0072257679_chapter_4

8/3/2019 0072257679_chapter_4

1/16

4Windows XP Service Pack 2

In this chapter youll find the answers to the following questions:

What is Service Pack 2 (SP2)?

Will SP2 make changes to any of my Windows XP applications?

Is there anything new in SP2 for networking?

How can I make it easier to set up a wireless network?

If I install SP2, will any of my applications stop working?

Where do I get SP2?

I hear that SP2 includes a firewall. What is it?

I use Windows Messenger a lot. What changes are there in SP2?

Will SP2 do anything to improve security in Internet Explorer or Outlook Express?

A Windows service pack incorporates bug fixes, security improvements, and featureenhancements with the target operating system. Most of the bug fixes and securityimprovements in a service pack have typically been released as individual updates priorto the release of the service pack, and are available from the Windows Update web site athttp://windowsupdate.microsoft.com. See Chapter 3 for a discussion of Windows Updateand other methods for keeping your system current.

Microsoft recently released Windows XP Service Pack 2 (SP2), which includes several newfeature changes and enhancements. This chapter explores the new features offered by SP2.

NOTENOTE This chapter offers an overview of SP2s features. These features are covered in more detailthroughout the book where applicable. Look for the SP2 icon in the margin to identify discussionof SP2 features. The changes in SP2 for Tablet PC are fairly significant and are covered inChapter 10.

Network ProtectionThere are several changes and enhancements in SP2 to improve and add security fornetworking in Windows XP. This section of the chapter explores these new features.

61

CHAPTER

Presented by:

Reproduced from the book Windows XP Answers from the Experts. Copyright 2005, The McGraw-Hill

Companies, Inc.. Reproduced by permission of The McGraw-Hill Companies, Two Penn Plaza, NY, NY10121-2298. Written permission from The McGraw-Hill Companies, Inc. is required for all other uses.
http://techrepublic.com.com/http://techrepublic.com.com/http://dw.com.com/redir?oid=&destCat=&ontId=&lop=tr.dl.mgh&siteId=&destUrl=http%3A%2F%2Fbooks.mcgraw-hill.com%2Fgetbook.php%3Fisbn%3D0072257679http://dw.com.com/redir?oid=&destCat=&ontId=&lop=tr.dl.mgh&siteId=&destUrl=http%3A%2F%2Fbooks.mcgraw-hill.com%2Fgetbook.php%3Fisbn%3D0072257679http://dw.com.com/redir?oid=&destCat=&ontId=&lop=tr.dl.mgh&siteId=&destUrl=http%3A%2F%2Fbooks.mcgraw-hill.com%2Fgetbook.php%3Fisbn%3D0072257679http://dw.com.com/redir?oid=&destCat=&ontId=&lop=tr.dl.mgh&siteId=&destUrl=http%3A%2F%2Fwww.mcgrawhill.com%2Fhttp://techrepublic.com.com/

8/3/2019 0072257679_chapter_4

2/16

8/3/2019 0072257679_chapter_4

3/16

PART

I

C h a p t e r 4 : W i n d o w s X P S e r v i c e P a c k 2 63

PART

I

PART

I

the Security tab, and click Edit under the Launch and Activate Permissions or the Access

Permissions control groups. The Launch Permissions dialog box (Figure 4-1) shows thesenew permissions.

RPC Interface RestrictionRemote Procedure Call (RPC) enables a client computer to submit a request to execute acall (application procedure) on a remote server and have the server return the results to theclient. The RPC service in Windows XP enables a Windows XP computer to function as anRPC server.

Windows XP SP2 incorporates a handful of changes to the RPC service to improvesecurity and reduce the computers attack from RPC-based exploits. In particular, the RPCservice now provides some measure of control over how clients can initiate RPC requests.You can now add the registry value HKEY_LOCAL_MACHINE\ SOFTWARE\Policies\Microsoft\Windows NT\RPC\RestrictRemoteClients setting and set it to one of the

following three values:

0 This is the default behavior in Windows XP SP1 and earlier. The system bypassesthe new interface restrictions added by SP2.

