Windows XP service pack 2 release
August 5, 2004
Microsoft will soon be releasing the second service pack for Windows XP. This Service Pack will have a major impact on computing in the SCS environment.
The default configuration of the Service Pack is to enable the Windows Firewall (formerly Internet Connection Firewall). In lieu of this, SCS Computing Facilities recommends that any other firewall software (ZoneAlarm, Black ICE, Tiny, or other firewall software) be removed before upgrading to Service Pack 2 for Windows XP. The service pack is aware of some third party firewall products and may use these instead of the native firewall software, however, the native Windows Firewall will be the supported configuration.
Windows 2000, Windows 2000 Server or Server 2003 systems are not affected.
SCS Computing facilities has been working with the service pack over the last few months to configure a generic set of settings that will allow us to continue to manage the environment and provide compatibility with the standard set of SCS applications as well as some common services that our customers usually run on their workstations.
The default configuration of the firewall will include:
- Unrestricted file and print sharing on local SCS subnets
- Unrestricted access to remote desktop (Terminal Services) on local SCS subnets
- Unrestricted access to client backup agents on local SCS subnets (Retrospect, TiBS, Arcserve)
- Unrestricted access for X-Server clients on the local SCS subnets
- Unrestricted access from the Internet to Web, FTP, Telnet and SSH services that may be running on some workstations
- Ability for customers to add additional exceptions for the firewall on a local basis. SCS facilities will provide this documentation via the WWW Help pages
- Exclusion option. This will be available, but not recommended as doing so will also exclude the clients workstation form other processes, such as Patch Management.
- Note that any traffic that is originated from the client computer will be unrestricted (web browsing, etc), however, a program being launched that will act as a server (listen on a particular port) will prompt the user whether to allow it or not.
If you have computers that are on a campus subnet, the client firewall will need to be modified in order to allow traffic to these hosts (other than WWW, Telnet, SSH or FTP). Detailed documentation will be available in order for our customers to make these modifications themselves, via the SCS Help Desk web pages.
Please note that the following services WILL NOT be included in the default configuration for the Windows Firewall:
- Kazaa, LimeWire and other peer to peer file sharing services
- SQL or ORACLE database services
- Other services / applications that listen for connections that are not covered in the default configuration
We need your feedback in order to make our deployment of Windows XP SP2 successful.
If you are interested in learning more about the deployment of Windows XP SP2 within SCS, please plan on attending one of two informational sessions:
- Tuesday, August 10 at 9:00 AM
- Friday, August 13 at 1:00 PM
No RSVP is necessary
Both sessions will be held in WeH 4623. Seating in this room is limited to 30, additional sessions will be added if demand is high.