Fog Creek Software
Discussion Board




Deploying XP SP2 without the firewall?


Surely there is a way to deploy XP SP2 with the firewall disabled, right? From the little reading I've done so far, the best I can see is to deploy it, then disable it after it's been installed.

Whenever we decide to roll out SP2, we'll be doing it using SUS. Since all of our users are laptop users, we can't guarantee that everyone will be picking up the update at the same time since half of our users might be on the road, etc.

One plan was to use Active Directory to push out the registry entry to disable the firewall. However, we aren't sure about the timing. What happens if the computer gets the reg entry first, then installs XP SP2. Will AD push the reg entry down again after SP2 changes it?

A much better solution would be to just have SP2 not install the firewall, but that doesn't look like an option.

Any ideas?

John Tarkin
Tuesday, August 17, 2004

I CLAIM THIS THREAD ON BEHALF OF GNAA!

Sebrof Sinned
Tuesday, August 17, 2004

Distributing a reg file entry would work.

You could probably do it somehow with the group policy objects too, but I haven't actually checked.

You could also install it, configure it, then Ghost it.

FREE PENIS ENLARGEMENT
Tuesday, August 17, 2004

"You could also install it, configure it, then Ghost it.

Of course, Ghost is one of the 50 apps that break once XP SP2 is installed with the firewall.

The Chicken? Or the Egg?
Tuesday, August 17, 2004

LOL, I did not know that. Surely they will fix that soon...

I am Jack's surprise
Tuesday, August 17, 2004

Ghost only breaks if you're trying to do things across networks, because the firewall ports will be blocked.

Take it for what it is, and don't make it look like there's a bug.

Capn' Kirk
Tuesday, August 17, 2004

There's likely a reg key already set for something like this, at least for unattended setup. MS is very good with things like that.

Matt B
Tuesday, August 17, 2004

"Take it for what it is, and don't make it look like there's a bug."

Um...Mr. Gates, is that you? Awfully defensive, aren't we?

Nobody said it was a bug, but rather a feature that they don't want enabled for various reasons. Not everyone, particularly corporate users, want the firewall enabled.

That doesn't mean they are slamming MS, so get your panties out of a wad.

Yo
Tuesday, August 17, 2004

"because the firewall ports will be blocked."

The firewall ports? What the fuck are you talking about?

Simian
Tuesday, August 17, 2004

It also doesn't mean that "SP2 breaks Ghost", since it sounds like all it takes to allow GhostCasting (unless somehow the firewall prevents taking an image of a local harddrive) is to turn the firewall on or allow a rule to open the port.

Matt B
Tuesday, August 17, 2004

"Ghost is one of the 50 apps that break once XP SP2 is installed with the firewall"

This statement implies that the fault is SP2 that Ghost or the other 50 apps don't work.  If you read MS's article, you'll see they are referring to apps that use ports that will be blocked, but many use this to imply the "MSCrap" montra.

For the foul mouthed, Ghost supports saving/retrieving images across networks, so it does use ports.  Gee, if you can't even write without swearing...

Capn' Kirk
Tuesday, August 17, 2004

Last I heard, this was configurable via group policy - is that not still so?

Greg Hurlman
Tuesday, August 17, 2004

OK, I'm not crazy:

http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1&displaylang=en

Page 14 of that doc, the Group Policy section:
Disabling the Use of Windows Firewall Across Your Network

Greg Hurlman
Tuesday, August 17, 2004

*  Recent Topics

*  Fog Creek Home