Computer Security




                    Notes          1.  Standard profile: Used by default in workgroup environments (computer not connected
                                       to a domain) and rejects all unsolicited inbound traffic.
                                   2.  Domain profile: Used by default in domain environments and allows exceptions based on
                                       installed Windows XP services and applications.
                                   So by using the sections specified above for your Unattend.txt file, you are defining a custom
                                   profile called TurnOffFirewall that disables Windows Firewall by default regardless of whether
                                   the computer belongs to a workgroup or a domain.

                                   Scenario 2

                                   To allow incoming traffic on TCP port 80 for an XP SP2 machine running as an intranet web
                                   server in a workgroup environment, add the following to your Unattend.txt file:
                                   [WindowsFirewall]
                                   Profiles=WindowsFirewall.Standard
                                   [WindowsFirewall.Standard]

                                   Type = 1
                                   Mode = 1
                                   Exceptions = 1
                                   PortOpenings = WindowsFirewall.WebServer

                                   [WindowsFirewall.WebServer]
                                   Protocol= 6
                                   Port = 80
                                   Name = Web Server (TCP 80)

                                   Mode = 1
                                   Scope = 1
                                   Here the Type = 1 entry defines a standard (non-domain) profile, Mode = 1 means the firewall is
                                   enabled, and Exceptions = 1 allows firewall exceptions. In the [WindowsFirewall.WebServer]
                                   section, the Protocol = 6 entry specifies a TCP port, the Port = 80 entry specifies TCP port 80 for
                                   inbound HTTP traffic, the Name entry specifies a friendly name that is displayed in the exceptions
                                   list, the Mode = 1 entry adds the exception to the list, and the Scope = 1 entry restricts inbound
                                   traffic on TCP port 80 to packets coming from other computers on the local subnet.




                                     Notes  You would typically include additional sections and entries to your Unattend.txt
                                     file for configuring things like firewall logging, domain profiles, and so on.

                                   Using Netfw.inf

                                   Another approach to deploying XP SP2 with customized Windows Firewall configurations is to
                                   customize the Netfw.inf file, which defines the default configuration of Windows Firewall
                                   including both the standard and domain profiles. This can be done either after installing XP SP2
                                   or before. If you have already installed XP SP2 on your desktops, you can customize the Netfw.inf
                                   file found in the %windir%\Inf folder on XP SP2 machines, for example as follows:




          164                               LOVELY PROFESSIONAL UNIVERSITY