Just to be accurate... During a DEFAULT fresh W2K3SP1 install "Post Setup Security Updates" protects the server by enabling WIndows Firewall until the first admin logon and the admin clicks the FINISH button. After that the WIndows Firewall will be DISABLED. Also remember there are several exceptions to take into account See below. The info can be found in "Changes to Functionality in Microsoft Windows Server 2003 Service Pack 1" Cheers, Jorge
Post-Setup Security Updates Detailed description If Windows Server 2003 with Service Pack 1 or later is installed as a new installation and Windows Firewall is not explicitly enabled or disabled using an unattended-setup script during the installation or by application of Group Policy, Windows Firewall will be enabled by default on first startup and logon in order to allow the administrator to securely download and install updates from Windows Update, and the Windows Server Post-Setup Security Updates screen will be shown. The Post-Setup Security Updates screen informs you that all inbound connections other than those specifically opened during setup or by policy settings, were blocked. On-by-default for new installations of Windows Server 2003 that include a service pack Detailed description Windows Firewall is on by default only during new installations of Windows Server 2003 that include a service pack (also known as a slipstream release). Windows Firewall provides network protection while users update their system with the latest patches using the new Post-Setup Security Updates feature. As soon as the updates are finished the firewall is turned off unless it was explicitly enabled. ________________________________ From: [EMAIL PROTECTED] on behalf of Brian Desmond Sent: Mon 9/26/2005 10:15 PM To: [email protected] Subject: RE: [ActiveDir] 2003 SP1 I think Windows Firewall is on by default on new 2003 SP1 installations. Check the properties of the NIC and see if it is. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pennell, Ronald B. Sent: Monday, September 26, 2005 3:54 PM To: [email protected] Subject: RE: [ActiveDir] 2003 SP1 On this same subject, is there anything in Service Pack (2003) that presents client systems from not being able to ping or join a domain? I have installed a new domain with 3 clients. Setting up DNS/WINS, etc. The Clients can ping each other, the router and switch, but not the new AD server. Server can ping everyone else. It just can't be pinged, or even recognized by anyone else. Ron Pennell IDA [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, September 26, 2005 3:42 PM To: [email protected] Subject: RE: [ActiveDir] 2003 SP1 Sorry for the delay in responding but the issues I keep hearing about center around the fact that the SCManager ACL has been locked down. So anything you have monitoring service states, etc may be impacted if they run as non-admins or don't directly ask for the service by name. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, Johnny Sent: Tuesday, September 06, 2005 2:15 PM To: [email protected] Subject: [ActiveDir] 2003 SP1 Good morning folks, I am entertaining the idea of applying SP1 to our 2003 domain controllers. I figured I would start with http://support.microsoft.com/kb/889101 but if you have any 1st hand knowledge of any issues, please let me know. For that matter, if you have a good link about applying 2003 SP1 to "member servers" please send it to me. I will probably assist with this task also. Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<winmail.dat>>
