PDA

View Full Version : SP2 manageability in AD environment


Damir, HR
June 9th 04, 06:51 PM
I guess that the subject explains my question, but here it is in a detailed form:

The scenario is pretty standard, as I have different Win2000 and Win2003 servers running in their native AD mode (of course, in different LANs), with XP Pro clients.

I am using SUS (with SP1) for managing critical updates in domains, so XP SP2 will be downloaded automaticaly (although not installed as I don't like installation aproval before doing few weeks long testing phase on few chosen machines).

So, when XP SP2 becomes finished, will there be any Administrative template(s) available for download to integrate at least major features of XP SP2 into Active Directory Group Policy?

I'm actualy worried about manageability of SP2 features in domain environments, and don't know if I'll have to create my own .adm file, run from one PC to another configuring SP2 features, or something else?

I'm worried about things like how Windows Firewall will (if) affect ISA Server clients (and servers)? Do I actually need Windows Firewall if the LAN is already protected by ISA Server? If I don't need it, will I be able to configure/disable it through GPO
in AD Users and Computers (Server 2000)/Group Policy Management (Server 2003) or I'll have to do that manualy on every single machine?

Thank you in advance for any help on this subject!

Carey Frisch [MVP]
June 9th 04, 06:51 PM
Windows XP Service Pack 2
http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnwxp/html/securityinxpsp2.asp

Guide for Installing and Deploying the Beta Version of Service Pack 2 for
Microsoft Windows XP Home Edition and Windows XP Professional (SPDeploy)
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/spdeploy.mspx

Windows XP SP2 Resources for IT Professionals
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx

Welcome to Windows XP SP2 Technical Preview Newsgroups
http://communities.microsoft.com/newsgroups/default.asp?icp=xpsp2&slcid=us

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------------------------------------------------

"Damir, HR" <Damir, > wrote in message:
...

|I guess that the subject explains my question, but here it is in a detailed form:
|
| The scenario is pretty standard, as I have different Win2000 and Win2003 servers running in their native AD
mode (of course, in different LANs), with XP Pro clients.
|
| I am using SUS (with SP1) for managing critical updates in domains, so XP SP2 will be downloaded
automaticaly (although not installed as I don't like installation aproval before doing few weeks long testing
phase on few chosen machines).
|
| So, when XP SP2 becomes finished, will there be any Administrative template(s) available for download to
integrate at least major features of XP SP2 into Active Directory Group Policy?
|
| I'm actualy worried about manageability of SP2 features in domain environments, and don't know if I'll have
to create my own .adm file, run from one PC to another configuring SP2 features, or something else?
|
| I'm worried about things like how Windows Firewall will (if) affect ISA Server clients (and servers)? Do I
actually need Windows Firewall if the LAN is already protected by ISA Server? If I don't need it, will I be
able to configure/disable it through GPO in AD Users and Computers (Server 2000)/Group Policy Management
(Server 2003) or I'll have to do that manualy on every single machine?
|
| Thank you in advance for any help on this subject!

Steve Riley [MSFT]
June 9th 04, 06:51 PM
These are good links. To address one concern: in the old days, it was
customary to use a GPO to disable ICF in a corporate environment because you
really couldn't remotely manage a computer with it turned on.

This is completely different with the new firewall. Yes, you still need it
internally even if your network is protected with an ISA Server: if a
computer gets infected with something while it's remote, then comes back to
your network, an edge firewall is powerless to help the other internal
computers avoid getting infected. This is why host-based firewalls are,
IMHO, now a critical part of any security infrastructure.

Use appropriate GPOs to construct a corporate policy for Windows Firewall
that will allow you to manage the client appropriately yet still keep it
protected.

--
Steve




"Carey Frisch [MVP]" > wrote in message
...
> Windows XP Service Pack 2
> http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnwxp/html/securityinxpsp2.asp
>
> Guide for Installing and Deploying the Beta Version of Service Pack 2 for
> Microsoft Windows XP Home Edition and Windows XP Professional (SPDeploy)
> http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/spdeploy.mspx
>
> Windows XP SP2 Resources for IT Professionals
> http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx
>
> Welcome to Windows XP SP2 Technical Preview Newsgroups
> http://communities.microsoft.com/newsgroups/default.asp?icp=xpsp2&slcid=us
>
> --
> Carey Frisch
> Microsoft MVP
> Windows XP - Shell/User
>
> Be Smart! Protect your PC!
> http://www.microsoft.com/security/protect/
>
> --------------------------------------------------------------------------------------------------------------
>
> "Damir, HR" <Damir, > wrote in message:
> ...
>
> |I guess that the subject explains my question, but here it is in a
> detailed form:
> |
> | The scenario is pretty standard, as I have different Win2000 and Win2003
> servers running in their native AD
> mode (of course, in different LANs), with XP Pro clients.
> |
> | I am using SUS (with SP1) for managing critical updates in domains, so
> XP SP2 will be downloaded
> automaticaly (although not installed as I don't like installation aproval
> before doing few weeks long testing
> phase on few chosen machines).
> |
> | So, when XP SP2 becomes finished, will there be any Administrative
> template(s) available for download to
> integrate at least major features of XP SP2 into Active Directory Group
> Policy?
> |
> | I'm actualy worried about manageability of SP2 features in domain
> environments, and don't know if I'll have
> to create my own .adm file, run from one PC to another configuring SP2
> features, or something else?
> |
> | I'm worried about things like how Windows Firewall will (if) affect ISA
> Server clients (and servers)? Do I
> actually need Windows Firewall if the LAN is already protected by ISA
> Server? If I don't need it, will I be
> able to configure/disable it through GPO in AD Users and Computers (Server
> 2000)/Group Policy Management
> (Server 2003) or I'll have to do that manualy on every single machine?
> |
> | Thank you in advance for any help on this subject!
>

Torgeir Bakken \(MVP\)
June 9th 04, 10:45 PM
Damir wrote:

> I guess that the subject explains my question, but here it is in a detailed form:
> (snip)
Hi

Some additional links to the ones posted by Carey:


Changes to Functionality in Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=7bd948d7-b791-40b6-8364-685b84158c78&DisplayLang=en

Note: WinXPSP2_Documentation.zip contains all the other .doc downloads...


For information on how to deploy FW settings, take a
look at WF_XPSP2.doc.

WF_XPSP2.doc ("Deploying Windows Firewall Settings for Microsoft
Windows XP with Service Pack 2") can be downloaded from here:

http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx

Google