Windows Tip Sheet

Welcome to Win2003 SP1, Part 2

Windows Firewall's ease of use and centrally configurable settings makes it worth turning on.

• By Don Jones
• 05/11/2005

Windows Firewall—included in Windows XP SP2—is a major new feature of Win2003 SP1. Most administrators will probably leave Firewall in its default state—turned off. That’s understandable, because the thought of enabling a firewall on a server is scary: Shut down the wrong port and the boss will shut down your paycheck.

But Windows Firewall offers some awesome local protection for servers, and it is centrally controllable. Like WinXP, the Win2003 Windows Firewall comes complete with a whole raft of Group Policy settings that allow you to centrally configure and control the firewall. You’ll find them in Computer Configuration / Administrative Templates / Network / Network Connections / Windows Firewall. You can centrally ensure that Firewall is turned on, plus centrally configure any exceptions (open ports) you want the firewall to have for your servers.

And don’t forget that SP1’s new Security Configuration Wizard (SCW) can automatically configure the firewall for you: Just tell SCW what roles your server is performing (such as file server or domain controller) and it’ll configure the necessary Firewall exceptions to keep those roles functioning. Because the SCW generates templates, you can apply its results to any server fulfilling the same roles on your network. One-stop security for mere mortals!

More Resources:

• Follow this walkthrough to centrally configure your Windows Firewall.
• Read everything Microsoft’s written to date on SP1 here.
• Access updated Win2003 help (including SP1-related changes) here.