|
論壇說明 |
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
|
主題工具 | 顯示模式 |
2004-08-17, 01:11 AM | #1 |
榮譽會員
|
IBM win XP SP2問題解決
IBM users are directed to not install SP2 at this time.
What is a Service Pack? Service packs are the means by which Microsoft Windows product updates are distributed. Service packs keep the product current, and extend and update your computer's functionality. Service packs include updates, system administration tools, drivers, and additional components. As you may have heard, Microsoft is preparing to make available Service Pack 2 (SP2) for Windows XP in mid-August of this year. IBM is directing users not to install Service Pack 2 due to known application problems. Microsoft recognizes that SP2 will change the behavior of Internet Explorer and cause some application incompatibilties. IBM's large number of web applications will need to be tested and some modified to work correctly with SP2. Currently some high profile, business critical applications are known to conflict with SP2. With SP2, Microsoft is also trying to dramatically tighten the level of security provided by the operating system. However, some of these efforts conflict with the security tools already in place in IBM. When the current issues and concerns have been addressed, IBM will migrate users to a customized version of SP2. Known Issues and Conflicts 1. Windows XP SP2 has yet to be fully tested. IBM has over 5,000 worldwide enterprise applications, many of which we must ensure work properly with SP2. The service pack contains data execution prevention code that marks all memory locations in a process as non-executable unless the location explicitly contains executable code. There is a class of attacks that attempt to insert and execute code from non-executable memory locations. Data execution prevention helps prevent these attacks by intercepting them and raising an exception. The result is that there may be some IBM applications that do not function properly. -------------------------------------------------------------------------------- 2. The new Windows Security Center introduced with this Service Pack conflicts with the standard client. The Windows Security Center is programmed to detect third party client firewall and antivirus programs, but it does not properly detect the version IBM has deployed. So while the Windows Security Center may imply that a machine is at risk or noncompliant, this is not necessarily the case. In addition, the functionality of the Windows Security Center is a duplication of IBM's Workstation Security Tool (WST). IBM Customizations IBM is creating registry keys to provide to users via ISSI that will disable the Windows Security Center, to prevent confusion related to its reporting. The registry values that will be added are: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 // Have MSC Stop Monitoring AV, FW, and AU "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 // Disable antivirus and firewall check at boot time -------------------------------------------------------------------------------- 3. Windows XP SP2 enables Automatic Updates by default. The standard IBM client for e-business comes with Windows Automatic Update (AU) disabled, in favor of the use of ISSI and EZUpdate. Although the benefit of enabling AU for home users is clear, many software packages are untested on the IBM client for e-business, which is why IBM does not use the function. IBM Customizations IBM is creating registry keys to provide to users via ISSI that will disable the Automatic Update utility, to prevent confusion related to its reporting. The registry values that will be added are: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update] "AUOptions"=dword:00000001 // Turn OFF Automatic Updates -------------------------------------------------------------------------------- 4. The Microsoft Firewall conflicts with the Zone Labs Integrity Desktop. The ZLID client firewall provides exceptional protection from known threats and malicious network activity. The Microsoft Firewall is enabled by default in SP2, causing a conflict and blocking applications that IBM has pre-programmed to allow through ZLID. IBM Customizations IBM is creating registry keys to provide to users via ISSI that will disable the Microsoft Firewall, to prevent confusion related to its reporting. The registry values that will be added are: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall"=dword:00000000 // Disable Firewall Policy for the Domain Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall"=dword:00000000 // Disable Firewall Policy for the Standard Profile Although testing indicates that the Microsoft Firewall and ZLID can function concurrently, there is no guarantee that a conflict will not occur. Both products operate as a shim in the network stack, which should cause a system conflict. The result of both firewalls running is that the Microsoft Firewall will generate pop-up alerts for applications already secured by ZLID. -------------------------------------------------------------------------------- 5. The Internet Explorer pop-up blocking feature breaks applications. While pop-up blocking is a feature for which many users want, some web applications depend on this pop-up feature. IBM is testing all web applications for compatibility and working with our external software vendors to remediate these and other issues relative to this new, forthcoming Service Pack for Windows XP. Microsoft's pop-up blocking technology prevents the the window.open() and showHelp() methods of opening a new window from functioning. However, a new user interface called InewWindowManager has been added to allow developers to request new windows for web applications. IBM Customizations IBM is creating registry keys to provide to users via ISSI that will disable the Internet Explorer 6 pop-up blocker which is no change from today's user experience. Users will still be able to enable the pop-up blocker via the user interface. The registry values that will be added are: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] "1001"=dword:00000001 "1004"=dword:00000001 "1200"=dword:00000000 "1809"=dword:00000003 // This and the following settings disable the Pop-Up Blocker, and sets the ActiveX Component handling to the Pre-SP2 style. The Pop-Up Blocker has some potential issues with CRM, e-meetings, etc. In detail: Setting 1001 = 1 means that the download signed ActiveX controls requires a prompt Setting 1004 = 1 means that the download unsigned ActiveX controls requires a prompt Setting 1200 = 0 means that the download signed ActiveX controls requires a prompt Setting 1809 = 3 means that the pop-up blocker is disabled // This set of four settings is repeated below for each Internet Zone and for both the Local Machine and the Current User [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] "1001"=dword:00000001 "1004"=dword:00000001 "1200"=dword:00000000 "1809"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] "1001"=dword:00000001 "1004"=dword:00000001 "1200"=dword:00000000 "1809"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] "1001"=dword:00000001 "1004"=dword:00000001 "1200"=dword:00000000 "1809"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] "1001"=dword:00000001 "1004"=dword:00000001 "1200"=dword:00000000 "1809"=dword:00000003 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] "1001"=dword:00000001 "1004"=dword:00000001 "1200"=dword:00000000 "1809"=dword:00000003 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] "1001"=dword:00000001 "1004"=dword:00000001 "1200"=dword:00000000 "1809"=dword:00000003 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] "1001"=dword:00000001 "1004"=dword:00000001 "1200"=dword:00000000 "1809"=dword:00000003 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] "1001"=dword:00000001 "1004"=dword:00000001 "1200"=dword:00000000 "1809"=dword:00000003 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] "1001"=dword:00000001 "1004"=dword:00000001 "1200"=dword:00000000 "1809"=dword:00000003 |
送花文章: 3,
|
2004-08-17, 05:46 PM | #2 (permalink) |
長老會員
|
這是啥東東ㄚ........
好像是一些登錄的東西 這是做啥用的 |
__________________ 金錢的數量,決定馬子的漂亮 硬碟的容量,決定男人的力量 製作Mail Logo按這裡 |
|
送花文章: 257,
|
|
|
相似的主題 | ||||
主題 | 主題作者 | 討論區 | 回覆 | 最後發表 |
理解 GNU/Linux | psac | 網路疑難應用技術研討區 | 13 | 2004-04-16 12:17 PM |
Win 2000硬碟與記憶體的調整 | psac | 系統 & 硬體安裝及故障判斷技術文件 | 0 | 2004-03-08 06:27 PM |
[求助]我的電腦被人入侵.灌了一個隱藏程式.它不時會跳出來.= | passingg | 一般電腦疑難討論區 | 14 | 2003-05-01 03:27 PM |