1 This is the default value for SP2. The computer rejects all anonymous RPC callsunless a particular RPC interface registers a security callback and provides theRPC_IF_ALLOW_CALLBACKS_WITH_NO_AUTH flag. The restriction then doesnot apply to that RPC interface.

FIGURE 4-1 SP2 supports new permissions for COM components.

8/3/2019 0072257679_chapter_4

4/16

64 P a r t I : U p g r a d i n g , C o n t r o l l i n g , a n d T r o u b l e s h o o t i n g

2 This value rejects all remote anonymous RCP calls, regardless of the RPC_IF_ALLOW_CALLBACKS_WITH_NO_AUTH flag. This setting effectively disablesanonymous RPC.

NOTENOTE RPC calls that use the named pipe protocol sequence are exempt from the interface accessrestrictions.

Another change in SP2 for RPC is the way remote clients initiate an RPC session. InWindows XP SP1 and earlier, the RPC Endpoint Mapper on the server computer is availablethrough anonymous calls, enabling remote clients to anonymously request an endpoint toinitiate a session. The registry setting HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC\EnableAuthEpResolution on the client computer causesthe client to use NT LAN Manager (NTLM) authentication to request an endpoint from theRPC server. Set this value to 1 to enable authentication or to 0 to use anonymous calls to theEndpoint Mapper on the RPC server.

WebDAV RedirectorWeb-based Distributed Authoring and Versioning (WebDAV) is a standard that definesextensions to HTTP, which enable users to remotely and collaboratively edit and managefiles stored on a server that supports WebDAV. For example, Microsoft Windows SharePointServices 2003 supports WebDAV. The WebDAV redirector in Windows XP is the operatingsystem component that enables Windows XP systems to access WebDAV shares as if theywere standard Server Message Block (SMB) remote shares, such as file shares hosted by afile server.

A potential security risk in Windows XP SP1 and earlier is that if the server is configuredto support basic authentication, the users credentials could be transmitted across thenetwork in clear text, enabling any computer on the network to sniff those credentials.Windows XP SP2 adds the capability to disable basic authentication for the WebDAVredirector. If basic authentication is disabled, Windows XP SP2 either uses a differentauthentication method if its supported by the server or fails the request.

If you need to enable basic authentication, add the registry DWORD setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services \WebClient\Parameters\UseBasicAuth and set it to 1. The default value of 0 disables basic authentication. You canalso use the registry DWORD setting HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel, set to a valueof 1, to disable basic authentication over nonsecure channels. With this option set to 1, basicauthentication is supported only for Hypertext Transfer Protocol over Secure Socket Layer(HTTPS) and Secure Socket Layer (SSL).

Windows FirewallYou might be familiar with Internet Connection Firewall (ICF) in Windows XP SP1 andearlier. This simple firewall enables you to configure filters that control which ports areexposed and can receive incoming traffic. For example, you might block all ports except 80(HTTP), 53 (DNS), 110 (POP3), and 443 (SSL) to allow a computer to browse the Web and

8/3/2019 0072257679_chapter_4

5/16

PART

I


PART

I

PART

I

retrieve e-mail from a Post Office Protocol3 (POP3) server but nothing else. ICF is disabled

by default, which means it does not block any incoming traffic until you enable andconfigure it.

In Windows XP SP2, Windows Firewall replaces ICF (Figure 4-2). Unlike ICF, WindowsFirewall is enabled by default on all interfaces when you install SP2. There are several otherchanges in Windows Firewall, described in the following sections.

TIPTIP To configure Windows Firewall on a network interface, open the Network Connections folder,right-click the interface, and choose Properties. Then, click the Advanced tab and click Settings.For details on configuring the firewall, see the section Using a Firewall in Chapter 12.Chapter 17 also offers tips on configuring a firewall to work with Remote Assistance and RemoteDesktop Connection.

Boot-Time SecurityDuring the boot process, a computer can be open to attack even when a local firewallapplication is installed. This window of opportunity is open between the time the systemloads and initializes its network drivers and when the firewall is started. SP2 addressesthis potential problem by providing a boot-time firewall configuration that blocks allbut the most basic network traffic (such as Domain Name System (DNS), Dynamic HostConfiguration Protocol (DHCP), and application of group policy). These boot-time filters

FIGURE 4-2 Windows Firewall replaced ICF in SP2.

8/3/2019 0072257679_chapter_4

6/16


are enabled when the Windows Firewall is enabled. If Windows Firewall is disabled,

Windows XP provides no boot-time firewall filtering.

NOTENOTE Boot-time firewall filtering cannot be modified. After the boot process is complete and theWindows Firewall service is started, the boot-time filters are unloaded and the regular filters,which can be modified, are loaded.

Global ConfigurationPrior to SP2, the ICF supported separate configurations per the type of network interface.For example, a wireless connection would have a separate firewall configuration from a LANinterface. Changes made to one interface did not affect the other, which potentially made itdifficult for users, particularly novices, to configure a consistent and secure firewall setup.

SP2 provides global configuration for all network interfaces in Windows Firewall. When

you add an interface, that interface takes on the configuration of the existing interface.A change to the global configuration affects all interfaces. However, you can still makechanges on a per-interface basis if needed.

Local Subnet RestrictionA subnet is a segment of an IP network. An example of a range of addresses in a commonprivate subnet is 192.168.0.1 through 192.168.0.254. If yours is a small network, you likelyonly have one subnet. Larger networks often have several subnets. All of the computers in asubnet form a logical group for routing network traffic.

SP2 adds the capability to restrict incoming traffic to one of three sources for anyparticular interface:

My network (subnet) only Use this option to specify that incoming traffic fora specified port is allowed only if the traffic comes from a computer on the same

subnet as your own (such as in your workgroup or in your Active Directory domain).This option enables you to open a port for traffic that is used by computers on yournetwork without exposing that same port to the Internet.

Any computer (including those on the Internet) Use this option to allow incomingtraffic on the port from any source, whether its a local subnet or the Internet.

Custom list Use this option to explicitly specify the individual computers, rangeof IP addresses, or subnets from which traffic will be allowed on the specified port.

TIPTIP You configure scope for each port, rather than for the interface as a whole. This means that someports can receive traffic from any address, some can be restricted to your local subnet, and somecan be restricted to a custom list, as needed.

Command-Line SupportMicrosoft introduced a new Netsh command-line interface for Windows Firewall with theAdvanced Networking Pack. SP2 introduces yet another update to Netsh to enable you toconfigure Windows Firewall for both IPv4 and IPv6 traffic.

8/3/2019 0072257679_chapter_4

7/16

PART

I


PART

I

PART

I

On with No Exceptions ModeThis mode directs Windows Firewall to close any static holes (opened ports) and dropall connections through those ports. This mode has the effect of dropping all unsolicitedincoming traffic and essentially locking down the interface without having to actuallyreconfigure ports. Changes made to the configuration in this mode are stored but notapplied until the firewall is set back to the standard On state.

Windows Firewall Exception ListsMany server applications must listen for incoming traffic from all remote hosts on a broadrange of ports because the server application does not know the location of the client and,in some cases, does not know what port the client will use. It can be difficult to configure afirewall to support these situations and still maintain security.

SP2 addresses this problem by providing per-application exception lists. An applicationon the exception list can listen on the network for incoming traffic even if the target port is

blocked for incoming traffic. Windows can then open ports as needed for the application,and do so regardless of the security context of the application (for example, the applicationneed not run in the context of the administrator account). The benefit to this new structureis that Windows controls the ports rather than the application. If the application hangs,Windows can still close the ports.

