Base for other to find and hopefully will be fixed incorporated in the next Service Pack or Windows release. In all, a win/win scenario.
Asta
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngdepgp.mspx