Microsoft Windows Registry Guide, Second Edition
Configuring New Security Features
New enhancements are available in Microsoft Windows XP SP2 for improving the manageability and visibility of key security capabilities in personal computers. New enhancements include the following:
The new Windows Security Center feature tells you the status of three major security components: Windows Firewall, Automatic Updates, and Virus Protection.
Windows Security Center indicates whether key security capabilities are turned on and up to date. Windows Security Center notifies you when updates are required or when you must take additional steps to help make your computer secure.
You can manage Windows Security Center by using Active Directory Group Policy settings. By default, Windows Security Center is turned off in domain environments.
The following sections describe how you can configure Windows XP SP2 and Windows Server 2003 SP1 security features. These features include the new Windows Security Center (Windows XP) and Windows Firewall. The question I've been most frequently asked since the release of SP2 is how to configure these two features.
Security Center Alerts
The Windows Security Center displays alerts in popup balloons when the firewall, the virus scanner, or Automatic Updates is not configured properly or out of date. You see these alerts in the system tray. You can disable these alerts by using the registry. Table 8-2 describes the REG_DWORD values for each type of alert. You set these values in HKLM\SOFTWARE\Microsoft\Security Center. (Create the key and settings if they don't already exist.) For example, to prevent Windows Security Center from displaying alerts when the Windows Firewall is not enabled (a configuration that Microsoft recommends against), set FirewallDisableNotify to 0x01.
Name | Type | Values |
AntiVirusDisableNotify | REG_DWORD | 0x00–Disable AntiVirus alerts. 0x01–Display AntiVirus alerts. |
AntiVirusOverride | REG_DWORD | 0x00–Windows Security Center monitors AntiVirus. 0x01–Windows Security Center doesn't monitor AntiVirus. |
FirewallDisableNotify | REG_DWORD | 0x00–Disable firewall alerts. 0x01–Display firewall alerts. |
FirewallOverride | REG_DWORD | 0x00–Windows Security Center monitors the firewall. 0x01–Windows Security Center doesn't monitor the firewall. |
UpdatesDisableNotify | REG_DWORD | 0x00–Disable Automatic Update alerts. 0x01–Display Automatic Update alerts. |
Windows Firewall
Windows XP SP2 and Windows Server 2003 SP1 include the new Windows Firewall. Most companies and many enthusiasts will want to customize the Windows Firewall during installation. Microsoft provides three methods of doing so. The best way to manage Windows Firewall settings in a business environment is to use the new Windows Firewall Group Policy settings. This method requires the use of Active Directory with either Windows 2000 or Windows Server 2003 domain controllers. For more information, see http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/depfwset/wfsp2wgp.mspx.
The following list describes methods that don't require Group Policy:
- Unattended-setup answer file.
The unattended-setup answer file (unattend.txt) for Windows XP SP2 has options to configure Windows Firewall settings when running an unattended setup of Windows XP SP2.
- Netfw.inf.
The Netfw.inf file for Windows XP SP2 can configure the Windows Firewall by specifying a set of registry settings equivalent to the options available from the Windows Firewall component in Control Panel and through Windows Firewall Group Policy settings when a user is performing an interactive setup of Windows XP SP2.
- Netsh script.
To configure computers running Windows XP with SP2 after SP2 has been installed, you can have your users run a script file, such as a .BAT or a .CMD file, that contains the series of Netsh.exe commands to configure the Windows Firewall operational mode, allowed programs, allowed ports, etc.
- Custom configuration programs.
To configure computers running Windows XP with SP2 after Windows XP SP2 has been installed, you can have your users run a custom configuration program that uses the new Windows Firewall configuration APIs to configure the Windows Firewall for operation mode, allowed programs, allowed ports, and other settings.
For more information about using these options, see http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/depfwset/wfsp2ngp.mspx.
You can disable Windows Firewall by using the registry. The settings are in HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall. (Create the key and values if they don't already exist.) First, there are two subkeys: DomainProfile and StandardProfile. The settings in DomainProfile apply when the computer is currently connected to the domain. The settings in the StandardProfile apply when the computer isn't currently connected to the domain (a disconnected laptop computer, for example). Within each of those two subkeys, create the value EnableFirewall. Set this value to 0x00 to disable the firewall in that scenario, or set it to 0x01 to enable it.