Changes in Windows XP Service Pack 2 - PowerPoint PPT Presentation

About This Presentation
Title:

Changes in Windows XP Service Pack 2

Description:

– PowerPoint PPT presentation

Number of Views:120
Avg rating:3.0/5.0
Slides: 24
Provided by: scie5
Learn more at: http://www.cs.cmu.edu
Category:

less

Transcript and Presenter's Notes

Title: Changes in Windows XP Service Pack 2


1
Changes in Windows XPService Pack 2
  • 7/2004
  • robsmith_at_cs.cmu.edu

2
Enhancements in XP SP2
  • Network Protection
  • Memory Protection (compatible cpus)
  • Safer E-mail handling
  • Enhanced Browsing Security
  • Improved Computer Maintenance

3
Services Disabled by Default
  • Messenger Service
  • Alerter Service

4
Updated / Modified Applications
  • Windows Media Player upgraded to v9
  • Windows Messenger security enhancements
  • - blocks unsafe file transfers
  • - required user display name (different
    from e-mail address)
  • - ports need to be opened through firewall
  • Outlook Express plain text mode, more
  • Windows Installer v3.0

5
RPC / DCOM, other Changes
  • Anonymous RPC calls no longer allowed
  • DCOM computer level ACL
  • Configurable via Registry key
  • Better support for Bluetooth wireless devices

6
Major changes
  • Firewall turned on by default
  • IE Pop-Up blocker
  • IE runs in restricted mode
  • Installed patches not displayed by default
  • (enabled via registry key)

7
Firewall
  • Definition - electronic blocking mechanism that
    will not allow unauthorized intruders into a
    computer system
  • The firewall in Windows XP will not block any
    traffic originated on the local system.

8
Quick Survey
  • Black Ice?
  • ZoneAlarm?
  • Symantec Firewall?
  • Tiny?
  • Other?
  • SCS Computing Facilities will support the
    firewall bundled with WinXP SP2

9
Methods for configuring the Windows Firewall in
XP-SP2
  • Group Policy
  • .Inf file bundled with setup
  • Manual configuration
  • Netsh command line tool
  • Example netsh firewall show state

10
Group Policy Settings
  • GPO will be linked to the three Organizational
    Units where computers reside
  • Contain settings that allow the standard SCS
    Windows environment to function
  • Backup Agents (local network scope)
  • Windows File Sharing (local network scope)
  • Remote Administration (Hyena),WMI (local network
    scope)
  • Common Internet Services (Http,FTP,Telnet,SSH)
  • Additional exceptions will be configurable by
    user

11
Group Policy Details
  • Ports
  • 7 (Echo)
  • 6050 (Arcserve Client Agent)
  • 497 (Retrospect Client Agent)
  • 1977 (TiBS Client Agent)
  • 6000,177(udp) (X-Win32)
  • 3389 Remote Desktop
  • Windows File Sharing (NetBios Ports)
  • Remote Management (WMI Ports)
  • All ICMP Traffic

12
Configuring Exceptions
13
Configuring Exceptions 2
14
Configuring Exceptions 3
  • Add a text description and specify port

15
Dynamic additions of exceptions
  • Add an exception to the firewall when a newly
    installed application wants to listen on a port.

16
SCS Subnets Local Scope
  • 128.2.178.0/23 (255.255.254.0)
  • 128.2.180.0/22 (255.255.252.0)
  • 128.2.184.0/21 (255.255.248.0)
  • 128.2.192.0/19 (255.255.224.0)
  • 128.2.242.0/24 (255.255.255.0)
  • 128.2.254.0/24 (255.255.255.0)

17
Pop-Up Blocker
  • Pop-up Blocker can be enabled by three different
    methods
  • Prompt at first occurrence.
  • A prompt appears before the first pop-up window
    appears that asks the customer to enable Pop-up
    Blocker.
  • The Tools menu
  • In Internet Explorer, on the Tools menu, click
    Pop-up Blocker, and then click Block Pop-up
    Windows.
  • Internet Options
  • In Internet Explorer, on the Tools menu, click
    Internet Options, click the Privacy tab, and then
    click Block pop-up windows. You can then click
    Options to configure Pop-up Blocker settings.

18
IE Restrictions
  • Configurable via Group Policy (TBD)
  • Binary Behavior Security Restriction
  • MK Protocol Security Restriction
  • Local Machine Zone Lockdown
  • Consistent Mime Handling
  • Mime Sniffing Safety Feature
  • Object Caching Protection
  • Popup Management
  • Scripted Window Security Restrictions
  • Protection From Zone Elevation
  • SecurityBand
  • Restrict ActiveX Install
  • Restrict FileDownload

19
IE prompt when downloading files, adding ActiveX
controls, etc.
  • Information Bar - used to bypass default
    settings in order to download files (AES),
    display pop-up windows, run unsigned scripts,
    etc.

20
Tools for troubleshooting
  • Port Reporter Tool useful for determining
    additional ports that may need to be opened.
  • http//support.microsoft.com/default.aspx?scidkb
    en-us837243
  • Firewall Log
  • systemroot\winnt\win_FW.log


21
Additional Reading
  • Details on changes
  • http//www.microsoft.com/downloads/details.aspx?Fa
    milyID7bd948d7-b791-40b6-8364-685b84158c78Displa
    yLangen
  • Manually configuring the Firewall
  • http//www.microsoft.com/technet/community/columns
    /cableguy/cg0204.mspx

22
Questions
  • ???

23
Fall 2004 - Software Changes
  • New Kerberos ticket manager (Kfw)
  • Updates versions of WinZip, Mozilla,X-Win32,
    OpenAFS (integrated with Kfw)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Changes in Windows XP Service Pack 2" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!