Re: WXP SP2 Woes
From: Stuart Mackie [MCP, MSP] (newsgroups_at_--REMOVE_THIS-NO_SPAM--stu.uk.com)
Date: 08/19/04
- Next message: Pete: "NtBackup"
- Previous message: Aart Jansen: "Re: Replacing XP SP1 with XP SP2"
- In reply to: Steve Kemp: "Re: WXP SP2 Woes"
- Next in thread: Steve Kemp: "Re: WXP SP2 Woes"
- Reply: Steve Kemp: "Re: WXP SP2 Woes"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: WXP SP2 Woes"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 19 Aug 2004 23:34:52 +0100
Hi Steve. As Susan has mentioned call MS Support and ask them for the
Hotfix to resolve your error regarding the strings section being too long.
The patch is available for free but not publicly, only if you call.
In terms of the Symantec AV Exceptions as you know you will have to add the
exceptions. This is possible by GP, and you should be able to see the GP
settings to do this. They are located in
Computer Configuration
Administrator Templates
Network
Network Connections
Windows Firewall
Domain Profile
Just in case you haven't worked through the Symantec Documents yet, the
entries you will need to allow remote client deployment, remote
configuration of clients using Symantec System Centre, and the ability for
updates to be pushed to the clients are listed below (I run Symantec Corp
Edtn 9.0):
Windows Firewall: Define Program Exceptions -
%Program Files%\Symantec AntiVirus\Rtvscan.exe:[serverIP]:enabled:Symantec
Client Security Rtvscan
%Program
Files%\Symantec\LiveUpdate\LuComServer.exe:[serverIP]:enabled:Symantec
Client Security LuComServer
Windows Firewall: Define Port Exceptions
2967:UDP:[serverIP]:enabled:Symatec System Centre Control
(The symantec documets have an error and actually state TCP which is wrong.)
The only thing which I find irritating with the new GP options is that it
isn't possible to edit any of the above once you create them. If you make a
typo it has to be deleted and recreated. I'm not sure whether the Strings
Section too long patch is related to this, forgot to call and get it this
morning :)
-- Hth, Stuart Mackie [MCP, MSP] www.stu.uk.com "Steve Kemp" <SPAM_kempsl1154_SPAM@hotmail.com> wrote in message news:eu2ny1ihEHA.2620@TK2MSFTNGP10.phx.gbl... > See below > > "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net> > wrote in message news:uQ2MzbihEHA.4092@TK2MSFTNGP10.phx.gbl... >> 1. Get the hotfix and that will do the trick >> >> 842933 - "The following entry in the [strings] section is too long and >> has been truncated" error message when you try to modify or to view GPOs >> in Windows Server 2003, Windows XP Professional, or Windows 2000: >> http://support.microsoft.com/default.aspx?scid=kb;en-us;842933 >> >> It will be out on the download site pretty soon and yes, it's been >> tested. > > I can wait for the final hot fix if this is not related to my #2 issue... > >> 2. This is expected firewall behavior. If you have a console based A/V >> that has to have listen ports you will need to do this. They can't write >> a comprehensive all covering all knowing white paper.. this is why we're >> here. >> >> You have to either add the strings. They aren't going to do this for >> you. It's not going to be build into the group policy as Symantec uses >> one set, trend uses another listening port, Etrust another and so on. >> They'd have so many blasted holes poked it would be swiss cheese. >> >> Don't wait until this is "resolved", you have to resolve it. > > Add the strings? The GP tool does not have an entries for "Windows > Firewall: Define program exceptions" or Windows Firewall: Define port > exceptions". I could define these for the AV client if these were present, > but they are missing for some reason. OR do you mean there is some way to > add these missing settings (they are fully described in the white paper > and they also exist on the WinXPSP2 local GP tool... but missing on my > server)? > > I'd love to resolve it, and I have the documentation to resolve it, but it > would seem that I have a malfunctioning GPEDIT.MSC or system.adm template > file on my SBS2003. > > >> >> >> Steve Kemp wrote: >> >>> I am testing WXP SP2 on my SBS2003 network... I have also installed the >>> SBS2K3 hotfix for WinXPSP2 clients (KB 872769), this hotfix essentially >>> adds GP settings for the WXP client firewall. I have also read the >>> Deployment whitepaper for XP SP2 (KB 872769). >>> >>> Problems: >>> >>> 1. The GPEDIT.MSC complains about numerous strings being too long (a >>> result of the SBS hotfix). >>> 2. The Windows Firewall GP settings is missing a number of entries >>> described in the above whitepaper. Specifically I want to enable >>> Symantec AntiVirus Corporate Edition clients (through GP settings) to >>> communicate properly with my Symantec Antivirus server, which pushes >>> settings, virus definition updates etc. to the clients - Done through >>> the "Windows Firewall: Define program exceptions" setting. >>> >>> The MS knowledge base acknowledges the 1st problem (did they test the >>> hotfix? KB 842933), but not the second. Does anyone know if the two are >>> related? Has anyone else experience #2? Or is MS have their >>> documentation writers ahead of their developers? Is their a place I can >>> download a "system.adm" file that has the missing settting? I don't >>> relish the idea of having to run around manually setting firewall >>> settings, then also trying to remember to do the same everytime we add a >>> new system to the network. I will not roll out SP2 until issue #2 is >>> resolved. >>> >>> Cheers, >>> >>> Steve K. >> >> -- >> http://www.sbslinks.com/really.htm >> > >
- Next message: Pete: "NtBackup"
- Previous message: Aart Jansen: "Re: Replacing XP SP1 with XP SP2"
- In reply to: Steve Kemp: "Re: WXP SP2 Woes"
- Next in thread: Steve Kemp: "Re: WXP SP2 Woes"
- Reply: Steve Kemp: "Re: WXP SP2 Woes"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: WXP SP2 Woes"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