Multiple ProfilesIf you work with a portable computer, its likely that you have different needs for firewallprotection depending on your current connection to the network. For example, if yourcomputer sits behind a corporate firewall when you are in the office, you probably dontneed your own firewall. At the very least, you dont need as strict a configuration as you dowhen your computer is connected to a public network.

Support for multiple profiles in SP2s Windows Firewall enables you to specify differentfirewall configurations for different situations. However, your computer must be a domain

member to use multiple profiles. Workgroup computers have a single profile.

RPC SupportICF prior to SP2 does not allow RPC traffic, which is required for services such as fileand print sharing, remote administration, and others. Windows Firewall with SP2 treatsRPC differently. An RPC server application can request that Windows Firewall open thenecessary ports as long as the application is running in the Local System, Network Service,or Local Service security contexts. In addition, you can configure the RPC application on theexceptions list to enable it to accept incoming traffic on dynamic ports.

Restore Defaults and Unattended SetupWindows Firewall in SP2 gives you the capability to easily restore the firewall configurationto its default, out-of-the box configuration. This simplifies the task of resetting the firewallto its default settings. You can also modify the default settings.

In addition to allowing you to specify the default firewall configuration, WindowsFirewall also allows you to specify the desired custom firewall configuration during anunattended installation. You can configure the operational mode, applications on theexception list, static ports on the exception list, Internet Control Message Protocol (ICMP)options, and logging.

8/3/2019 0072257679_chapter_4

8/16


Group Policy SupportAn important consideration for enterprise users and administrators is the capability tocontrol Windows Firewall with group policy. Previously, ICF was supported by only onegroup policy, which disabled the firewall for the client computer s DNS domain. WindowsFirewall in SP2, however, can be fully configured by group policy, enabling administratorsto control the firewall on a granular level (site, domain, organizational unit, or local).

TIPTIP See Configuring Windows Firewall with Group Policy in Chapter 12 for detailed informationon controlling the firewall with group policy.

Other ChangesWindows Firewall introduces a handful of other changes as well as those Ive alreadydescribed. For example, Windows Firewall will allow a unicast response for three secondson the same port from which the multicast or broadcast traffic came. This change makes it

possible for applications and services to alter firewall policy as necessary to accommodateclient/server scenarios that use multicast and broadcast traffic without unnecessarilyexposing ports.

In addition, Windows Firewall now supports IPv4 and IPv6 traffic through a singleservice, which simplifies firewall configurationyou dont have to configure two separategroups of settings. The user interface has also been simplified and enhanced to make iteasier to configure the firewall settings.

Windows Media PlayerSP2 automatically installs Windows Media Player version 9 (Figure 4-3), which incorporatesseveral feature and security improvements. If you install SP2 on an existing Windows XPinstallation, Setup backs up the current version and enables you to remove version 9 afterSP2 installation is complete. If you install SP2 as part of a new installation over an existing

Windows XP installation, you will not be able to remove version 9 and restore the previousversion.

TIPTIP See Getting the Most from Media Player in Chapter 7 for more details on using WindowsMedia Player and learning how to back up licenses prior to installing SP2.

Windows MessengerSP2 introduces a handful of changes to Windows Messenger, the online chat and desktopconferencing application included with Windows XP. First, Windows Messenger with SP2blocks file transfers if the sender is not on your Contacts list and the file is on the unsafefile list maintained by Internet Explorer 6 (and also used by Outlook Express). If the senderis on your Contacts list, Windows Messenger prompts you to decide what action (open or

save) to take with the file based on the file type.

TIPTIP See Windows Messenger in Chapter 7 to learn more about the new features in WindowsMessenger and how to configure the unsafe file list.

