I have some update related to XP SP2 impact. This impact assessment is based on XP SP2 RC2 release.Develper documentation related to Windows Firewall for XP SP2 is still not in proper shape. hope this helps.
1 Terminology used
NBT: NetBIOS over TCP/IP
SMB: Server Message Block
RTM : Release to market
2 Impact and changes required
1. How Do I programmatically enable ports or applications
Add in following references to VB app.
NetFWTypeLIb
NetCon 1.0 type Lib (c:\Winnt\system32\hnetcfg.dll)
Script for enabling app
Dim objFirewall As INetFwMgr
Dim objAuthApp As INetFwAuthorizedApplication
' Enable Application
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objAuthApp = CreateObject("HNetCfg.FwAuthorizedApplication")
Set objProfile = objFirewall.LocalPolicy.CurrentProfile
objAuthApp.Name = "Cry for Windows"
objAuthApp.ProcessImageFileName = "C:\Program Files\Common Files\Manage.exe"
objAuthApp.Enabled = False
objAuthApp.IpVersion = NET_FW_IP_VERSION_ANY
objAuthApp.Scope = NET_FW_SCOPE_ALL
objProfile.AuthorizedApplications.Add objAuthApp
'Enable Port
Dim objPort As INetFwOpenPort
Set objPort = CreateObject("HNetCfg.FwOpenPort")
objPort.Name = "DCOM"
objPort.Port = 888
objPort.Scope = NET_FW_SCOPE_LOCAL_SUBNET
objPort.Protocol = NET_FW_IP_PROTOCOL_TCP
objPort.Enabled = True
objProfile.GloballyOpenPorts.Add objPort
References
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ics/ics/windows_firewall_start_page.asp
http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall_devimp.aspx
2. SQL Server on Windows XP SP2
Reason of the impact
When windows firewall in installed on Windows XP it blocks all inbound network traffic. It blocks SQL server connectivity as well.
How will i fix it?
Enable TCP port 445 by changing the network connection setting.
Reference
http://support.microsoft.com/default.aspx?scid=kb;en-us;839269
How to enable SQL Server connectivity on Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?scid=kb;en-us;841251
How to manually enable TCP/IP on Windows XP Service Pack 2 for SQL Server 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;841252
You may not be able to connect to an instance of SQL Server that is configured to use the TCP/IP server network library on a computer that is running Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?scid=kb;en-us;841394
3. Computer Management
What is impacted?
Event Viewer, Shutdown computer of computer
Reason of the impact
The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445. If the server has NBT enabled, it listens on UDP ports 137, 138, and on TCP ports 139, 445. If it has NBT disabled, it listens on TCP port 445 only.
When windows firewall in installed on Windows XP it blocks all inbound network traffic
How will i fix it?
Enable TCP port 445 by changing the network connection setting.
4. Windows firewall messages
What is impacted?
User may see windows firewall messages for some action performed by app
Reason of the impact
This is due to inbound network request generated by some api in your calls
How will i fix it?
add the application in the blocking or unblocking exception list.
5. Enabling WMI on the machine
What is impacted?
WMI, Remote administration
Reason of the impact
By default, the Firewall blocks all incoming RPC traffic.
How will i fix it?
Windows Firewall includes a Remote Administration option that alters its configuration to allow Remote Procedure Call (RPC) and Distributed Component Object Model (DCOM) communication. Enabling Remote Administration option statically opens TCP 135 and TCP 445 to unsolicited incoming traffic. Additionally, communication over named pipes is permitted, and ports will be dynamically opened as needed by Windows services using RPC
To enable Remote Administration by default in the Domain Profile, add the following entry to the ICF.AddReg.DomainProfile section of the Windows Firewall INF file:
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\RemoteAdminSettings","Enabled",0x00010001,1
Script for enabling the remote administration
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set objAdminSettings = objPolicy.RemoteAdminSettings
objAdminSettings.Enabled = TRUE
Please refer to Weblog by one the Microsoft dev as he mentions
“there’s a bit of a Cacth-22 situation going on here: you need to run the script to open the firewall, but because the firewall isn’t open, any script you run remotely can’t get through. Consequently, you’ll have to run the script locally after you install Service Pack 2. Are there better ways to do this? Possibly; you can use an unattend file to install Service Pack 2, and within that file you can indicate that you want remote administration enabled. We’re still investigating the best/easiest ways to do all this. Stay tuned”
Reference
http://download.microsoft.com/download/4/2/c/42c9b5d4-25d7-414c-a149-648ca4149596/WFINF_Guide.doc
http://blogs.msdn.com/gstemp/archive/2004/04/30/124015.aspx
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ics/ics/windows_firewall_start_page.asp
I wanted single in-proc instance of XML writer to be kept in memory so that each client can the same instance in VB6( ATL it's damn simple). After a some POCs and R& D , i came to conclusion that it can be done in three ways.
