Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2003 : Windows Firewall (part 2) - Service Pack Firewall Modifications - Modifications

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
4/23/2013 4:08:37 PM

2. Service Pack Firewall Modifications

The security operations changed in Windows XP SP2 represent a radical departure from earlier versions of Windows. SP2 does this by making security configuration changes that interfere with the functional operation of Windows applications. Both Microsoft and third-party programs must be adjusted to enable them to continue to run after the application of SP2. This is a departure from traditional Windows updates, since earlier updates usually attempted to add features and correct bugs while seeking to maintain compatibility.

SP 2 changes are of interest to those who administer Windows Server 2003 networks because the changes provide additional centralized management features, change the default behavior of clients on the network, and are representative of changes in SP1 for Windows Server 2003. All service packs introduce change into a network and should be carefully reviewed before installation. However, SP2 for Windows XP makes radical changes that can interfere with the management of network clients.

Because the Windows XP SP2 firewall is enabled by default, and its default behavior is to block all unsolicited incoming traffic, network management and local computer services will be disrupted. Table 9-1 lists specific tools, applications, and services that are impacted. This should be referred to as an example of the type of issues that will occur, not as the definitive list of problems that must happen. The remote use of common Microsoft Management Console (MMC) based administration tools will be blocked. If the local computer offers network services (for example, web services), access to these services may be blocked as well. When SP2 is installed, the firewall is enabled by default. Administrators should review the impact this will have in their organizations and modify (as necessary) the Firewall INF file before installing SP2. In a domain, the firewall can be controlled using Group Policy. 

Table 1. Examples of tools and services blocked by default
ItemSpecifics
Management ToolsSNMP, WMI, remote use of netsh or mmc snap-ins, Remote Assistance, Remote Desktop
Network ServicesFile and print sharing, message queuing, web services
Listening ServicesUniversal Plug-and-Play (UPnP), Routing Information Protocol (RIP)
ApplicationsInstant messaging, peer-to-peer network programs

SP1 for Windows Server 2003 will not enable the firewall by default.


2.1. Modifications

The Windows XP firewall is turned on by default after the installation of SP2. The following are a few key changes to the firewall and its administration :


Security Center

A new service, the Security Center, is added to help end user security management.


Startup security

This offers protection during system boot before firewall service is operational.


Firewall INF File

This allows you to use the INF file to configure Windows Firewall behavior.


Control Panel Firewall Applet

This allows you to configure the firewall from a new Control Panel applet.


Windows registry control of alerting and notification

Three registry settings are available to control the alerting and notification feature.


New Group Policy settings

These enable better central management of firewall behavior.


Netsh commands

This set firewall configuration using the netsh commands.

A couple of these changes (the Security Center and startup security) deem some extra attention.

2.1.1. Security Center

A new service, the Security Center, is added. The Security Center monitors security services such as a host firewall, Windows updates, and local antivirus protection. It also provides a central location for changing security settings. It may be able to also determine if the antivirus protection is up to date. The Security Center uses a red icon in the notification area of the user's taskbar and provides an alert message at logon with links to the interface. This feature is turned on by default for XP computers in a workgroup, but turned off by default for computers joined in a domain. Figure 9-13 shows the Security Center on a computer where no virus protection is provided. (Note the Alert.)

The Security Center is not turned on for clients joined to a domain. However, if you wish to do so, a Group Policy setting can be used to turn it on. This Group Policy setting is "Turn on SecurityCenter (computers in Windows domains only)" and is located in Administrative Templates → Windows Components → Security Center. By default, this is not configured, as shown in Figure 9-14.

2.1.2. Startup Security

A new startup Windows Firewall Policy performs stateful packet filtering at boot after the network service is started and until the firewall service is successfully started. This means that startup tasks for services such as DHCP and DNS can operate, but unsolicited traffic will be dropped. After the firewall service has loaded, the startup policy is dropped.

Other -----------------
- Windows Server 2003 on HP ProLiant Servers : Server Placement (part 3) - Flexible Single Master Operations (FSMO) Placement
- Windows Server 2003 on HP ProLiant Servers : Server Placement (part 2) - DC Placement, GC Placement
- Windows Server 2003 on HP ProLiant Servers : Server Placement (part 1) - DNS Placement, Site Affinity
- Managing SharePoint 2010 with Windows PowerShell : Managing SharePoint 2010 Sites (part 2)
- Managing SharePoint 2010 with Windows PowerShell : Managing SharePoint 2010 Sites (part 1)
- System Center Configuration Manager 2007 : Reporting Configuration (part 3) - Console Reporting Links, Relational Database Concepts
- System Center Configuration Manager 2007 : Reporting Configuration (part 2) - Copying ConfigMgr Classic Reports to SQL Reporting Services, Report Categories
- System Center Configuration Manager 2007 : Reporting Configuration (part 1) - Configuring the Reporting Point for Classic Reporting, SRS Reporting
- System Center Configuration Manager 2007 : ConfigMgr Classic Reports Versus SQL Reporting Services
- Deploying the Client for Microsoft Exchange Server 2007 : Deploying with Microsoft Systems Management Server, Managing Postdeployment Tasks
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server