Hi!

The developopment team responsible for the revised Windows XP firewall that
will be released in the coming months as part of Service Pack 2 have asked
that we start spreading the word about the firewall. It will install in the
"on" mode when you run SP2 and has a different feature set than the current
Windows XP firewall, so they want all of us to be aware of it and begin
educating ourselves on it.

The current document is at:
http://www.microsoft.com/downloads/d...DisplayLang=en


Thanks,
Steve

--
Banks Consulting Northwest
http://www.banksnw.com

In article <e9qIeQr5DHA.2720@TK2MSFTNGP09.phx.gbl>,
steve@newsonline.banksnw.com says...
Wouldn't it make more sense for the installer to detect a couple of
things on the machine and then determine if the firewall should be on or
not? For example:

- If the firewall is currently enabled, enable it.
- If the machine is running XP Home, enable it.
- If the machine is running XP Pro AND the machine is joined to a
domain, don't enable it.

This would be pretty simple to do and would have made for a better
install, IMHO.

--
John LeMay
kc2kth
Senior Technical Manager
NJMC | http://www.njmc.com | Phone 732-557-4848

AFAIK-> you can disable and/or configure the ICF by using group policy.

Remember that there are a lot of people who use Win XP Pro in a domain
without firewalls (or incorrectly configured ones). IMHO-> the best setup is
the one that you can configure.

--
Javier [SBS MVP]

<< SBS ROCKS !!! >>

"John LeMay" <jlemay@njmc.com> wrote in message
news:MPG.1a839d8010ed5cb5989682@news.cis.dfn.de...

Remember in SBS2k3 we've got a GP in place.. just tweak it.

Javier Gomez [SBS MVP] wrote:
--
http://www.sbslinks.com/really.htm

When I read the doc, it seemed to imply (at first) that you could block
specific applications. However, after further reading it seems like ICF
will just watch what ports those apps use, then open those ports (presumably
for any app that uses the same ports). This part was a little vague to me,
so maybe I'm misunderstanding.

I wish ICF could be more configurable along the lines of ZoneAlarm Pro. It
is very customizable - by IP range, application, port etc. It can also
block Javascript etc. in web pages too. While it is very customizable, it
is pretty intuitive for the user. When an app tries to access the local
network or web, ZoneAlarm will prompt you if you want to allow this, and can
remember what you tell it. This way to don't have to mess around with
setting these things before hand if you don't know what you're doing. I
expect most (home) users of ICF will have trouble setting it up to allow
specific apps to pass through. I don't think this sort of firewall would
have to be a threat to ISA server, because this sort of firewall would be of
most use to home users. For people in a domain, it would be easier (better)
to have ISA than such a firewall. MS could limit this more powerful
firewall to XP or 2000 workstations so that if you had a server you'd still
really need ISA to protect it - thus protecting MS'es ISA sales.



"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:OcGtuYu5DHA.2764@TK2MSFTNGP09.phx.gbl...

Wow, another 40 page white paper. I'll have to put this underneath my
110-page "getting started" guide for SBS 2003 and the 290-page Sonicwall
manual.

I'm riding around with so much computer documentation, there's no room in
the car for passengers : )


"Steven Banks [SBS MVP]" <steve@newsonline.banksnw.com> wrote in message
news:e9qIeQr5DHA.2720@TK2MSFTNGP09.phx.gbl...

In article <uN7lcTu5DHA.2008@TK2MSFTNGP10.phx.gbl>,
javier_gomez@remove.this.engineer.com says...
True, and that's really the bottom line. However, I just thought there
was some much better automatic options for how to decide whether to
enable XP's firewall. By the way, what if the user already has another
firewall installed? There's another time the XP firewall shouldn't be
enabled!

--
John LeMay
kc2kth
Senior Technical Manager
NJMC | http://www.njmc.com | Phone 732-557-4848