Additional aims
1.I wanted syntactive sugar as well. e.g. that single instance should be accessible by using simple code construct like getobject(“foo.bar“)
2. Solution should be easily reusable for other classes.
Solutions
1. Shared object using activex exe server: If we create multiuse object Com server creates multiple instance served by the same com server.These objects expose one instance of object shared across these objects(global object variable). for more information http://www.ftponline.com/archives/premier/mgznarch/vbpj/1999/10oct99/cb1099/cb1099.asp
2.COM API -Use the class object table provided by COM
(CoRegisterClassObject/CoGetClassObject). This is usually used for class
factories, but you you can put anything in there you like. This is easy to
do if you have the API's and constants declared, and is the best approach
from a pure COM perspective.Matt Culand's book describes this in details ( Page 139). Youd do not needs active-X exe server for this. Active- X dll can also work as server ( Watch out object life time management issues)
3.ROT( Runtime Object table): Use Runtime object table. ROT acts as object bulletin board. This is difficult to complete w/o matt culand book. see artcile by Matt for initial explanation.
http://www.ftponline.com/Archives/premier/mgznarch/vbpj/1997/08aug97/bbelt.pdf
I had COM EXE Server called from directory(AD) Browse dialog which used to create worker thread to enumerate the Active Directory objects. We wanted to make UI responsive and also if possible have no performance side -effect.This is How we went about it.
1. We first used very primitive threading technic.This is achieved through Active Exe.
a.Set the Threading Model to Apartment Threaded.Implement IThreadIFace interface( defined by us)
b.Client calls this EXE Server . In exe server we start the the Timer.Client returns.Timer Event is fired asynchronously.
c.client - server communicate through Known Contract ( IThreadIFace )
d.Server Enumerates with help of object created in Dll server .
2. We had Problems here
a. All calls are sequential in server( we don't have Multiple Worker thread(just one worker thread ..i said primitive))
b.Exe Server object passes pointer of itself to the worker , so that worker can call notify the Controller( Exe server) about it's status.
c. Controller also needs pointer of client to notify the Clint about the progress.
3.I read the article by Matt curland and the net effect was
Matt Curland on exe server MultiThreading
Matt Curland on Dll server MultiThreading
These article are just eye-opener for a c++ as well as Vb Programmmer
a. We changed the Timer Control
b.Now we use Bidirectional memory access for siganalling between threads, not the earlier mechanism which used to create Proxy Stub Objects( Inherently slow)
c. We had to implement critical section as Matt Curland has described it.
d.we have achieved true asynchronousness
e. planning to convert exe server to Dll Server now. Had anyone encountered problem with this???
4. Wonder How .Net gives mutithreading .Need to do POC.
Thanx Matt .
Are You planning to write some book on C# and .net?
Look at the Interface ...
Private Function INosGUI_SetParams(ByVal srcTag As Variant, ByVal srcDisplayName As Variant, _
ByVal destTag As Variant, ByVal destDisplayName As Variant, _
ByVal daReserved1 As Variant, ByVal daReserved2 As Variant, _
ByVal daReserved3 As Variant) As Variant
Look at Interface Usage..
'srcTag -Source iads object
'destTag- tag
'destDisplayName - Caption of the form
'daReserved1(0) - Filter
'daReserved1(1) - Flag indicating whether to apply criteria
'daReserved1(2) - Information about trusted domains 1)Whether to add trusted domains
' 2)Criteria for trusted domains
' 3)Whether to show only domain local groups
' 4)Filter for trusted domains
'daReserved1(3) - Criteria for group objects
'daReserved1(4) - Single(true)/ Multiple(false) selection
'daReserved1(5) - Flag indicating whether to add NT4 domains ,When NT4 domain does not support the source group type then ,this
'flag should be true
' daReserved1(6) - Flag indicating whether to show well-known security principals
' daReserved1(7) - Flag indicating whether to enumerate domains in forest
' daReserved1(8) - Flag indicating whether to enumerate exchange objects only (For Ad extensions)
' daReserved1(9) - Filter for domains in forest
' daReserved1(10)- Criteria for domains in forest
' daReserved1(11)- Well known security principals to exclude
' daReserved1(12)- Additional properties to be queried from the directory
' daReserved1(13)- Shell pointer
' daReserved2 - Image index of the form image
' OR
' daReserved2(0)- Image index of the form image
' daReserved2(1)- Additional field expected from the enumerator, now support for only one additional field
' is given by the enumerator
' daReserved2(2)- Column header for the Additional field expected from the enumerator.
' daReserved2(3,0)- Help File information optioanl if the help is to be launched from file other than ActDit.chm.,
' daReserved2(3,1)- Help Id
' daReserved2(3,2)- Location(If the file to be launched from location other than default folder for help files.)
' daReserved3 - ListImages (16 X 16)
Is this your Idea of extensibilty?. I sees this in N number of places.
VB 6.0 is really bad @ Interface Based Implementation .( Particularly @ maintaing Binary Compatibility when you extend the interface)
Have you gone through nightmares maintaining VB Binary Compatibility.I will be discussing the solutions that i had and how i implemneted it.
IDL,TLB and Matt Curland came to rescue....
I will be putting my thoughts together on Interface Based Programming in .NET