Educause Security Discussion mailing list archives

Windows XP ICF and Outlook XP

From: "Barros, Jacob" <jkbarros () GRACE EDU>
Date: Fri, 7 May 2004 17:12:28 -0500

We'd like to start deploying Windows XP using the built in Internet
connection firewall campus wide, but in testing noticed that our Outlook
XP clients are not 'automatically' sending or receiving mail. When you
manually send/receive or navigate between any folders within the
exchange mailbox, mail flow is fine. Right now we have Outlook clients
set to send / receive every minute, and that works, but users are
complaining.

After reading a post on the Neohapsis archive, we've used TCP view and
found that the Exchange server makes UDP connections with each client
when started. The problem is that the UDP port(s) it uses are never the
same. Windows ICF isn't configurable to the point of including
wildcards, nor can I set it to except all traffic from a specific host.
At least I don't know a way.

Microsoft sort of acknowledges that it's a problem. Their fix is to
change the Exchange server to only communicate on static ports... which
makes sense but scares me because it's a registry hack.
http://support.microsoft.com/default.aspx?kbid=270836

Anyone using this configuration? Can I anticipate my Exchange server to
panic if I hack the registry? Client problems? Has anyone tried it?

Do you even view this as a problem? Is this a legitimate issue or should
I just tell my users to deal? I want to make security as painless as
possible but I also don't mind telling them that this is just the way
that it will be.

Any advice, technical or interpersonal, would be helpful.

In a semi-related note I have a pre-release of XP sp2 loaded and running
on my desktop and I think it's great. Includes a built in pop-up
blocker in IE, the ICF is a BIG step up from sp 1, and it hasn't locked
or choked at all. Only issue I've seen is the one mentioned above.
Anyone else have input?

Jake Barros
Grace College

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at
http://www.educause.edu/cg/.

Current thread:

Windows XP ICF and Outlook XP Barros, Jacob (May 07)
- <Possible follow-ups>
- Re: Windows XP ICF and Outlook XP Jason Richardson (May 07)
- Re: Windows XP ICF and Outlook XP Wehner, Paul (wehnerpl) (May 10)