Re: Firewall Service Cannot Start When Not Connected to Domain

"Jack [MVP-Networking]" <jack@xxxxxxxxxxxxxxxxxxx> wrote in message
No it is not a feature. ;)
Just being of the Domain just not mean that the computer is automatically
re-configured itself for regular Peer-to-Peer network.
Who ever configures the domain has to take a look to make sure that the
right open configuration is available.

I think we may be talking different points. Distinguish two cases:

Case A: Disconnect from the domain and start the computer. After
firewall starts, it has a different configuration than the one in the

Case B: Disconnect from the domain and start the computer. Firewall
refuses to start at all. Attempts to manually start the firewall *service*
fail. There is no issue about the firewall's configuration because the
firewall cannot even be started.

I am describing Case B. This isn't an issue of how we configured the
firewall rules in or out of the domain. This is a Windows service startup
issue. The firewall service cannot even be started.


"W" <persistentone@xxxxxxxxxxxxxx> wrote in message
"Jack [MVP-Networking]" <jack@xxxxxxxxxxxxxxxxxxx> wrote in message
When it is Off the domain what are you trying to connect to?
Who ever controls the Domain Polices has to configure the computer to
function in a none domain environment when needed.
Jack (MS, MVP-Networking).

What I am saying is that when the computer is off the domain, the
firewall service is *refusing to startup at all*. That cannot be a
feature, can it?


"W" <persistentone@xxxxxxxxxxxxxx> wrote in message
We have a Vista Ultimate installation with all service packs installed.
Both the local security policy and the domain policy after joining a
domain have the reserved accounts NETWORK SERVICE and LOCAL SERVICE
configured to start as a service. If we disconnect the notebook
from the domain and restart it, the Windows Firewall service refuses to
start. All attempts to manage the firewall fail because the service
reports it has not started. If you manually attempt to start the
firewall service it fails.

As soon as we put the notebook back on the domain network and reboot it

Does anyone have any insight on why this happens and how we can get the
firewall to start? Any sequence that effectively prevents the
firewall from starting strikes me as a pretty serious misfeature. The
notebook is often used to configure devices by cross connecting
straight to the device, so we cannot count on being on the domain
network, but clearly we want a working firewall at all times.


Relevant Pages

  • Re: SBS R2 ISA2004 Dark Arts
    ... ISA in SBS as intended or you'll get into trouble. ... I have to get the back firewall configuration to work with the ... network in the rules/policies. ...
  • Re: wireless and router; security issue
    ... issues like yours (and allow configuration with AD group policy). ... and the filesharing service of my network connection. ... The firewall I have is McAfee firewall 7.x, ...
  • Re: SBS R2 ISA2004 Dark Arts
    ... Right now the front firewall is not an ISA ... NIC-2 faces the internal "Live" network. ... I have to get the back firewall configuration to work with the ...
  • Re: Why do I need a software firewall?
    ... I agree that spending time with host based configuration on every ... software firewall crashes, is diabled by nefarious software run on the ... first things the support technician has them do is disable any ... vulnerable to network based attacks. ...
    ... hardwired to Port 1 and a Notebook conected via the router wireless port. ... Wireless LAN has security disabled ... Win XP Pro Firewall is disabled in both PC. ... If I run the Network Configuration Wizard in the desktop, ...