Service Pack 2 for Windows XP, when installed on a target machine, will tighten security by "enabling" the "Windows Firewall" software, which is shown below in the Control Panel. This software exists in XP SP1, but is not enabled by default. Because this is enabled after SP2 is applied, this effectively disables the use of well-known and widely-used ports 135, 139 and 445 which are for networking in general, as well as product-specific ports such as Leaf-Agent ports in PatchEasy.

You can employ 2 strategies for dealing with XP SP2:

After SP2 has been successfully applied, PatchEasy will not be able to query Agentless targets, nor Leaf-Agent targets.

To re-enable PatchEasy access to Agentless and leaf-agent XP SP2 machines, you can launch "Windows Firewall" from the Control Panel, and enable the ports needed querying and deploying patches to the XP SP2 target.

From the Advanced tab, select the appropriate connection (LAN in most cases, as opposed to dial up) and click "Settings...".

Below are shown "well-known" services that can be enabled or disabled by default... but we want to click "Add" to define our own named services and ports that we are going to allow for PatchEasy.

Enter a "Description of service", and one or more remote "Hostnames/IP addresses" that can use the port connection to gain access to this machine. For PatchEasy the machine you want to "allow" is the Master-Agent.

You then enter a port number, and whether the port should use TCP or UDP protocol as the underlying transport protocol. In most cases, you would use TCP because it is a "reliable" transport with guaranteed packet delivery. UDP is a non-guaranteed packet delivery transport which performs better because it creates less overhead.

For Agentless machines, do "Add" three times so you end up with something similar to the "enabled" (checked) items shown below.

For Leaf-Agent machines, you would do the same thing, except Leaf-Agents do not use port 135, 139 and 445, but instead use a user-defined port connection to the Master-Agent, usually 9968. This means you would only need one entry in the firewall software. Please keep in mind that after installing XP SP2, if you wish to remotely install a Leaf-Agent to the target, you would have to enable 135, 139, and 445 as shown below to allow the remote installation, enable 9968, then disable 135, 139, and 445 after you've confirmed that the Master-Agent can query the Leaf-Agent target.

If you install a Leaf-Agent on XP SP1 machines before deploying SP2, the firewall software in SP2 will "honour" the Leaf-Agent port setting and not disable it. This means after SP2 deployment, you should still be able to query the target machine and deploy patches to it.