News Stay informed about the latest enterprise technology news and product updates.

XP refresh gives rise to plethora of Group Policy settings

An expert offers advice on how to navigate the hundreds of new Group Policy settings for Windows XP Service Pack 2.

Lost in all the focus on the security capabilities in Microsoft's Windows XP SP2 is the fact that there are about 700 new Group Policy settings that are valid when the upgraded desktop operating system is installed.

Overall, Group Policy is largely unchanged, other than the fact that there are several new functions that have policy settings that administrators can manipulate, said Jeremy Moskowitz, a Wilmington, Del.-based author and expert on Microsoft's Active Directory and Group Policy.

Moskowitz recommends that IT administrators go to Microsoft's Web site and download the spreadsheet to view the new Group Policy settings.

One of the

For more information

Check out a Group Policy Learning Guide


See why Group Policy's complexity sows fear in many


most important changes is that the firewall in SP2 is on by default, and all inbound client communication is stopped, Moskowitz said. That means you cannot use any of the Resultant Set of Policy (RSoP) tools because the client will deny you, he said.

Administrators can turn their firewalls off, but that's something Microsoft doesn't recommend. An alternative is to create a hole in the firewall using a particular policy setting.

"Of course this means a port is now officially open, and it does give a toehold to some nasty programs," Moskowitz said. "Any time you open a port that is the case."

But Moskowitz said he believes that in many situations, the port should be open.

Finally, he said, administrators should be aware of a retroactive bug that will occur in older operating systems when using XP SP2 Group Policy definitions. The bug causes about 50 pop-up boxes to appear, each with a generic error message that informs the administrator that it doesn't understand the ADM (administrator) template. ADM files are used to set registry keys and values that administrators may want to control.

If you try to use ADM templates on the older operating systems, you'll need to apply a free hotfix that prevents the pop-ups, he said. For more information on Group Policy settings, visit

Dig Deeper on Windows legacy operating systems

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.