Re: Temporarily disabling Windows XP Firewall while on Domain

From: Glenn Fincher (gfincher_at__NOSPAM_intoto.us)
Date: 08/29/04

Next message: Craig Hewitt: "System restore and SP2"
Previous message: wits_end: "SP2 and 64 bit processors"
In reply to: GreenThumb: "Temporarily disabling Windows XP Firewall while on Domain"
Messages sorted by: [ date ] [ thread ]

Date: Sun, 29 Aug 2004 16:30:16 -0500

"GreenThumb" <GreenThumb@discussions.microsoft.com> wrote in message
news:E7094CE8-AB20-4145-A237-0626738CF9A9@microsoft.com...
> Hello Al-
>
> I am interested in some sort of logon script or policy which would
> accomplish the following for our travelling sales reps:
>
> - While the rep. is on the road or connected to his home network, to
> enable
> Windows Firewall
>
> - While the rep. is connected to the office network, to disable the
> firewall
> so virus updates, administrative updates, etc. can come through.
>

I believe that this is really already built in to the policies that SP2
installs. The "Domain Profile" vs. "Standard Profile" settings using
gpedit.msc. Domain profile is automatically invoked when the computer is
running "inside" the network with the same domain suffix "mycompany.com";
the Standard profile is when NOT in that same domain suffix network. So...
if you look at:

Local Computer Policy\Computer Configuration\Administrative
Templates\Network\Network Connections\Windows Firewall

you will see those two profiles. First, there is an upper level setting
that reverses the default action of the settings that SP2 enforces out of
the box, one level above the Windows Firewall node. This setting: "Prohibit
the use of Windows Firewall on your DNS domain" IF ENABLED, will disallow
any user (admins also!) the ability to enable configure Windows Firewall
settings using the User Interface of SP2.

If you open the Domain Profile and note the state of:

Windows Firewall: Protect all network connections

you will see that it is set in the Policy as "Not Configured". This means
that the default programmed into XP SP2 is honored. IF you enable this
policy here, this setting OVERRIDES the upper level 'prohibit" setting.

So... test if first, but the expected behavior of SP2 is to act as you have
described. Also, these policies are all duplicated at the Domain level in
an Active Directory domain for top down management.

Hope this helps!

XPAddict

Next message: Craig Hewitt: "System restore and SP2"
Previous message: wits_end: "SP2 and 64 bit processors"
In reply to: GreenThumb: "Temporarily disabling Windows XP Firewall while on Domain"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

XP SP2 Disables Print Sharing & Windows Firewall Wont Load
... Upgraded home network of 3 XP PCs to SP2. ... One PC will not allow file/print sharing or launch ... and Windows Firewall fine. ...
(microsoft.public.windowsxp.setup_deployment)
Re: Cant browse My Netork Places after XP SP2
... > installing XP Pro SP2. ... > to use this network resource. ... Service Pack 2 automatically enables the Windows Firewall. ...
(microsoft.public.windowsxp.network_web)
RE: Remote system
... Start by enabling the Windows firewall. ... If you have SP2 ... Otherwise, right-click My Network Places, ... select properties, Right-click your network connection and select properties, ...
(microsoft.public.windowsxp.help_and_support)
Wireless Network unstabel with SP2
... SP2) I now cannot keep the wireless connection stable. ... I've turned off the Windows firewall on both and I can get ... function to re-establish the network. ...
(microsoft.public.windowsxp.network_web)
Re: Use GPO to disable firewall or enable certain ports
... Doug gave the details and for an Active Directory domain you want to use the ... domain profile for when the computer are connected to the network where the ... logging for the Windows Firewall on a computer so that you can see what ...
(microsoft.public.windowsxp.security_admin)