Microsoft KB Archive/872769

= You cannot configure Windows Firewall settings or Security Center settings on a Windows XP Service Pack 2-based client computer that is in a Windows Small Business Server 2003-based network =

Article ID: 872769

Article Last Modified on 1/31/2007

-

APPLIES TO


 * Microsoft Windows Small Business Server 2003 Standard Edition
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows XP Service Pack 2

-





SYMPTOMS
After you install Microsoft Windows XP Service Pack 2 (SP2) on a client computer, you may experience the following symptoms when you log on to the network:  Windows Firewall is disabled. You cannot use the Windows Firewall tool in Control Panel to turn on Windows Firewall or to configure Windows Firewall settings on the Windows XP SP2 client computer. When you try to configure Windows Firewall settings, some options are appear dimmed, and you may receive the following message:

For your security, some settings are controlled by Group Policy.

You experience this symptom even if you previously clicked On (recommended) in the Windows Firewall dialog box to turn on Windows Firewall. You cannot use the Security Center item in Control Panel on the Windows XP SP2 client computer to manage security settings.

Note These symptoms occur if either of the following conditions is true:
 * You install Windows XP SP2 on a client computer that is located in a Microsoft Windows Small Business Server (SBS) 2003-based network.
 * You have joined a client computer that is running Windows XP SP2 to a Windows SBS 2003-based network



CAUSE
This issue occurs because Group Policy in Windows Small Business Server 2003 disables Windows Firewall for client computers that are running Windows XP Professional.



Service pack information
To resolve this problem, obtain the latest service pack for Microsoft Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to obtain the latest Windows XP service pack

Update information
An update is available for Windows Small Business Server 2003 that configures the Group Policy settings for Windows Firewall on Windows XP SP2-based computers. After you install this update, Group Policy will enable Windows Firewall on Windows XP SP2-based computers. Additionally, Group Policy will configure required exceptions in Windows Firewall to make it possible for Windows XP SP2-based computers to access network resources.

Be aware that Windows Firewall settings will continue to be dimmed in the Security Center and in the network properties of the client computers because these settings are configured by Group Policy.

To install this update, follow these steps:  Install the Windows Small Business Server 2003 Update for Windows XP SP2. To obtain this update, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyId=D70097C2-4317-40E0-B7DA-FEB52C6B6386&displaylang=en

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. The Windows Small Business Server 2003 Update for Windows XP SP2 includes the System.adm file. In Windows XP SP2, this Group Policy administrative template file manages Windows Firewall.

Note You do not have to restart the server after you apply this update. However, to update Group Policy on the Windows XP SP2-based client computers, either restart the client computers or run the gpupdate /force command on the client computers. If you want to modify the Group Policy setting that is configured when you installed the Windows Small Business Server 2003 Update for Windows XP SP2 in step 1, install the hotfix that is described in the following Microsoft Knowledge Base article:

842933 &quot;The following entry in the [strings] section is too long and has been truncated&quot; error message when you edit or view Group Policy in Windows Server 2003, in Windows XP, or in Windows 2000



Note Install both the Windows Small Business Server 2003 Update for Windows XP SP2 and the hotfix that is described in the article 842933 only if you want to modify the Group Policy setting that is configured when you installed the Windows Small Business Server 2003 Update for Windows XP SP2. If you do not install the hotfix that is described in article 842933 after you install the Windows Small Business Server 2003 Update for Windows XP SP2, you receive the following error message when you try to manage Group Policy settings:

The following entry in the [strings] section is too long and has been truncated.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section. This problem was first corrected in Microsoft Windows XP Service Pack 2.

<div class="moreinformation_section">

MORE INFORMATION
After you install the Windows Small Business Server 2003 Update for Windows XP SP2 update, you can use the security features that are included in Windows Firewall on a computer that is running Windows XP SP2. The update changes the default Group Policy setting in Windows Small Business Server 2003 to enable Windows Firewall on client computers that are running Windows XP Professional SP2. Additionally, the update opens the ports and makes it possible to use the program exceptions that Windows Firewall requires to work with the features that are included in Windows Small Business Server 2003. After you install the update, Windows Firewall is enabled on client computers that are running Windows XP Professional SP2. However, note that Internet Connection Firewall remains disabled on client computers that are running Windows XP Professional Service Pack 1 (SP1) or earlier.

The update does not include the .adm files that you must have to manage the additional Windows XP SP2 settings for Internet Explorer and Windows Update. You use the Inetres.adm file and the Wuau.adm file to manage Internet Explorer and Windows Update settings. To manage the Windows XP SP2 settings for Internet Explorer and Windows Update, install the Windows Server 2003 Administration Tools Pack on a Windows XP SP2-based computer. You can then manage the Group Policy settings from the Windows XP SP2 computer that is running the Administration Tools. For additional information about the Windows Server 2003 Administration Tools Pack, visit the following Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&displaylang=en

<div class="references_section">