Janek's weblog where all posts go to Eleven
All views and documentation expressed here are mine and not necessarily those of my employer.
Microsoft has announced to deliver a new service pack for Windows XP later this year. The most important parts of Service Pack 2 (SP2) - in my opinion - are the security enhancements, most notably the new Windows Firewall. The firewall is enabled by default which has consequences for every application that accepts inbound traffic. This includes
I have to deploy a application on Windows that exposes a management interface via HTTP. As such this application is impaired by the new firewall. Fortunately, Microsoft documents several methods to define excepted traffic. First, you can configure the firewall manually. This will obviously work. But in my experience, users - sometimes even administrators - in a small office/home office setting, which is the target market, have trouble when it comes to network configuration. That's why the new "firewall" context of the netsh command is great. Among the commands exposed by this context are:
Everything that could be done to the firewall can be configured using netsh. That makes it easy to carry out adjustments during installation.
I also like the possibility to configure the firewall with an API. In SP2, the firewall exposes a couple of COM interfaces with which an application can communicate directly with the firewall. Using the API, an application could open a port only when it's running. For a JAVA application, this is too much though.
For deploying firewall settings in a corporate environment, Microsoft recommends the use of Active Directory and the new Windows Firewall settings in Computer Configuration Group Policy. This method requires the use of Active Directory with either Windows 2000 or Windows Server 2003 domain controllers.
For more information about SP2 I recommend to check Microsoft's official resources.