Lost in all the focus on the security capabilities in Microsoft's Windows XP SP2 is the fact that there are about 700 new Group Policy settings that are valid when the upgraded desktop operating system is installed.
Overall, Group Policy is largely unchanged, other than the fact that there are several new functions that have policy settings that administrators can manipulate, said Jeremy Moskowitz, a Wilmington, Del.-based author and expert on Microsoft's Active Directory and Group Policy.
Moskowitz recommends that IT administrators go to Microsoft's Web site and download the spreadsheet to view the new Group Policy settings.
One of the
Administrators can turn their firewalls off, but that's something Microsoft doesn't recommend. An alternative is to create a hole in the firewall using a particular policy setting.
"Of course this means a port is now officially open, and it does give a toehold to some nasty programs," Moskowitz said. "Any time you open a port that is the case."
But Moskowitz said he believes that in many situations, the port should be open.
Finally, he said, administrators should be aware of a retroactive bug that will occur in older operating systems when using XP SP2 Group Policy definitions. The bug causes about 50 pop-up boxes to appear, each with a generic error message that informs the administrator that it doesn't understand the ADM (administrator) template. ADM files are used to set registry keys and values that administrators may want to control.
If you try to use ADM templates on the older operating systems, you'll need to apply a free hotfix that prevents the pop-ups, he said. For more information on Group Policy settings, visit www.GPAnswers.com.