WLAN enhancements in XP SP2

SP2 in a nutshell

Of these changes, the new Windows Firewall is likely to have the greatest impact on network connectivity and associated drivers. Earlier versions of Windows XP included an Internet Connection Firewall (ICF), disabled by default and buried beneath the "Advanced" properties panel. Many don't use ICF at all, opting to use third-party desktop firewalls instead. Those who do use ICF typically enable it only on untrusted connections, like dial-up, DSL, and WLAN adapters.

In SP2, the revamped (and renamed) Windows Firewall is turned on by default, for all connections, and launched at system boot. This proactive approach affords better protection, but will require fine-tuning by most users. For example, if you're accustomed to sharing files or printers on your WLAN, you'll need to add exceptions to the default Windows Firewall. Exceptions can be made by application or port, allowing access by any computer, only those on the local subnet, or specified addresses. To learn more, visit this Microsoft Windows Firewall Web page. If you use a third-party desktop firewall like Zone Alarm or Norton, visit your vendor's Web site for SP2 compatibility details.

Wireless wizardry

• Wi-Fi Protected Access (WPA), first distributed as a standalone patch last year, now becomes an integral part of Windows XP in SP2. WPA adds TKIP and AES encryption options, and 802.1X and PSK authentication options. Whether you can actually use those options depends on your 802.11 adapter, but most 802.11g products now support WPA with at least TKIP. Note that this patch supports WPA (the October 2002 802.11i snapshot), not WPA2 (the final June 2004 802.11i standard). To learn about differences between WPA and WPA2, see my July 2004 WLAN Advisor column, 802.11i: Robust and Ready to Go.

• Wireless Network Connection windows have been augmented to display more information when attempting to associate with a WLAN. For simplicity, earlier versions of XP displayed precious little information -- just the network's name (SSID) and mode (infrastructure or peer-to-peer). SP2 adds the security level and signal strength for each discovered WLAN. New connection status messages make it easier to tell whether your station has successfully obtained an IP address via DHCP.

• The Wireless Zero Configuration Service has been extended to facilitate debugging by generating a pair of trace logs (Wzcdlg.log and Wzctrace.log). If you're having trouble connecting to a WLAN -- in particular, authenticating using 802.1X -- these new trace logs will be a very welcome addition.

• A new Wireless Network Setup Wizard has been added to automate wireless device configuration by writing settings, in XML format, to a USB flash drive. If you've used the XP Network Setup Wizard to configure a Windows Workgroup for resource sharing, then you'll find the Wireless Setup Wizard somewhat familiar.

• Wireless Provisioning Services (WPS) have been added to automate subscriber enrollment when visiting Wi-Fi hot spots that use Windows 2003 Server and Microsoft's AAA server (IAS) for 802.1X authentication. WPS is still being trialed by providers, so this addition probably won't have immediate impact on most users. Providers who want to learn about WPS should read this Microsoft TechNet article.

Further information about these and other wireless-related SP2 changes can be found in this Microsoft TechNet article, including screen snapshots that illustrate the new setup wizard, wireless network connection properties, and status messages.

Wait and see

In the long run, SP2 security improvements to the Windows Firewall and Internet Explorer are likely to have a much bigger impact. Unless you have a compelling reason to leapfrog the crowd, let organizations with large IT departments take the lead on debugging SP2 deployment. Wait for the dust to settle, and then take the jump to SP2.

Do you have comments about this article, or suggestions for Lisa to write about in future columns? Let us know!