Skip to main content

Office of Information Technology (OIT)

UT Arlington
OIT: Office of Information Technology

helpdesk@uta.edu ·  Work Order · 817-272-2208 · System Status

We are your IT partner!

OIT Standard Settings for Windows XP SP2 Firewall

Description:

Note: This information primarily applies to the Windows XP SP2 Firewall and is intended for an audience with intermediate to advanced Windows knowledge. Similar settings for Windows 2000 is outside of the scope of this document.

The primary ways to prevent Windows XP from being compromised by viruses, worms, and other malicious code is to 1) Keep the Windows XP patched with all critical updates. 2) Run an anti-virus software like Forefront Client Security and keep the virus definitions up to date. and 3) Turn on the Firewall that is installed as a part of Windows XP Service Pack 2 (SP2). This document provides information on Windows XP SP2 Firewall and how it is configured by OIT. For more information on Windows updates and Anti-Virus software, click here.

It is an OIT standard to require the Windows XP SP2 Firewall be turned on and maintain the default installation configuration if possible. The Firewall is installed as a part of Windows XP Service Pack 2 (SP2). It is automatically turned on and should not be turned off or disabled. The Firewall is configured so that most programs will not be allowed to accept unsolicited communications from the Internet unless a program or port is explicitly chosen to be listed as exceptions. You must have Administrator permissions to add, enable, disable, or remove Firewall exceptions. Default installation settings for Firewall exceptions are shown:

Firewall Default Exception Settings:

Programs and Services Exception Setting Function
File and Printer Sharing Disabled Uses TCP Ports 139 and 445, UDP Ports 137 and 138. Allow workstation files and printers to be shared via the network.
Remote Desktop Disabled Uses TCP Port 3389. Allows you to log into your machine from a remote location.
Remote Assistance Enabled Allows an exception for: sessmgr.exe.  Allow a user from another location to connect to your computer to assist with a problem.
UPnP Framework Disabled Required to discover Plug-n-Play devices on the Network.

*** Remote Assistance is the only exception that is enabled on initial installation ***

When a computer is added to the UT Arlington Domain, additional exceptions are added. These exceptions supersede†the original default settings and are implemented through the usage of Domain Group Policies, and cannot be changed. Group Policy Exceptions are subject to change as the need arises. Domain Group Policy exceptions are as shown:

Firewall Group Policy Settings:

Programs and Services  Exception Setting Function
Chat Enabled Uses TCP Port 2703. Required by System Management Server, SMS, for Remote Tools.
File and Print Sharing Enabled Uses TCP Ports 139 and 445, UDP Ports 137 and 138. Allow workstation files and printers to be shared via the network. Required by System Management Server, SMS.
File Transfer Enabled Uses TCP Port 2704. Required by System Management Server, SMS, for Remote Tools.
General Contact Enabled Uses TCP Port 2701. Required by System Management Server, SMS, for Remote Tools.
Help Control Center RA Enabled Allows an exception for: helpctr.exe.  Required by System Management Server, SMS, for Remote Assistance.
HTTP Enabled Uses TCP Port 80. Required by Required by System Management Server, SMS.
Messaging Enabled Uses TCP Port 138. NETBIOS Datagram Service. Required by Required by System Management Server, SMS
Name Resolution Enabled Uses TCP Port 137. NETBIOS Datagram Service. Required by Required by System Management Server, SMS.
Remote Assistance Enabled Allows an exception for: helpsvc.exe. Required by System Management Server, SMS, for Remote Assistance.
Remote Control Enabled Uses TCP Port 2702.  Required by System Management Server, SMS, for Remote Tools.
Remote Desktop Enabled Uses TCP Port 3389. Required by System Management Server, SMS, for Remote Desktop.
RPC Enabled Uses TCP Port 135. Required by System Management Server, SMS, for Remote Assistance.
TPC GC Connection Enabled Uses TCP Port 3268. Required by Active Directory services.
TCP LDAP Enabled Uses TCP Port 389. Required by Active Directory services.
TCP LDAP SSL Enabled Uses TCP Port 636. Required by Active Directory services.
UDP LDAP Ping Enabled Uses UDP Port 389. Required by Active Directory services.

If for any reason additional deviations to the standard setting are required [i.e. programs or databases do not work due to a disabled port in the firewall], contact the manufacturer of the program, if required, to obtain the port setting, and implement the change to the Firewall as an exception. Any software supported by the Desktop Support Group requiring exceptions, must be documented on the software pages, as well as to why the deviations are required, how they are implemented, and made available to the Help Desk for future reference.

Windows (XP SP2) Firewall Frequently Asked Questions

Available To:

  • Students Admitted to UT Arlington

System requirements: Windows