Footprint is often a major concern to Embedded customers, and some of the changes made to enhance security on SP2 impacted definitely had an impact on footprint. One of the most common increases in footprint comes from the Windows Firewall component, which is new in SP2.
In early builds of XPe SP2 90% of runtime configurations that we built brought in the Windows Firewall component and all it’s dependencies, due to many other files expressing a static dependency on hnetcfg.dll, owned by Windows Firewall. We worked with the various Windows feature teams to have them change this static dependency to a delay-load dependency, which allowed us the option of not bringing in the Windows Firewall component into every runtime. However, because security was one of the major reasons for SP2 in the first place, and the Windows strategy changed to having the firewall turned on by default in XP Pro, we decided on a strategy to include the Windows Firewall component by default on “networked” devices so that the security was automatically built-in. We did include an option for customers who chose not to bring in the Windows Firewall- in the settings of the Core Networking component, customers can uncheck the Windows Firewall check box.
One issue with this approach is that File Sharing requires hnetcfg.dll to function correctly (this issue is relnoted in SP2). The solution (if you do not want the footprint hit of Windows Firewall & it’s dependencies) is to manually add this binary to the runtime image (\Windows\system32) pre-FBA.