Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Microsoft Networking Services > GPO
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

Disable firewall xp sp1 with gpo

Disable firewall xp sp1 with gpo

this thread has 5 replies and has been viewed 15316 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 29th December 2005, 10:30
wolfm1 wolfm1 is offline
Casual
Casual
 
 Join Date: Nov 2004
  6 month star 12 month star
 Posts: 8
 Reputation: wolfm1 is on a distinguished road (10)
Angry Disable firewall xp sp1 with gpo

I have a windows 2003 domain with 100 client computers running win xp sp1 and sp2. I would like to disable the firewall option using a GPO for the computers with the sp1. I found the way to do it for the computers with the sp2.
Please help me. How the f___ can i do it?

Mike.
  #2  
Old 11th January 2006, 17:05
Eica Eica is offline
Casual
Casual
 
 Join Date: Dec 2004
  6 month star 12 month star
 Posts: 44
 Reputation: Eica is on a distinguished road (10)
Default Re: Disable firewall xp sp1 with gpo

As I know, there is no microsoft firewall with SP1 !

only from SP2 is firewall included.
  #3  
Old 11th January 2006, 17:53
wullieb1 wullieb1 is offline
Moderator
 
 Join Date: Jul 2005
  6 month star 12 month star
 Location: Brisbane, Australia
 Posts: 7,097
 Reputation: wullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to behold (861)
Default Re: Disable firewall xp sp1 with gpo

Quote:
Originally Posted by wolfm1
I have a windows 2003 domain with 100 client computers running win xp sp1 and sp2. I would like to disable the firewall option using a GPO for the computers with the sp1. I found the way to do it for the computers with the sp2.
Please help me. How the f___ can i do it?

Mike.

You can't.


Thre is no firewall installed in XP SP1. It only got installed on SP2.
  #4  
Old 12th January 2006, 02:07
kDSRAZOR kDSRAZOR is offline
Casual
Casual
 
 Join Date: Jan 2006
  6 month star 12 month star
 Location: Austin, TX
 Posts: 10
 Reputation: kDSRAZOR is on a distinguished road (10)
Default Re: Disable firewall xp sp1 with gpo

I could be wrong here, but I thought that the Firewall did exist with SP1. Its just that with SP2 they changed the default from disabled to enabled.
http://support.microsoft.com/kb/283673
This being the case, there would still be value in making sure that the firewall is turned off for all XP clients. You can do this by flipping certain keys in the registry. GPO serves this purpose well.

This article:http://www.microsoft.com/technet/pro.../wfsp2ngp.mspx
Says that these registry keys:
Quote:
The registry keys to add to disable Windows Firewall for both the domain and standard profiles are the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall
\DomainProfile \EnableFirewall=0 (DWORD data type)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall
\StandardProfile \EnableFirewall=0 (DWORD data type)
Only exist in SP2. I can't tell you off the top of my head how to disable it for XP and XP1.

I think I even turned it off in my .sif file for when I used RIS to bring up new machines.
[WindowsFirewall]
Profiles = WindowsFirewall.TurnOffFirewall

[WindowsFirewall.TurnOffFirewall]
Mode = 0
__________________
Ken
Senior Support Engineer
Visual Click Software
512-231-9990 x 2
UK Support: 0800 814 1317
supportw@visualclick.com
  #5  
Old 12th January 2006, 10:49
Eica Eica is offline
Casual
Casual
 
 Join Date: Dec 2004
  6 month star 12 month star
 Posts: 44
 Reputation: Eica is on a distinguished road (10)
Default Re: Disable firewall xp sp1 with gpo

Listen !

I do not have any XP with SP1, therefore I cannot do it for you.

But I will do this :

I will use some program for registry snapping, like regsnap - www.lastbit.com

Then I would turn the firewall off manualy in connection settings.

Then I take one snapshot of system registry before any changes occur

I save result in a file.

Then I would turn the firewall back on with all other settings (enabled ports, protocols, ext.)

The I would take second snapshot with regsnap and save the result.

In regsnap choose compare function and see the result.

After that, the only thing you have to do is write a small vbs script, which will do the necessary changes in system registry. Yuo can verify if it works on local computer, then place the script in shared sysvol directory on domain server.

place here: \\server\sysvol\root.domainname.sk\Policies\{31B2F 340-016D-11D2-945F-00C04FB984F9}\MACHINE\Scripts\Startup\

{31B2F340-016D-11D2-945F-00C04FB984F9} - it means that this script will be placed into default domain policy folder.

Then set it in Active directory group policy to use this script after computer starts or user log on.

If you do'nt know how to write vbs script, here is a small example in attachements.

You can find in zip file two vbs scripts> sus and one tutorial

the sus.vbs sets up the windows update settings for local computer
(one little attention> you have to be an administrator, or user with administrative permisions to run these sripts, user with nonadministrative rights makes no changes to registry)
Attached Files
File Type: zip example.zip (2.2 KB, 389 views)
  #6  
Old 26th January 2006, 09:09
Borracho Borracho is offline
Casual
Casual
 
 Join Date: Jan 2006
  6 month star 12 month star
 Posts: 4
 Reputation: Borracho is on a distinguished road (10)
Default Re: Disable firewall xp sp1 with gpo

I did this for a client about 2 weeks ago.
Create a container in your AD and move all your client workstations you want to shut the firewall off of into it (if you apply it at the domain level it will turn off all MS firewalls including your servers )
Download this utility from Microsoft called Group Policy Management: http://www.microsoft.com/downloads/d...displaylang=en

This will allow you to create a group policy and link it to the container you just created. Change the following policies:
Administrative Templates\Network\Network Connections
Policy: Prohibit Use of Internet Connection Firewall on your DNS domain network --> Enabled
Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile
Policy: Windows Firewall Protect All network connections --> Disabled

Next, right click the new link you just created and Enable it. The next time the workstation updates its GPO settings, this will turn off the Firewall. Usual wait is about 4-6 hours.
Using this method is great because at any time if a policy breaks something, you can simply locate the link and disable it.
What's also great about these settings is that even if a user is a local admin, they cannot re-enable it. BUT, if they are a mobile user (laptop) when they disconnect from the domain, the firewall will return to its previous state.

Last edited by Borracho; 26th January 2006 at 09:21..
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
GPO is still in effect after disable GPO philynbenjy GPO 4 28th August 2007 13:25
Backing out Windows firewall controlled GPO setting JamesNesbitt GPO 2 13th December 2005 05:27
gpo to disable usb ports billvm2000 GPO 1 9th November 2005 18:56
[help]DHCP Service with SP1 Firewall? habibalby General Security 7 29th October 2005 01:27
GPO to disable Interactive component of the users account Eric Active Directory 3 12th June 2004 08:14


All times are GMT +3. The time now is 02:59.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri