Re: GPO does not disable XP Firewall

I'm assuming your talking about the Windows Firewall/Internet Connection
Sharing (ICS) service.
First of all, only local administrators can stop/start services.
Doing so in your case has no impact on security (since WF is already set to
disabled).
If you however would like to explicitly prevent users from doing so create a
gpo for
Computer Configuration\Security Settings\System Services\Windows Firewal...
and deny this group to start/stop and pause the service.

Kurt Roggen
http://www.blogontheweb.com/roggenk


"jacksors" <jacksors@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5ECAAD14-EFAE-41CB-B426-DC0907AC053A@xxxxxxxxxxxxxxxx
>I have a Windows 2003 Domain with XP Pro SP2 clients. I have created a GPO
>to
> disable to Firewall in XP, however, I am still able to change the startup
> operation of the service as well as start the service.
>
> GPO Settings:
> Computer Configuration/Administrative Templates/Network/Networks
> Connections/Windows Firewall/Domain Profile/Windows Firewall: Protect all
> network connections: Disabled
>
> Computer Configuration/Administrative Templates/Network/Networks/Prohibit
> use of Firewall on Internet Domain: Enabled
>
> For Permissions, this policy applies to: Authenticated Users, Everyone,
> Domain Admins, Domain Computers, Domain Users
> Connections/Windows Firewall/Standard Profile/Windows Firewall: Protect
> all
> network connections: Disabled
>
> I've used gpupdate /force, restared workstations, removed and rejoined the
> domain, reset computer accounts. I am still able to enable/disable the
> service. I've deleted the registry entries that get created by the policy
> and
> rebooted. These entries are recreated. Logged on to systems with varing
> degrees of user rights, from standard users to local admins, to domain
> admins. Has made no difference.
>
> Gpresult shows:
> COMPUTER SETTINGS
> ------------------
> CN=RJACKSONXP,CN=Computers,DC=
> Last time Group Policy was app
> Group Policy was applied from:
> Group Policy slow link thresho
>
> Applied Group Policy Objects
> -----------------------------
> Default Domain Policy
> Disable Firewall
> Local Group Policy
>
> I've tried using the loop back processing Group Policy setting.
>
> What can I do to make it so that users can not enable or start the Windows
> Firewall Service on XP Pro PS2 by using group policy?
>
>
>
>


.

Relevant Pages

  • Re: How do I turn off SP2 firewal Group Policy setting
    ... I followed the instructions, but when I go to modify Group Policy, all ... settings are Not Configured Already. ... > Windows XP SP2 client computer in the SBS domain. ... > Firewall for client computers that are running Windows XP Professional. ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 & Win2K DC
    ... 872769 You cannot configure Windows Firewall settings or Security Center ... | why a change I made to Group Policy (using gpupdate /force after the ...
    (microsoft.public.windows.server.sbs)
  • RE: Workstation Firewall / Group Policy
    ... configure the clients' firewall by SBS GPO to let network backup software ... you could try to edit the GPO '' Small Business Server Windows ... Firewall'' on SBS to configure the firewall on client. ... been truncated" error message when you edit or view Group Policy in Windows ...
    (microsoft.public.windows.server.sbs)
  • Windows XP SP2 firewall still not working right
    ... My Windows XP Home SP2 firewall is not working as expected. ... It ignores its checkboxes for network connections and exceptions. ...
    (comp.security.firewalls)
  • Remote Procedure Call (RPC) shuts down computer
    ... Then immediately turn-on Windows XP's built-in Firewall: ... Connections, then click Network Connections. ... ***Install a good firewall. ...
    (microsoft.public.windowsxp.general)