WindowsXP SP2 防火墙设置说明Word文件下载.docx
- 文档编号:20609063
- 上传时间:2023-01-24
- 格式:DOCX
- 页数:60
- 大小:645.06KB
WindowsXP SP2 防火墙设置说明Word文件下载.docx
《WindowsXP SP2 防火墙设置说明Word文件下载.docx》由会员分享,可在线阅读,更多相关《WindowsXP SP2 防火墙设置说明Word文件下载.docx(60页珍藏版)》请在冰豆网上搜索。
TheinformationcontainedinthisdocumentrepresentsthecurrentviewofMicrosoftCorporationontheissuesdiscussedasofthedateofpublication.BecauseMicrosoftmustrespondtochangingmarketconditions,itshouldnotbeinterpretedtobeacommitmentonthepartofMicrosoft,andMicrosoftcannotguaranteetheaccuracyofanyinformationpresentedafterthedateofpublication.
Thisdocumentisforinformationalpurposesonly.MICROSOFTMAKESNOWARRANTIES,EXPRESSORIMPLIED,ASTOTHEINFORMATIONINTHISDOCUMENT.
Complyingwithallapplicablecopyrightlawsistheresponsibilityoftheuser.Withoutlimitingtherightsundercopyright,nopartofthisdocumentmaybereproduced,storedinorintroducedintoaretrievalsystem,ortransmittedinanyformorbyanymeans(electronic,mechanical,photocopying,recording,orotherwise),orforanypurpose,withouttheexpresswrittenpermissionofMicrosoftCorporation.
Microsoftmayhavepatents,patentapplications,trademarks,copyrights,orotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.ExceptasexpresslyprovidedinanywrittenlicenseagreementfromMicrosoft,thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarks,copyrights,orotherintellectualproperty.
Theexamplecompanies,organizations,products,peopleandeventsdepictedhereinarefictitious.Noassociationwithanyrealcompany,organization,product,personoreventisintendedorshouldbeinferred.
©
2004MicrosoftCorporation.Allrightsreserved.
Microsoft,Windows,WindowsNT,andActiveDirectoryareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.
Thenamesofactualcompaniesandproductsmentionedhereinmaybethetrademarksoftheirrespectiveowners.
Contents
Overview1
NewFeaturesofWindowsFirewall1
EnabledbyDefaultforAlloftheConnectionsoftheComputer1
NewGlobalConfigurationOptionsthatApplytoAllConnections2
NewWindowsFirewallComponentofControlPanel2
NewOperatingMode3
StartupSecurity3
IncomingTrafficScoping3
ExceptedTrafficCanBeSpecifiedbyProgramFilename3
Built-inSupportforIPv64
NewConfigurationOptions4
ConfigurationUsingGroupPolicySettings5
WindowsXPSP2andtheImpacttoEnterpriseNetworks5
AllowingUserstoInstallWindowsXPSP2fromWindowsUpdate7
UsingWindowsXPSP2WindowsFirewallandIPSec7
DeployingWindowsFirewallSettingsWithGroupPolicy9
Step1:
UpdatingYourGroupPolicyObjectsWiththeNewWindowsFirewallSettings9
Step2:
SpecifyingWindowsFirewallSettingsforYourGroupPolicyObjects11
RecommendedSettingsforWindowsFirewallGroupPolicySettings13
GroupPolicySettingsinMixedWindowsXPEnvironments13
DeployingWindowsFirewallSettingsWithoutGroupPolicy15
AppendixA:
WindowsFirewallGroupPolicySettings17
WindowsFirewall:
AllowAuthenticatedIPSecBypass17
ProtectAllNetworkConnections19
DoNotAllowExceptions20
DefineProgramExceptions21
AllowLocalProgramExceptions23
AllowRemoteAdministrationException24
AllowFileandPrintSharingException25
AllowICMPExceptions27
AllowRemoteDesktopException28
AllowUPnPFrameworkException29
ProhibitNotifications30
AllowLogging31
ProhibitUnicastResponsetoMulticastorBroadcastRequests32
DefinePortExceptions33
AllowLocalPortExceptions35
AppendixB:
NetshCommandSyntaxfortheNetshFirewallContext37
addallowedprogram37
setallowedprogram38
deleteallowedprogram39
seticmpsetting39
setmulticastbroadcastresponse40
setnotifications41
setlogging41
setopmode42
addportopening42
setportopening43
deleteportopening44
setservice45
showcommands46
reset46
AppendixC:
DeployingWindowsFirewallSettingsinaWindowsNT4.0Domain47
AppendixD:
AllowingRemoteAssistanceSupport48
EnablingSolicitedRemoteAssistance48
EnablingOffer-basedRemoteAssistance48
AppendixE:
ExampleofUsingtheUnattend.txtFile49
AppendixF:
ExampleofUsingtheNetfw.infFile51
AppendixG:
PortNumbersforMicrosoftApplicationsandServices52
Summary53
RelatedLinks54
Overview
WindowsXPServicePack2(SP2)includestheWindowsFirewall,areplacementforthefeaturepreviouslyknownastheInternetConnectionFirewall(ICF).WindowsFirewallisastatefulhostfirewallthatdropsallunsolicitedincomingtrafficthatdoesnotcorrespondtoeithertrafficsentinresponsetoarequestofthecomputer(solicitedtraffic)orunsolicitedtrafficthathasbeenspecifiedasallowed(exceptedtraffic).ThisbehaviorofWindowsFirewallprovidesalevelofprotectionfrommalicioususersandprogramsthatuseunsolicitedincomingtraffictoattackcomputers.WiththeexceptionofsomeInternetControlMessageProtocol(ICMP)messages,WindowsFirewalldoesnotdropoutgoingtraffic.
NewFeaturesofWindowsFirewall
InWindowsXPSP2,therearemanynewfeaturesfortheWindowsFirewall,includingthefollowing:
Enabledbydefaultforalloftheconnectionsofthecomputer
Newglobalconfigurationoptionsthatapplytoallconnections
NewWindowsFirewallcomponentofControlPanel
Newoperatingmode
Startupsecurity
IncomingtrafficscopingforIPv4
Exceptedtrafficcanbespecifiedbyprogramfilename
Built-insupportforIPv6
Newconfigurationoptions
Configurationusinggrouppolicysettings
EnabledbyDefaultforAlloftheConnectionsoftheComputer
InWindowsXPwithServicePack1(SP1)andWindowsXPwithnoservicepacksinstalled,ICFisdisabledbydefaultforallconnections,unlessenabledforanInternetconnectionbytheNetworkSetupWizardorInternetConnectionWizard.YoucanmanuallyenableICFthroughasinglecheckboxontheAdvancedtabofthepropertiesofaconnection,fromwhichyoucanalsoconfigurethesetofexceptedtrafficbyspecifyingTransmissionControlProtocol(TCP)orUserDatagramProtocol(UDP)ports.
WindowsFirewallinWindowsXPSP2isgloballyenabledbydefault.Thismeansthat,bydefault,alltheconnectionsofacomputerrunningWindowsXPwithSP2haveWindowsFirewallenabled,includingLAN(wiredandwireless),dial-up,andvirtualprivatenetwork(VPN)connections.NewconnectionsalsohaveWindowsFirewallenabledbydefault.
AlthoughthisprovidesmoreprotectionforWindowsXP-basedcomputers,thisdefaultbehaviorcanhaveconsequencesfortheinformationtechnology(IT)departmentofanorganizationnetworkwithregardstoapplicationcompatibilityandtheabilitytomanagethecomputersonthenetwork.Formoreinformation,see"
WindowsXPSP2andtheImpacttoEnterpriseNetworks"
inthisarticle.
NewGlobalConfigurationOptionsthatApplytoAllConnections
WindowsFirewallinWindowsXPSP2allowsyoutoconfiguresettingsthatapplytoalltheconnectionsofthecomputer(globalconfiguration).InWindowsXPwithSP1andWindowsXPwithnoservicepacksinstalled,ICFsettingsareconfiguredperconnection,whichmeansthatifyouwanttoenableICFonmultipleconnectionsandconfigureexceptedtraffic,youmustconfigureeachconnectionseparately.WhenyouchangeaglobalWindowsFirewallsetting,thechangeisappliedtoalltheconnectionsonwhichWindowsFirewallisenabled.
WindowsFirewallinWindowsXPSP2alsoallowsper-connectionconfiguration.Connection-specificconfigurationoverridesglobalconfiguration.
NewWindowsFirewallComponentofControlPanel
ThesettingsforICFinWindowsXPwithSP1andWindowsXPwithnoservicepacksinstalledconsistoftheProtectmycomputerandnetworkbylimitingorpreventingaccesstothiscomputerfromtheInternetcheckboxontheAdvancedtabofthepropertiesofaconnection,andaSettingsbuttonfromwhichyoucanconfigureexceptedtraffic,loggingsettings,andexceptedICMPtraffic.
InWindowsXPSP2,thecheckboxontheAdvancedtabofthepropertiesofaconnectionhasbeenreplacedwithaSettingsbutton,whichlaunchesthenewWindowsFirewallcomponentinControlPanel,fromwhichyoucanconfiguregeneralsettings,exceptionsforprograms(applicationsandservices),connection-specificsettings,logsettings,andexceptedICMPtraffic.ThefollowingfigureshowsthenewWindowsFirewalldialogbox.
YoucanalsoconfigureWindowsFirewallfromthenewSecurityCenter.
ForadetaileddescriptionofthesettingsandoptionsofthenewWindowsFirewallcomponentinControlPanel,seeManuallyConfiguringWindowsFirewallinWindowsXP
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- WindowsXP SP2 防火墙设置说明 防火墙 设置 说明