8/3/2019 0072257679_chapter_4

9/16

PART

I


PART

I

PART

I

Another change in Windows Messenger is that it requires a user display name that isdifferent from the users e-mail address. This change helps mitigate the possibility that avirus could extract the e-mail address from the text files that store your conversations (ifyou save them). In addition, because Windows Firewall is enabled by default, you mustconfigure it to allow Windows Messenger traffic (although the default Windows Firewallconfiguration places Windows Messenger on the exceptions list).

Wireless Networking ImprovementsNot too many years ago, wireless networks were few and far between. Now, you can hookyour PDA or notebook into a wireless hot spot in the malls food court, airports, coffeeshops, hotel lobbies, and many other places. Windows XP greatly simplified wirelessnetworking; SP2 adds even more refinements.

Wireless Provisioning ServicesWireless Provisioning Services in SP2 integrates with changes being introduced in WindowsServer 2003 SP1 to simplify wireless client network setup and access. These changes not

FIGURE 4-3 Windows Media Player supports streaming audio, video, and other multimedia playback.

8/3/2019 0072257679_chapter_4

10/16


only simplify identification and signup for wireless hotspots, but they also provide better

security by integrating authentication and encryption in the connection process. WirelessProvisioning Services also enables information about wireless networks and hotspots to beupdated automatically, which makes it easy for you to connect to a newly added hotspot ifyou already have an account with a wireless provider.

Wireless Network Setup WizardSP2 adds a Wireless Network Setup wizard that helps users configure wireless devices. Thewizard stores the information as XML data on a removable device such as a Universal SerialBus (USB) flash drive, and you migrate the settings to the other computers on the networkwith that removable device. You can print the data for configuring those devices that dontsupport the automatic XML-based configuration from the wizards data.

Memory Exploit ProtectionMany viruses and worms use a common exploit to run malicious code on a computer:executing code in nonexecutable memory locations. Newer processors from Intel and AMDprovide the capability to mark virtual memory pages as executable. When an applicationattempts to run code in a nonexecutable area of memory, a processor exception occurs.

Applications and drivers that generate code dynamically and do not mark code withexecute permissions will generate an exception error and the process will fail. This meansthat it is possible that some applications will not work properly after SP2 is installed. Toovercome that problem temporarily, you can use one of two switches to start Windows XP:

/NOEXECUTE This switch starts Windows XP with data execution prevention(DEP) enabled. Code attempting to run from pages not marked as executable willfail.

/EXECUTE This switch starts Windows XP with data execution preventiondisabled (similar to Windows XP SP1 and earlier). Use this switch if you haveseveral applications that fail to work properly with SP2.

You can also use compatibility settings to enable a single application to disable DEP,which enables Windows XP SP2 to run with DEP enabled for all other applications.

TIPTIP Youll find additional information about the Application Compatibility Toolkit at http://www.microsoft.com/windows/appcompatibility/default.mspx.

Outlook Express ImprovementsWindows XP SP2 makes a few changes in Outlook Express to reduce spam, provide better

handling of HTML messages, and provide improved attachment checking for applicationsthat interact with Outlook Express.To help reduce spam, Outlook Express includes a new feature that blocks external

Hypertext Markup Language (HTML) content until you explicitly download it (Figure 4-4).Some spammers include links to remote content in messages so that when you view themessage, that content is downloaded from the server and your e-mail address is verified as

8/3/2019 0072257679_chapter_4

11/16

PART

I


PART

I

PART

I

valid. Blocking the external content prevents those spammers from validating your e-mailaddress. You can configure Outlook Express to allow external content downloads, if youprefer.

TIPTIP Blocking external content can also reduce online time. When you are viewing a message offlinewith Outlook Express in SP2, it will not try to connect to the Internet to retrieve the HTMLcontent.

You can configure Outlook Express to render received messages using plain text, whichhelps eliminate the possibility of HTML script exploits. In SP2, Outlook Express makes iteasier to view safe HTML messages when plain text mode is enabled. You can click on amessage and choose View, Message in HTML to render the message using HTML.

