Hi.

I wonder how MS considers working with Enterprises: installing SP2 will
simply cut-off Network Admins remote management possibilities!

I understand activating the firewall, shutting down netbios, disabling
Messenger service on a HOME version is justified. I also understand it's a
good thing on a PRO version that is NOT in a domain.

But, guys, an Enterprise that has a DOMAIN controller - hence most than
probably a Firewall too and, yes, there are still serious Admins, here -
expects at least to be ASKED whether to disable all those things or not!

Company + Domain + Windows XP + SP2 = more Admin headaches!

We're seriously thinking of a replacement to Windows XP.

Vince C.

Windows XP Service Pack 2
Resources for IT Professionals
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx


"Vince C." wrote:

> Hi.
>
> I wonder how MS considers working with Enterprises: installing SP2 will
> simply cut-off Network Admins remote management possibilities!
>
> I understand activating the firewall, shutting down netbios, disabling
> Messenger service on a HOME version is justified. I also understand it's a
> good thing on a PRO version that is NOT in a domain.
>
> But, guys, an Enterprise that has a DOMAIN controller - hence most than
> probably a Firewall too and, yes, there are still serious Admins, here -
> expects at least to be ASKED whether to disable all those things or not!
>
> Company + Domain + Windows XP + SP2 = more Admin headaches!
>
> We're seriously thinking of a replacement to Windows XP.
>
> Vince C.
>
>
>

"Vince C." > wrote in message
...
> Hi.
>
> I wonder how MS considers working with Enterprises: installing SP2 will
> simply cut-off Network Admins remote management possibilities!
>
> I understand activating the firewall, shutting down netbios, disabling
> Messenger service on a HOME version is justified. I also understand it's a
> good thing on a PRO version that is NOT in a domain.
>
> But, guys, an Enterprise that has a DOMAIN controller - hence most than
> probably a Firewall too and, yes, there are still serious Admins, here -
> expects at least to be ASKED whether to disable all those things or not!
>
> Company + Domain + Windows XP + SP2 = more Admin headaches!
>
> We're seriously thinking of a replacement to Windows XP.
>
> Vince C.


Vince,

There is No Problem at all with my corporate/Enterprise customers deploying
SP2 as they are using Group Policy under Active Directory to control the
settings in SP2 so they can choose to turn off the firewall or alter the
configuration to allow certain tools etc.
You need to look at our documentation on this and look deeper into the
proper configuration management of an Enterprise environment running Windows
XP and Active Directory.
see
http://www.microsoft.com/windowsxp/sp2/howto/default.mspx
and
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpsp2man.mspx

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Vince C." > wrote in message
...
> Hi.
>
> I wonder how MS considers working with Enterprises: installing SP2 will
> simply cut-off Network Admins remote management possibilities!
>
> I understand activating the firewall, shutting down netbios, disabling
> Messenger service on a HOME version is justified. I also understand it's a
> good thing on a PRO version that is NOT in a domain.
>
> But, guys, an Enterprise that has a DOMAIN controller - hence most than
> probably a Firewall too and, yes, there are still serious Admins, here -
> expects at least to be ASKED whether to disable all those things or not!
>
> Company + Domain + Windows XP + SP2 = more Admin headaches!
>
> We're seriously thinking of a replacement to Windows XP.
>
> Vince C.
>
>

I have had installed for almost a month and never had an
issue. Just make sure you have enable the GP for the
Windows firewall to off. The additions have been great
for us here.

Matthew Gilbert
Systems Engineer
Kyes Insurance/Dirigo Networks


>-----Original Message-----
>"Vince C." > wrote in message
...
>> Hi.
>>
>> I wonder how MS considers working with Enterprises:
installing SP2 will
>> simply cut-off Network Admins remote management
possibilities!
>>
>> I understand activating the firewall, shutting down
netbios, disabling
>> Messenger service on a HOME version is justified. I
also understand it's a
>> good thing on a PRO version that is NOT in a domain.
>>
>> But, guys, an Enterprise that has a DOMAIN controller -
hence most than
>> probably a Firewall too and, yes, there are still
serious Admins, here -
>> expects at least to be ASKED whether to disable all
those things or not!
>>
>> Company + Domain + Windows XP + SP2 = more Admin
headaches!
>>
>> We're seriously thinking of a replacement to Windows XP.
>>
>> Vince C.
>
>
>Vince,
>
>There is No Problem at all with my corporate/Enterprise
customers deploying
>SP2 as they are using Group Policy under Active Directory
to control the
>settings in SP2 so they can choose to turn off the
firewall or alter the
>configuration to allow certain tools etc.
>You need to look at our documentation on this and look
deeper into the
>proper configuration management of an Enterprise
environment running Windows
>XP and Active Directory.
>see
>http://www.microsoft.com/windowsxp/sp2/howto/default.mspx
>and
>http://www.microsoft.com/technet/prodtechnol/winxppro/main
tain/xpsp2man.mspx
>
>--
>
>Regards,
>
>Mike
>--
>Mike Brannigan [Microsoft]
>
>This posting is provided "AS IS" with no warranties, and
confers no
>rights
>
>Please note I cannot respond to e-mailed questions,
please use these
>newsgroups
>
>"Vince C." > wrote in message
...
>> Hi.
>>
>> I wonder how MS considers working with Enterprises:
installing SP2 will
>> simply cut-off Network Admins remote management
possibilities!
>>
>> I understand activating the firewall, shutting down
netbios, disabling
>> Messenger service on a HOME version is justified. I
also understand it's a
>> good thing on a PRO version that is NOT in a domain.
>>
>> But, guys, an Enterprise that has a DOMAIN controller -
hence most than
>> probably a Firewall too and, yes, there are still
serious Admins, here -
>> expects at least to be ASKED whether to disable all
those things or not!
>>
>> Company + Domain + Windows XP + SP2 = more Admin
headaches!
>>
>> We're seriously thinking of a replacement to Windows XP.
>>
>> Vince C.
>>
>>
>
>
>.
>

"Mike Brannigan [MSFT]" > a écrit dans le
message de ...
[...]
> There is No Problem at all with my corporate/Enterprise customers
deploying
> SP2 as they are using Group Policy under Active Directory to control the
> settings in SP2 so they can choose to turn off the firewall or alter the
> configuration to allow certain tools etc.
> You need to look at our documentation on this and look deeper into the
> proper configuration management of an Enterprise environment running
Windows
> XP and Active Directory.
> see
> http://www.microsoft.com/windowsxp/sp2/howto/default.mspx
> and
>
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpsp2man.mspx

Thanks, Mike. It's Ok for Group Policies. But how about Messenger service
and any services that are needed but disabled by XP? Is there also a group
policy to specify services that *must* run?

Vince C.

Vince C. wrote:

> Thanks, Mike. It's Ok for Group Policies. But how about Messenger service
> and any services that are needed but disabled by XP? Is there also a group
> policy to specify services that *must* run?
Hi

Yes, please take a look at this post (I don't think you want to mess with
the security settings part of the GPO, only the startup mode)

http://groups.google.com/groups?selm=Oj9TX2hBEHA.4080%40TK2MSFTNGP09.phx.gb l



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

Vince C. wrote:
> Hi.
>
> I wonder how MS considers working with Enterprises: installing SP2
> will simply cut-off Network Admins remote management possibilities!

I'd say Microsoft expects Enterprise network administrators to be able to
read. They've provided no end of documentation about deployment,
configuration, troubleshooting, etc.

From that point on, I'd say that reading the documentation was *your*
problem.

"Torgeir Bakken (MVP)" > a écrit dans le message
de ...
> Vince C. wrote:
>
> > Thanks, Mike. It's Ok for Group Policies. But how about Messenger service
> > and any services that are needed but disabled by XP? Is there also a group
> > policy to specify services that *must* run?
> Hi
>
> Yes, please take a look at this post (I don't think you want to mess with
> the security settings part of the GPO, only the startup mode)
>
> http://groups.google.com/groups?selm=Oj9TX2hBEHA.4080%40TK2MSFTNGP09.phx.gb l

Thanks, Torgeir. That's it.

Vince C.

"Torgeir Bakken (MVP)" > a écrit dans le
message de ...
> Vince C. wrote:
>
> > Thanks, Mike. It's Ok for Group Policies. But how about Messenger
service
> > and any services that are needed but disabled by XP? Is there also a
group
> > policy to specify services that *must* run?
> Hi
>
> Yes, please take a look at this post (I don't think you want to mess with
> the security settings part of the GPO, only the startup mode)
>
>
http://groups.google.com/groups?selm=Oj9TX2hBEHA.4080%40TK2MSFTNGP09.phx.gb l

Going on with Group Policies: our domain controller is a W2K Advanced
Server. We have both Windows 2K Pro and XP pro workstations. Can I manage
Windows XP firewall with group policies though?

http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
says GPMC SP1 runs only on XP and server 2003.

I can read but I find that documentation unclear :-). Supported OS means:
for management? or as an install target OS, i.e. OS where I can install and
run GPMC SP1?

"GPMC runs on Windows XP Professional SP1 and Windows Server 2003 computers
and can manage Group Policy in either Windows 2000 or Windows Server 2003
domains" - does it mean administration of W2K domains is only supported
through Win 2003 servers?

TIA,
Vince C.

