Scott Herriman
July 30th 04, 03:25 PM
NNTP-Posting-Host: outbound.callwave.com 63.77.208.4
Path: imp.nntpserver.com!newsfeed-west.nntpserver.com!newsfeed-east.nntpserver.com!nntpserver.com!newspeer1.nwr.n ac.net!nntp.cifnet.net!news-out1.nntp.be!propagator2-sterling!propagator3-cogent!news-in-sterling.newsfeeds.com!in.nntp.be!news.mccons.net! news
.maxbaud.net!news.kjsl.com!news-peer-lilac.gradwell.net!news.zanker.org!news.glorb.com! tdsnet-transit!newspeer.tds.net!enews.sgi.com!msrnewsc1!T K2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
Xref: newsfeed-west.nntpserver.com microsoft.public.win32.programmer.networks:42703 microsoft.public.windowsxp.beta.general:14371 microsoft.public.windowsxp.beta.help-and-support:3006 microsoft.public.windowsxp.security_admin:167135
I have a question regarding the MSDN help for Windows XP SP2 on the page,
"Firewall - Developer Implications" in the section entitled "IPv4 inbound
connections for services"
http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall_devimp.aspx
The paragrah in question reads (see link for more context):
"If the user does not consent, then the service should still use the
INetFwV4OpenPort COM interface to add rules to Windows Firewall to open the
fixed port or ports needed by the service. These rules, however, should not
be enabled so that an administrator can easily turn the rules on if
necessary at a later time."
I do not understand the last sentence? Can some one clarify what they mean.
Is this the same sentiment as found under the heading "IPv4 Inbound
Connections for Services" on another page?
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp
I think that on the second page they are more clear when they say:
"If the user does not consent, then the service should still use the
INetFwV4OpenPort API to add rules to ICF to open the fixed port or ports
needed by the service. However, these rules should not be enabled. "
Sorry for the cross post I think that it should be on topic for the most
part. I am hoping that one of MS guys will read this and see if they can
clearup the confusion on the page in question.
Thanks,
Scott
Path: imp.nntpserver.com!newsfeed-west.nntpserver.com!newsfeed-east.nntpserver.com!nntpserver.com!newspeer1.nwr.n ac.net!nntp.cifnet.net!news-out1.nntp.be!propagator2-sterling!propagator3-cogent!news-in-sterling.newsfeeds.com!in.nntp.be!news.mccons.net! news
.maxbaud.net!news.kjsl.com!news-peer-lilac.gradwell.net!news.zanker.org!news.glorb.com! tdsnet-transit!newspeer.tds.net!enews.sgi.com!msrnewsc1!T K2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
Xref: newsfeed-west.nntpserver.com microsoft.public.win32.programmer.networks:42703 microsoft.public.windowsxp.beta.general:14371 microsoft.public.windowsxp.beta.help-and-support:3006 microsoft.public.windowsxp.security_admin:167135
I have a question regarding the MSDN help for Windows XP SP2 on the page,
"Firewall - Developer Implications" in the section entitled "IPv4 inbound
connections for services"
http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall_devimp.aspx
The paragrah in question reads (see link for more context):
"If the user does not consent, then the service should still use the
INetFwV4OpenPort COM interface to add rules to Windows Firewall to open the
fixed port or ports needed by the service. These rules, however, should not
be enabled so that an administrator can easily turn the rules on if
necessary at a later time."
I do not understand the last sentence? Can some one clarify what they mean.
Is this the same sentiment as found under the heading "IPv4 Inbound
Connections for Services" on another page?
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp
I think that on the second page they are more clear when they say:
"If the user does not consent, then the service should still use the
INetFwV4OpenPort API to add rules to ICF to open the fixed port or ports
needed by the service. However, these rules should not be enabled. "
Sorry for the cross post I think that it should be on topic for the most
part. I am hoping that one of MS guys will read this and see if they can
clearup the confusion on the page in question.
Thanks,
Scott