Re: Turing of SP2 Firewall via registry entry?
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 08/26/04
- Next message: Anita: "SP2 patches - trouble!"
- Previous message: Jeff: "Re: Turing of SP2 Firewall via registry entry?"
- In reply to: Jeff: "Re: Turing of SP2 Firewall via registry entry?"
- Next in thread: Jeff: "Re: Turing of SP2 Firewall via registry entry?"
- Reply: Jeff: "Re: Turing of SP2 Firewall via registry entry?"
- Reply: Torgeir Bakken \(MVP\): "Re: Turing of SP2 Firewall via registry entry?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Aug 2004 22:42:32 -0400
Togeir !
I should have known. The man is a scripting genious.
Information contained in -- WF_XPSP2.doc
I read that about 2 or 3 weeks ago. Its not pretty. It needs the SP2 EXE extracted. I'd
rather keep the EXE in its 266MB distriburtion executable so I dropped that idea. I want a
solution to be done AFTER SP2 is installed either before rebooting the PC or something I can
run in RunServicesOnce or RunOnce from the Registry upon the reboot.
Thanx Jeff !
Dave
"Jeff" <anonymous@discussions.microsoft.com> wrote in message
news:04f901c48b14$3fbe2810$a401280a@phx.gbl...
Hi,
Found it, at
http://communities.microsoft.com/newsgroups/default.asp?
icp=xpsp2&slcid=us
in security, July 20 at 8:03 am, topic is sp2 Firewall
installation option. Responding person is Torgeir Bakken
(MVP) his response is:
G wrote:
> Does anyone know of a way to install sp2 with an option
> that would keep the firewall off?
Hi
If you are running Active Directory, you can configure a
Group Policy that disables the firewall (see WF_XPSP2.doc
in the link further down for more on this).
If Group Policy is not an option and you want to avoid a
post SP2
install scripting solution (you can disable the FW with a
script
after hand), there is another options available:
Push out some some registry settings before the SP2
installation
so the FW disables itself when it finds those registry
settings:
From WF_XPSP2.doc ("Deploying Windows Firewall Settings
for Microsoft
Windows XP with Service Pack 2") at
http://www.microsoft.com/downloads/details.aspx?
familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
<quote>
Disabling the Use of Windows Firewall Across Your Network
If you decide to disable the use of Windows Firewall
across your entire
network, and you are not or cannot use the Windows
Firewall Group
Policy settings, you can use the Unattend.txt or Netfw.inf
to disable
Windows Firewall as Windows XP SP 2 is being installed.
For an example
of using Unattend.txt, see Appendix E. For an example of
using
Netfw.inf, see Appendix F.
Depending on your network policies, your users might elect
either
intentionally or accidentally to install Windows XP SP 2
through
Windows Update, rather than through a central network
location that
contains the modified Netfw.inf file. If this occurs, the
modified
Netfw.inf file is not read during the installation and
Windows
Firewall is enabled.
One solution to this possible problem is to create the
registry
settings on your client computers to disable Windows
Firewall before
your users have a chance to install Windows XP SP2 from
Windows Update.
ICF on computers running Windows XP (prior to SP2) ignores
these
registry settings. When the user installs Windows XP SP2
from Windows
Update and restarts their computer, Windows Firewall reads
the registry
settings already in place and disables itself.
To add a registry setting on all of your computers running
Windows XP,
you can use the following tools:
· Regini.exe from the Windows 2000 Server Resource Kit
Tools
· Reg.exe from the Windows Server 2003 Resource Kit
Tools
In both cases, you create a script file that is read by
the tool to add
a registry setting. The tool has to be run in the security
context of a
local administrator account.
Alternately, you can use network management software to
change registry
settings on managed computers.
The registry keys to add to disable Windows Firewall for
both the
domain and standard profiles are the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FirewallPoli
cy\DomainProfile
\EnableFirewall=0 (DWORD data type)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FirewallPoli
cy\StandardProfile
\EnableFirewall=0 (DWORD data type)
</quote>
Why they are talking about getting Regini.exe and Reg.exe
from the
Server resource kits I do not understand, both those tools
comes
builtin with WinXP.
-- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx >-----Original Message----- >I look forward to its discovery and resultant use. > >Dave > > > > >"Jeff" <anonymous@discussions.microsoft.com> wrote in message >news:03d601c48b0d$7b781700$a601280a@phx.gbl... >| Hi David, >| >| I can`t remember how, but I know there is some command >| line inputs you can excute while using the SP2 update to >| disable the firewall. I think it was posted in the >| testing newsgroup for SP2. I know it was answered by one >| of the many MVP`s there. Sorry I can`t be more help. I >| know there are command line switchs you can use though. >| >| Jeff >| >| >-----Original Message----- >| >That really doesn't answer his question. >| > >| >So in a script (such as the login script assuming they >| can access the server to execute the >| >login script) there would be an entry such as... >| > >| >net stop FireWallService_Name >| > >| >Now, how would you disable it such that it does not "turn >| on" upon a reboot ? >| > >| >Or to ask it a little better, in a script, how can one >| completely disable the FireWall ? >| > >| >My org. for one has issued a statement that the FireWall >| in SP2 *must* be disabled. >| > >| >I have created a CDROM and a Kixtart script that >| slipstreams the root i386 directory then >| >installs SP2. I would like to programmatically >| permanently disable the fireWall upon >| >installation of the Service Pack. >| > >| >Dave >| > >| > >| > >| > >| > >| >"Mike Bright MSP" <anonymous@discussions.microsoft.com> >| wrote in message >| >news:uo8NrssiEHA.556@tk2msftngp13.phx.gbl... >| >| Sean, >| >| >| >| The Windows Firewall is a service and therefore there >| are no registry >| >| entries which you can use to Switch it off. Although >| it can be swtiched off >| >| programatically, but sorry no registry key for it. >| >| >| >| Regards >| >| >| >| Mike Bright MCP, MSP >| >| >| >| e:mike.bright@brightweb.co.uk >| >| >| >| >| > >| > >| >. >| > > > >. >
- Next message: Anita: "SP2 patches - trouble!"
- Previous message: Jeff: "Re: Turing of SP2 Firewall via registry entry?"
- In reply to: Jeff: "Re: Turing of SP2 Firewall via registry entry?"
- Next in thread: Jeff: "Re: Turing of SP2 Firewall via registry entry?"
- Reply: Jeff: "Re: Turing of SP2 Firewall via registry entry?"
- Reply: Torgeir Bakken \(MVP\): "Re: Turing of SP2 Firewall via registry entry?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
