So XPSP2 has released. Finally. Its interesting that even though we have told everyone about it, gave them betas and RC's and all the deployment whitepaper stuff, Im now getting lots of questions about, “Look we're really concerned about this service pack and the firewall and DCOM/RPC lockdown, how can we deploy it without it breaking stuff”. I presented this stuff at TechEd last week. How timely. The firewall is there for a reason. So is the DCOM/RPC lockdown, and the popup blocker and extra security review and all that. Its to protect you and your business. A part of my session covered how you can leave the firewall up and allow the apps you have in your business to still communicate properly. You do it through central Group Policy control and add the apps to the exception list. You can turn off the dialog UI that warns the user that they app they just started requires ports to be open and block them until you unblock them through policy. In this way you can acheive a shields up deployment that mitigates the risk of the zero day attack by blocking any incoming traffic aside from what you specifically allowed. You still need to test your apps though to ensure that they arent using anonymous DCOM/RPC connections as these apps will have issues that will need rectifying.
In short I need to think about doing a webcast soon and Im thinking of doing this one again like I did at TechEd but with a few more gotchas and known issues thrown in. Sean Kaye said that while my session at TechEd was good he would have appreciated a bit deeper one. Should I do it? Give me feedback and tell me.