Announcement

Collapse
No announcement yet.

Disable firewall xp sp1 with gpo

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Disable firewall xp sp1 with gpo

    I have a windows 2003 domain with 100 client computers running win xp sp1 and sp2. I would like to disable the firewall option using a GPO for the computers with the sp1. I found the way to do it for the computers with the sp2.
    Please help me. How the f___ can i do it?

    Mike.

  • #2
    Re: Disable firewall xp sp1 with gpo

    As I know, there is no microsoft firewall with SP1 !

    only from SP2 is firewall included.

    Comment


    • #3
      Re: Disable firewall xp sp1 with gpo

      Originally posted by wolfm1
      I have a windows 2003 domain with 100 client computers running win xp sp1 and sp2. I would like to disable the firewall option using a GPO for the computers with the sp1. I found the way to do it for the computers with the sp2.
      Please help me. How the f___ can i do it?

      Mike.

      You can't.


      Thre is no firewall installed in XP SP1. It only got installed on SP2.

      Comment


      • #4
        Re: Disable firewall xp sp1 with gpo

        I could be wrong here, but I thought that the Firewall did exist with SP1. Its just that with SP2 they changed the default from disabled to enabled.
        http://support.microsoft.com/kb/283673
        This being the case, there would still be value in making sure that the firewall is turned off for all XP clients. You can do this by flipping certain keys in the registry. GPO serves this purpose well.

        This article:http://www.microsoft.com/technet/pro.../wfsp2ngp.mspx
        Says that these registry keys:
        The registry keys to add to disable Windows Firewall for both the domain and standard profiles are the following:

        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall
        \DomainProfile \EnableFirewall=0 (DWORD data type)

        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall
        \StandardProfile \EnableFirewall=0 (DWORD data type)
        Only exist in SP2. I can't tell you off the top of my head how to disable it for XP and XP1.

        I think I even turned it off in my .sif file for when I used RIS to bring up new machines.
        [WindowsFirewall]
        Profiles = WindowsFirewall.TurnOffFirewall

        [WindowsFirewall.TurnOffFirewall]
        Mode = 0
        Ken
        Senior Support Engineer
        Visual Click Software
        512-231-9990 x 2
        UK Support: 0800 814 1317

        Comment


        • #5
          Re: Disable firewall xp sp1 with gpo

          Listen !

          I do not have any XP with SP1, therefore I cannot do it for you.

          But I will do this :

          I will use some program for registry snapping, like regsnap - www.lastbit.com

          Then I would turn the firewall off manualy in connection settings.

          Then I take one snapshot of system registry before any changes occur

          I save result in a file.

          Then I would turn the firewall back on with all other settings (enabled ports, protocols, ext.)

          The I would take second snapshot with regsnap and save the result.

          In regsnap choose compare function and see the result.

          After that, the only thing you have to do is write a small vbs script, which will do the necessary changes in system registry. Yuo can verify if it works on local computer, then place the script in shared sysvol directory on domain server.

          place here: \\server\sysvol\root.domainname.sk\Policies\{31B2F 340-016D-11D2-945F-00C04FB984F9}\MACHINE\Scripts\Startup\

          {31B2F340-016D-11D2-945F-00C04FB984F9} - it means that this script will be placed into default domain policy folder.

          Then set it in Active directory group policy to use this script after computer starts or user log on.

          If you do'nt know how to write vbs script, here is a small example in attachements.

          You can find in zip file two vbs scripts> sus and one tutorial

          the sus.vbs sets up the windows update settings for local computer
          (one little attention> you have to be an administrator, or user with administrative permisions to run these sripts, user with nonadministrative rights makes no changes to registry)
          Attached Files

          Comment


          • #6
            Re: Disable firewall xp sp1 with gpo

            I did this for a client about 2 weeks ago.
            Create a container in your AD and move all your client workstations you want to shut the firewall off of into it (if you apply it at the domain level it will turn off all MS firewalls including your servers )
            Download this utility from Microsoft called Group Policy Management: http://www.microsoft.com/downloads/d...displaylang=en

            This will allow you to create a group policy and link it to the container you just created. Change the following policies:
            Administrative Templates\Network\Network Connections
            Policy: Prohibit Use of Internet Connection Firewall on your DNS domain network --> Enabled
            Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile
            Policy: Windows Firewall Protect All network connections --> Disabled

            Next, right click the new link you just created and Enable it. The next time the workstation updates its GPO settings, this will turn off the Firewall. Usual wait is about 4-6 hours.
            Using this method is great because at any time if a policy breaks something, you can simply locate the link and disable it.
            What's also great about these settings is that even if a user is a local admin, they cannot re-enable it. BUT, if they are a mobile user (laptop) when they disconnect from the domain, the firewall will return to its previous state.
            Last edited by Borracho; 26th January 2006, 07:21.

            Comment

            Working...
            X