XPSP2 and my TechEd session

So XPSP2 has released. Finally. Its interesting that even though we have told everyone about it, gave them betas and RC's and all the deployment whitepaper stuff, Im now getting lots of questions about, “Look we're really concerned about this service pack and the firewall and DCOM/RPC lockdown, how can we deploy it without it breaking stuff”. I presented this stuff at TechEd last week. How timely. The firewall is there for a reason. So is the DCOM/RPC lockdown, and the popup blocker and extra security review and all that. Its to protect you and your business. A part of my session covered how you can leave the firewall up and allow the apps you have in your business to still communicate properly. You do it through central Group Policy control and add the apps to the exception list. You can turn off the dialog UI that warns the user that they app they just started requires ports to be open and block them until you unblock them through policy. In this way you can acheive a shields up deployment that mitigates the risk of the zero day attack by blocking any incoming traffic aside from what you specifically allowed. You still need to test your apps though to ensure that they arent using anonymous DCOM/RPC connections as these apps will have issues that will need rectifying.

In short I need to think about doing a webcast soon and Im thinking of doing this one again like I did at TechEd but with a few more gotchas and known issues thrown in. Sean Kaye said that while my session at TechEd was good he would have appreciated a bit deeper one. Should I do it? Give me feedback and tell me.

Comments (1)

  1. William Luu says:

    Perhaps another way to go about things is doing an installfest on Virtual Machines at User Groups of the Beta/RC products that can effect other 3rd party software.

    Sort of like how the ADNUG are going to hold a Whidbey one?

    I think part of the reason that there isn’t many users out there that did do an install of XP SP2 Betas/RCs, is 1) No time 2) No spare computers lying around.

    Personally, I installed it on the spare computer at home, and then tried it on my own laptop later on. (Well, RC2 anyway…)

Skip to main content