Re: Windows firewall spontaneously changes profiles

From: David Beder [MSFT] (dbeder_at_online.microsoft.com)
Date: 06/28/05 

Date: Mon, 27 Jun 2005 23:58:36 -0700

Windows Firewall will switch to the to the standard profile when none of
your nics has a dns suffix that matches the network name pushed down through
group policy. My guess is that either the machines are running out of time
on their leases and going back to dhcp to get new ones, hitting a dhcp
server that gives out a non-matching or empty dns suffix, or they're getting
a gp update from a dc that plumbs a new network name.

I think the best-practice guidence is to set both domain and standard
profile gp settings to be the same to cover this scenario where the box
isn't really actually moving but could interact with infrustructure that
makes it think it's changed domains.

Unfortunately at the moment I'm not at a machine that's a member of a domain
and don't recall the exact gp regkey to check, but I know there are some
firewall kb articles a deployment guides on microsoft.com which should walk
you through what to check. 

-- 
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no rights.
"David Carlin" <dcarlin3@yahoo.com> wrote in message 
news:ucBYhn0eFHA.2740@TK2MSFTNGP10.phx.gbl...
> I'm having a problem where both XP SP2 and Server 2003 SP1 machines 
> spontaneously change firewall profiles every couple weeks.  The event log 
> entry is this:
>
> Event Type:    Success Audit
> Event Source:    Security
> Event Category:    Policy Change
> Event ID:    860
> User:        NT AUTHORITY\SYSTEM
> Computer:    COMPUTERNAME
> Description:
> The Windows Firewall has switched the active policy profile.
> Active profile: Standard
>
> The issue being, the standard profile is stock.  None of my exceptions are 
> listed and file sharing, network backups, antivirus updates, etc.. are 
> disrupted.
>
> Why is windows switching profiles?  What criteria does it use to suddenly 
> decide not to use the domain profile?  I'd hate to think a momentary 
> network blip could cause something unpredictable like this.
>
> Ideally, is there a way I can can have the domain profile always in use? 
> Do I have to maintain both a Standard and Domain profile with identical 
> settings?
>
> Thank You,
>
>     -David Carlin

Relevant Pages

  • Re: Windows Firewall Turned on Automatically
    ... > Windows Firewall Has Two Profiles Domain and Standard. ... > on for the standard profile and off for the domain profile. ... currently connected connections on the computer from the display ...
    (microsoft.public.windowsxp.security_admin)
  • Re: XPsp2 - firewall enable/disable based on net
    ... The sp2 firewall has two "profiles", Domain and Standard. ... only allows configuration of the current profile, ... your corporate network has an ipsec deployment you can specify that your sms ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows Firewall through Group Policy
    ... The Windows Firewall supports this feature by ... it is called 'multiple' profile support. ... a network in standalone mode. ... You'll see two options in the GPO under Computer Config/Admin ...
    (microsoft.public.windows.server.active_directory)
  • Re: Blu-Ray player for $349
    ... Neither one is a standard, ... are staying away from this format war. ... With the marketplace dealing with Profile 1.0, Profile 1.1, Profile 2.0, ...
    (alt.tv.tech.hdtv)
  • XP SP2 - profile detection without GPOs ?
    ... To find out which profile to activate (domain or standard), ... in SP2 compares DNS suffixes from the network connections and the system ...
    (NT-Bugtraq)