Vince C. wrote:

> http://groups.google.com/groups?selm=Oj9TX2hBEHA.4080%40TK2MSFTNGP09.phx.gb l
>
> Going on with Group Policies: our domain controller is a W2K Advanced
> Server. We have both Windows 2K Pro and XP pro workstations. Can I manage
> Windows XP firewall with group policies though?
>
> http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
> says GPMC SP1 runs only on XP and server 2003.
>
> I can read but I find that documentation unclear :-). Supported OS means:
> for management? or as an install target OS, i.e. OS where I can install and
> run GPMC SP1?
>
> "GPMC runs on Windows XP Professional SP1 and Windows Server 2003 computers
> and can manage Group Policy in either Windows 2000 or Windows Server 2003
> domains" - does it mean administration of W2K domains is only supported
> through Win 2003 servers?
Hi

Yes, you can manage Windows XP firewall with group policies even if
the domain controller is only a W2k Server. What the text in the URL
above says is that you need to administer it from a Windows XP
computer in that case, and not from the W2k Server console.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

"Torgeir Bakken (MVP)" > a écrit dans le
message de ...
> Vince C. wrote:
>
> >
http://groups.google.com/groups?selm=Oj9TX2hBEHA.4080%40TK2MSFTNGP09.phx.gb l
> >
> > Going on with Group Policies: our domain controller is a W2K Advanced
> > Server. We have both Windows 2K Pro and XP pro workstations. Can I
manage
> > Windows XP firewall with group policies though?
> >
> >
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
> > says GPMC SP1 runs only on XP and server 2003.
> >
> > I can read but I find that documentation unclear :-). Supported OS
means:
> > for management? or as an install target OS, i.e. OS where I can install
and
> > run GPMC SP1?
> >
> > "GPMC runs on Windows XP Professional SP1 and Windows Server 2003
computers
> > and can manage Group Policy in either Windows 2000 or Windows Server
2003
> > domains" - does it mean administration of W2K domains is only supported
> > through Win 2003 servers?
> Hi
>
> Yes, you can manage Windows XP firewall with group policies even if
> the domain controller is only a W2k Server. What the text in the URL
> above says is that you need to administer it from a Windows XP
> computer in that case, and not from the W2k Server console.
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx

"Torgeir Bakken (MVP)" > a écrit dans le
message de ...
[...]
> Yes, you can manage Windows XP firewall with group policies even if
> the domain controller is only a W2k Server. What the text in the URL
> above says is that you need to administer it from a Windows XP
> computer in that case, and not from the W2k Server console.

Thanks, Torgeir.

I still a few more questions. If I understood I must install the new
templates on a Windows XP computer, right? Otherwise the .ADM files would
not be usable from Windows 2K machines, including the servers, right?

Network admins all have Windows 2000 Pro workstations. Usually we access and
edit Group Policies for the domain running snap-in "Active Directory Users
and Computers" on the domain controller from a remote TSC session. Should I
also copy that MMC snap-in onto the XP machine I'll use to edit policies for
XP machines?

Vince C.

Please discard this post.

Vince C.

Vince C. wrote:

> "Torgeir Bakken (MVP)" > a écrit dans le
> message de ...
> [...]
>
>>Yes, you can manage Windows XP firewall with group policies even if
>>the domain controller is only a W2k Server. What the text in the URL
>>above says is that you need to administer it from a Windows XP
>>computer in that case, and not from the W2k Server console.
>
>
> Thanks, Torgeir.
>
> I still a few more questions. If I understood I must install the new
> templates on a Windows XP computer, right? Otherwise the .ADM files would
> not be usable from Windows 2K machines, including the servers, right?
>
> Network admins all have Windows 2000 Pro workstations. Usually we access and
> edit Group Policies for the domain running snap-in "Active Directory Users
> and Computers" on the domain controller from a remote TSC session. Should I
> also copy that MMC snap-in onto the XP machine I'll use to edit policies for
> XP machines?
Hi

On a WinXP computer, you need to use this MMC snap-in:

Administration Tools Pack (adminpak)
http://www.microsoft.com/downloads/details.aspx?FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&DisplayLang=en


If you are about to deploy WinXP SP2 as well, you should take a look
at the following links:

Managing Windows XP Service Pack 2 Features Using Group Policy
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngintro.mspx

From: Mark Williams [MSFT] )
Subject: Windows XP Service Pack 2 .adm files available for download
http://groups.google.com/groups?selm=ujfVfT4lEHA.1244%40TK2MSFTNGP10.phx.gb l

From: Mark Williams [MSFT] )
Subject: Important information about XP SP2 .ADM Files
http://groups.google.com/groups?threadm=%233iFY5jfEHA.596%40TK2MSFTNGP11.ph x.gbl

From: Mark Williams [MSFT] )
Subject: XP SP2 ADM File-Related Fixes Available From PSS
http://groups.google.com/groups?threadm=utTaMLwfEHA.2592%40tk2msftngp13.phx .gbl

From: Mark Williams [MSFT] )
Subject: XP SP2 Version of Group Policy Reference Spreadsheet available
http://groups.google.com/groups?threadm=%23bTLC%23jfEHA.3676%40TK2MSFTNGP12 .phx.gbl



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx