Changes to Functionality in Microsoft Windows XP Service Pack 2
Part 2: Network Protection Technologies
Microsoft Corporation
Published: September 15, 2004
Authors: Starr Andersen, Technical Writer; Vincent Abella, Technical Editor
This document is Part 2 of “Changes to Functionality in Microsoft Windows XP Service Pack 2” and provides detailed information about the network protection technologies included in Microsoft® Windows XP Service Pack 2. You can obtain the other parts of the paper in the Microsoft Download Center, at http://go.microsoft.com/fwlink/?LinkId=28022.
This document applies to Microsoft Windows® XP Service Pack 2 (SP2) for the 32-bit versions of Windows XP Professional and Windows XP Home Edition. It does not describe all of the changes that are included in the service pack, but instead highlights those changes that will have the most impact on your use of Windows XP SP2 and provides references to additional information that may be available.
Alerter and Messenger Services
What do the Alerter and Messenger Services do?
Who does this feature apply to?
What existing functionality is changing in Windows XP Service Pack 2?
Alerter and Messenger Services Disabled
Bluetooth
What does Bluetooth do?
Client Administrative Tools
What do the client administrative tools do?
Who do these features apply to?
Remote connectivity
DCOM Security Enhancements
What does DCOM do?
What new functionality is added to this feature in Windows XP Service Pack 2?
Computerwide restrictions
More specific COM permissions
What settings are added or changed in Windows XP Service Pack 2?
TCP/IP
What does TCP/IP do?
Restricted traffic over raw sockets
Limited number of simultaneous incomplete outbound TCP connection attempts
Winsock self-healing
New Winsock Netsh commands
RPC Interface Restriction
What does RPC Interface Restriction do?
RestrictRemoteClients Registry Key
EnableAuthEpResolution Registry Key
New RPC Interface Registration Flags
Do I need to change my code to work with Windows XP Service Pack 2?
WebDAV Redirector
What does WebDAV Redirector do?
Disabling Basic Authentication over a clear channel
WININET: Disabling Basic Authentication over a clear channel
Windows Firewall
What does Windows Firewall do?
On-by-Default
Boot time security
Global configuration
Port restrictions
Command-line support
“On with no exceptions” operational mode
Windows Firewall Exceptions List
Multiple Profiles
RPC support for System Services
Restore Defaults
Unattended Setup support
Enhanced multicast and broadcast support
Integration of Internet Connection Firewall and IPv6 Windows Firewall
Updated Netsh Helper
Updated user interface
New Group Policy support
Outbound connections
Unsolicited inbound connections for applications
Inbound connections for services
Inbound connections on RPC and DCOM ports for System Services
Windows Media Player
What does Windows Media Player do?
Windows Media Player 9 Series
Windows Messenger
What does Windows Messenger do?
Block Unsafe File Transfers
Required User Display Name
Windows Messenger and Windows Firewall
Wireless Provisioning Services
What does Wireless Provisioning Services do?
Wireless Network Registration Wizard
Wireless Network Setup Wizard
What does Wireless Network Setup Wizard do?
Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 2: Network Protection Technologies 46
The Alerter and Messenger services are components of Windows that allow simple messages to be communicated between computers on a network. The Messenger service relays messages from different applications and services, while the Alerter service is intended specifically for administrative alerts.
Administrators that communicate with their users should be aware of the changes to these services. In addition, developers that use these services to notify users about events or broadcast messages on the network should be aware of these changes. Although these changes apply to all computers running Microsoft Windows XP Service Pack 2, only computers connected to a network are affected.
Detailed description
In previous versions of Windows, the Messenger service is set to start automatically and the Alerter service is set to manual start. In Windows XP Service Pack 2, both of these services are set to Disabled. No other changes are made to these services.
Why is this change important? What threats does it help mitigate?
When the services are started, they allow incoming network connections and present an attack surface. This elevates their security risk. Also, these services are used infrequently in current computing environments. Because of the additional attack surface that the services present, and their limited general use, they are now disabled by default.
What works differently? Are there any dependencies?
Any applications or services that use the Alerter or Messenger services to communicate with the user will not be successful by default.
How do I resolve these issues?
There are two possible avenues to resolve the issue. The recommended resolution is to revise the software to use another method to communicate with the user. This allows you to communicate with the user with enhanced security, without having to use the Alerter or Messenger services.
The second way is to have the application start the Alerter or Messenger service before making use of its services. Information on starting services can be found in online Help and in MSDN. For an example, see “Using the Services Administrative Tool to Configure Services” on the Microsoft Web site at http://go.microsoft.com/fwlink/?LinkId=25974.
If your code makes use of the Messenger or Alerter services, you may need to change your code. For more information, see “How do I resolve these issues?” above.
Bluetooth® wireless technology is a low cost, short-range wireless specification for connecting mobile devices and is available in a wide variety of devices. Support for Bluetooth wireless technology is included in Windows XP Service Pack 2. This support was not previously available directly from Microsoft. It is included now because customers requested that this technology be added to the core Windows operating system.
With this release, you can:
· Connect a Bluetooth device to a computer.
· Create a wireless desktop with a Bluetooth keyboard and mouse.
· Transfer files to or from a Bluetooth device.
· Print to a Bluetooth printer.
· Connect to a computer network or the Internet through a Bluetooth mobile phone.
· Set up an Internet Protocol (IP) connection to the Internet through a Bluetooth mobile phone.
If the appropriate Microsoft or non-Microsoft software programs are installed on Windows XP, you can also perform other operations with Bluetooth devices, such as:
· Synchronizing contacts and calendars with a Bluetooth mobile phone or personal digital assistant (PDA).
· Reading coordinates from a GPS receiver.
This release also has support for these Bluetooth profiles:
· Personal Area Networking (PAN). Enables IP connections over Bluetooth wireless technology.
· Hard Copy Replacement Profile (HCRP). Enables printing.
· Host Interface Device (HID). Enables Bluetooth keyboards, mice, and joysticks.
· Dial-Up Networking. Enables Bluetooth mobile phones to work as modems.
· Object Push Profile (OPP). Enables file transfers.
· Virtual COM ports (SPP). Enables legacy programs to communicate with Bluetooth devices.
In addition, these Bluetooth features are included:
· Selective suspend. Reduces the power consumption of Bluetooth transceivers connected to the computer by means of a Universal Serial Bus (USB) connection.
· Boot-mode keyboards. Enables specifically-configured Bluetooth keyboards to work with the BIOS.
If no Bluetooth transceiver is present on the system, there is no change to the system's behavior. When a Bluetooth device that is approved by the Windows Hardware Quality Labs (WHQL) is present, Bluetooth support is enabled.
When Bluetooth support is enabled, you can find changes in Network Connections in Control Panel. In addition, a new Control Panel item called Bluetooth Devices has also been added. You will also find a Bluetooth icon in the taskbar notification area. When you click this icon, you will see a menu of Bluetooth tasks you can perform. You can also start the new Bluetooth File Transfer Wizard. To do this, click Start, point to Accessories, point to Communications, and then select Bluetooth File Transfer Wizard.If an existing non-Microsoft Bluetooth driver is installed, upgrading to Windows XP Service Pack 2 does not cause the existing driver to be replaced. It can be replaced later, either manually or programmatically.
For complete documentation on Bluetooth in Windows XP Service Pack 2, see online Help.
The client administrative tools are a set of Microsoft Management Console (MMC) snap-ins that allow you to administer users, computers, services, and other system components on local and remote computers. Two system-generated dialog boxes that these snap-ins use for management are Select Users, Computers, or Groups and ...
Amiga789