XP SP2 & GPO controlled firewall gets activated for unknown reasons...

From: Michael van Zwieten (mvanzwieten_at_gmail.com)
Date: 12/02/04

  • Next message: Paul Aviles: "Disable Network ID and Change button" 
    Date: Thu, 2 Dec 2004 14:39:53 -0500
To: focus-ms@securityfocus.com

    Hi Everyone,

    I configured GroupPolicy to control the XP SP2 Firewall using the
    standard and domain profiles. In the standard profile, the firewall
    is on... in the Domain profile, the firewall is off.

    We have come to find that for some unknown reason, random workstations
    throughout our organization will simply turn their domain profile off,
    and turn their firewall on. This makes remote admin/support
    impossible in our situation...

    Doing a 'netsh firewall show state' shows that the firewall is on when
    it should be off, since the workstation is sitting on a LAN hooking
    into our domain. When we reboot, or do a 'gpupdate /force' and a
    reboot will usually turn the firewall off, and normal operations are
    resumed... until it randomly drops again, and turns the firewall on.

    Like others that I'm in contact with have found, this problem only
    occurs sometimes, not always... and it seems random. When looking at
    client settings, they are no different from ones that work, to ones
    that don't work. Nothing in the event log.

    Apparently SP2 does some sort of network discovery to see if it
    belongs to the same DNS suffix as the domain it belongs to in AD. The
    clients aren't dropping off the network, and never lose connection.
    Clients aren't hibernating, nic cards aren't going to sleep, etc.

    Does anyone have any ideas on how to make this GP controlled XP
    Firewall mess a bit more reliable?

    Thanks for your help,
    Mike

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Paul Aviles: "Disable Network ID and Change button"