Finally, Outlook Express includes an Attachment Execution Service Application

Programming Interface (API) that supports attachment checking for Outlook Express aswell as external applications. So, applications that need to check an attachment in yourOutlook Express mail store can call the AES API rather than incorporate code withinthe application itself to accomplish the same task. The AES API is, therefore, targeted atdevelopers rather than end users.

FIGURE 4-4 Outlook Express, like Outlook 2003, blocks web beacons (external HTML content).

8/3/2019 0072257679_chapter_4

12/16


TIPTIP See Chapter 15 to learn more about SP2 features in Outlook Express.

Internet Explorer Changes and ImprovementsSP2 incorporates many changes and enhancements for Internet Explorer (IE) to improvebrowsing and add security. The following list summarizes the new features. These featuresare explored in more detail in Chapter 14.

Download, attachment, and authenticode enhancements SP2 makes changesto IE to make downloading and file checking safer and more consistent, enablingyou to block files from specific publishers and have IE prompt you for others. IEalso provides additional information about add-on publishers to help you decidewhether to install an add-on.

Internet Explorer add-on management and crash detection SP2 adds an interfacefor viewing and managing IE add-ons (Figure 4-5). IE also attempts to detect crashescaused by add-ons and displays that information if possible, giving you the chanceto block the add-on. SP2 adds a handful of group policies to enable administratorsto configure these settings.

FIGURE 4-5 IE provides an interface for viewing and managing add-ons.

8/3/2019 0072257679_chapter_4

13/16

PART

I


PART

I

PART

I

TIPTIP See http://www.boyce.us/gp for a searchable database of group policy settings. Internet Explorer binary behaviors security setting Binary behaviors are a feature

introduced in IE 5.x that enable site developers to build functions for the Web thatcan modify HTML tags and resulting behaviorwithout exposing the underlyingcode on the page as a script. By default, IE blocks binary behaviors in the RestrictedSites zone.

Internet Explorer BindToObject mitigation SP2 applies the ActiveX securitymodel to all cases where URL binding is used to create an instance of and toinitialize an object. This change helps mitigate several IE exploits.

Internet Explorer Information Bar This new IE interface element appears betweenthe toolbars and web page area of the browser and displays information related tosecurity, pop-up blocking, and similar warning and status information (Figure 4-6).

The Information Bar becomes hidden again when you navigate away from the pagethat generated the error or warning.

Internet Explorer feature control security zone settings SP2 adds a handfulof additional settings to IE to help prevent certain exploits, These include mimesniffing, which enables IE to detect file type based on bit signature rather thanfile extension; changes to prevent privilege elevation; and the restriction of script-initiated pop-up windows. These settings can be configured on a zone-by-zone basisas well as through group policy.

Internet Explorer settings in group policy Several new group policy settingsare added to enable administrators to control security settings in IE across theenterprise.

FIGURE 4-6 The Information Bar displays messages related to security, content blocking, and otherinformation.

Information bar

8/3/2019 0072257679_chapter_4

14/16


Internet Explorer local machine zone lockdown SP2 imposes additional security

restrictions on the local machine zone to help mitigate exploits that attempt toelevate privileges and gain access to the local file system and other resources.

Internet Explorer MIME handling enforcement SP2 adds features to IE thathelp prevent Multipurpose Internet Mail Extension (MIME)related exploits. Forexample, IE now performs additional checks before it will open a served file andwill not elevate the privileges of the file if the MIME types registered application isunable to load the file. IE can also now employ MIME sniffing to determine file typebased on bit signature rather than file extension.

Internet Explorer object caching IE with SP2 no longer allows a page to accessobjects cached from another site. This change helps prevent the exposure of userdata to malicious sites.

Internet Explorer pop-up blocker SP2 adds a pop-up blocker to IE that blocks

background and automatic (scripted) pop-ups but allows pop-ups from clickedlinks (Figure 4-7). The pop-up blocker is on by default but can be disabled, usercustomized, and controlled by group policy. IE always blocks pop-ups that arelarger than or outside of the viewable desktop.

Internet Explorer untrusted publishers mitigations IE with SP2 now offers usersthe capability to block all signed content from specific publishers. This featureblocks the content without repeated prompts and also blocks the installation of codewithout valid signatures.

FIGURE 4-7 IE now includes a built-in pop-up blocker.

8/3/2019 0072257679_chapter_4

15/16

PART

I


PART

I

PART

I

Internet Explorer window restrictions IE with SP2 imposes restrictions on the

capability to open windows outside of the viewable area of the desktop. Thesechanges help protect against malicious sites that attempt to hide site content fromthe user. In addition, the status bar is always enabled for all windows.

Internet Explorer zone elevation blocks IE with SP2 prevents the security contextfor any link on a page from being higher than the overall security context of the rootURL. This feature also blocks JavaScript navigation where the security context isabsent.

Windows XP Configuration and Setup ChangesSP2 incorporates several changes that affect Windows XP setup, configuration, and updates.The following list provides an overview of these features, which are covered in more detailthroughout this book where applicable:

Filter for Add or Remove Programs Windows XP with SP2 adds a check box tothe Add or Remove Programs applet that enables the user to decide whether servicepacks and updates appear in the list of installed components. By default, servicepacks and updates are hidden. You can disable this feature with a registry value orgroup policy setting.

Microsoft Windows Update Services and Automatic Updates Microsoft hasadded support for deploying driver updates and updates to Office applications,SQL Server, and Exchange Server with the Windows XP Automatic Updates feature.This feature works in conjunction with Windows Update Services running onWindows Server 2003.

TIPTIP See Chapter 3 for a complete discussion of Windows Update. See http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx for information about Windows Update Services.

Resultant Set of Policy (RSoP) RSoP enables administrators to view the result ofgroup policy settings that are applied to a user or group for a selected computer.The Group Policy Management Console (GPMC) can request RSoP informationfrom a target computer to display the resultant policies. Because Windows Firewallis enabled by default on SP2, you must make a few changes to support RSoP dataacross the network. See Management Changes for SP2 in Chapter 13 for details onresolving this issue.

Security Center The Security Center applet in the Control Panel provides a singlelocation from which users can view security-related configuration information andaccess settings for Windows Firewall and Automatic Updates. Security Center can

also detect if an antivirus application is installed and notify you of the antivirusapplication status. See Using and Controlling the Security Center in Chapter 12for details.

Setup SP2 Setup incorporates several new switches for the Update.exe packageinstaller. See Chapter 3 for a discussion of these switches.

8/3/2019 0072257679_chapter_4

16/16


Windows Installer 3.0 SP2 includes version 3.0 of the Windows Installer service,

which is a standard mechanism for installing applications. See Chapter 3 for adiscussion of the changes in Windows Installer 3.0.

Reproduced from the book Windows XP Answers from the Experts. Copyright 2005, The McGraw-Hill

Companies, Inc.. Reproduced by permission of The McGraw-Hill Companies, Two Penn Plaza, NY, NY

10121 2298 Written permission from The McGraw Hill Companies Inc is required for all other uses
http://dw.com.com/redir?oid=&destCat=&ontId=&lop=tr.dl.mgh&siteId=&destUrl=http%3A%2F%2Fbooks.mcgraw-hill.com%2Fgetbook.php%3Fisbn%3D0072257679http://dw.com.com/redir?oid=&destCat=&ontId=&lop=tr.dl.mgh&siteId=&destUrl=http%3A%2F%2Fbooks.mcgraw-hill.com%2Fgetbook.php%3Fisbn%3D0072257679http://dw.com.com/redir?oid=&destCat=&ontId=&lop=tr.dl.mgh&siteId=&destUrl=http%3A%2F%2Fbooks.mcgraw-hill.com%2Fgetbook.php%3Fisbn%3D0072257679

0072257679_chapter_4

Documents