Re: Turing of SP2 Firewall via registry entry?
From: Jeff (anonymous_at_discussions.microsoft.com)
Date: 08/26/04
- Next message: Geoffrey: "SP2 love/hate"
- Previous message: Len Segal: "Re: SP2 patches - trouble!"
- In reply to: David H. Lipman: "Re: Turing of SP2 Firewall via registry entry?"
- Next in thread: Torgeir Bakken \(MVP\): "Re: Turing of SP2 Firewall via registry entry?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Aug 2004 20:27:08 -0700
Your welcome
Glad I could be useful in someway, even though its from
someone else`s post
Jeff
>-----Original Message-----
>Togeir !
>I should have known. The man is a scripting genious.
>
>Information contained in -- WF_XPSP2.doc
>
>I read that about 2 or 3 weeks ago. Its not pretty. It
needs the SP2 EXE extracted. I'd
>rather keep the EXE in its 266MB distriburtion executable
so I dropped that idea. I want a
>solution to be done AFTER SP2 is installed either before
rebooting the PC or something I can
>run in RunServicesOnce or RunOnce from the Registry upon
the reboot.
>
>Thanx Jeff !
> Dave
>
>
>
>"Jeff" <anonymous@discussions.microsoft.com> wrote in
message
>news:04f901c48b14$3fbe2810$a401280a@phx.gbl...
>Hi,
>
>Found it, at
>http://communities.microsoft.com/newsgroups/default.asp?
>icp=xpsp2&slcid=us
>
>in security, July 20 at 8:03 am, topic is sp2 Firewall
>installation option. Responding person is Torgeir Bakken
>(MVP) his response is:
>
>G wrote:
>
>> Does anyone know of a way to install sp2 with an option
>> that would keep the firewall off?
>Hi
>
>If you are running Active Directory, you can configure a
>Group Policy that disables the firewall (see WF_XPSP2.doc
>in the link further down for more on this).
>
>If Group Policy is not an option and you want to avoid a
>post SP2
>install scripting solution (you can disable the FW with a
>script
>after hand), there is another options available:
>
>Push out some some registry settings before the SP2
>installation
>so the FW disables itself when it finds those registry
>settings:
>
>
> From WF_XPSP2.doc ("Deploying Windows Firewall Settings
>for Microsoft
>Windows XP with Service Pack 2") at
>http://www.microsoft.com/downloads/details.aspx?
>familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
>
><quote>
>Disabling the Use of Windows Firewall Across Your Network
>If you decide to disable the use of Windows Firewall
>across your entire
>network, and you are not or cannot use the Windows
>Firewall Group
>Policy settings, you can use the Unattend.txt or Netfw.inf
>to disable
>Windows Firewall as Windows XP SP 2 is being installed.
>For an example
>of using Unattend.txt, see Appendix E. For an example of
>using
>Netfw.inf, see Appendix F.
>
>Depending on your network policies, your users might elect
>either
>intentionally or accidentally to install Windows XP SP 2
>through
>Windows Update, rather than through a central network
>location that
>contains the modified Netfw.inf file. If this occurs, the
>modified
>Netfw.inf file is not read during the installation and
>Windows
>Firewall is enabled.
>
>One solution to this possible problem is to create the
>registry
>settings on your client computers to disable Windows
>Firewall before
>your users have a chance to install Windows XP SP2 from
>Windows Update.
>ICF on computers running Windows XP (prior to SP2) ignores
>these
>registry settings. When the user installs Windows XP SP2
>from Windows
>Update and restarts their computer, Windows Firewall reads
>the registry
>settings already in place and disables itself.
>
>To add a registry setting on all of your computers running
>Windows XP,
>you can use the following tools:
>
> · Regini.exe from the Windows 2000 Server Resource Kit
>Tools
> · Reg.exe from the Windows Server 2003 Resource Kit
>Tools
>
>In both cases, you create a script file that is read by
>the tool to add
>a registry setting. The tool has to be run in the security
>context of a
>local administrator account.
>
>Alternately, you can use network management software to
>change registry
>settings on managed computers.
>
>The registry keys to add to disable Windows Firewall for
>both the
>domain and standard profiles are the following:
>
>
>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FirewallPol
i
>cy\DomainProfile
> \EnableFirewall=0 (DWORD data type)
>
>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FirewallPol
i
>cy\StandardProfile
> \EnableFirewall=0 (DWORD data type)
>
></quote>
>
>Why they are talking about getting Regini.exe and Reg.exe
>from the
>Server resource kits I do not understand, both those tools
>comes
>builtin with WinXP.
>
>
>--
>torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
>Administration scripting examples and an ONLINE version of
>the 1328 page Scripting Guide:
>http://www.microsoft.com/technet/scriptcenter/default.mspx
>
>
>
>>-----Original Message-----
>>I look forward to its discovery and resultant use.
>>
>>Dave
>>
>>
>>
>>
>>"Jeff" <anonymous@discussions.microsoft.com> wrote in
>message
>>news:03d601c48b0d$7b781700$a601280a@phx.gbl...
>>| Hi David,
>>|
>>| I can`t remember how, but I know there is some command
>>| line inputs you can excute while using the SP2 update
to
>>| disable the firewall. I think it was posted in the
>>| testing newsgroup for SP2. I know it was answered by
>one
>>| of the many MVP`s there. Sorry I can`t be more help.
I
>>| know there are command line switchs you can use though.
>>|
>>| Jeff
>>|
>>| >-----Original Message-----
>>| >That really doesn't answer his question.
>>| >
>>| >So in a script (such as the login script assuming they
>>| can access the server to execute the
>>| >login script) there would be an entry such as...
>>| >
>>| >net stop FireWallService_Name
>>| >
>>| >Now, how would you disable it such that it does
>not "turn
>>| on" upon a reboot ?
>>| >
>>| >Or to ask it a little better, in a script, how can one
>>| completely disable the FireWall ?
>>| >
>>| >My org. for one has issued a statement that the
>FireWall
>>| in SP2 *must* be disabled.
>>| >
>>| >I have created a CDROM and a Kixtart script that
>>| slipstreams the root i386 directory then
>>| >installs SP2. I would like to programmatically
>>| permanently disable the fireWall upon
>>| >installation of the Service Pack.
>>| >
>>| >Dave
>>| >
>>| >
>>| >
>>| >
>>| >
>>| >"Mike Bright MSP"
<anonymous@discussions.microsoft.com>
>>| wrote in message
>>| >news:uo8NrssiEHA.556@tk2msftngp13.phx.gbl...
>>| >| Sean,
>>| >|
>>| >| The Windows Firewall is a service and therefore
there
>>| are no registry
>>| >| entries which you can use to Switch it off.
Although
>>| it can be swtiched off
>>| >| programatically, but sorry no registry key for it.
>>| >|
>>| >| Regards
>>| >|
>>| >| Mike Bright MCP, MSP
>>| >|
>>| >| e:mike.bright@brightweb.co.uk
>>| >|
>>| >|
>>| >
>>| >
>>| >.
>>| >
>>
>>
>>.
>>
>
>
>.
>
- Next message: Geoffrey: "SP2 love/hate"
- Previous message: Len Segal: "Re: SP2 patches - trouble!"
- In reply to: David H. Lipman: "Re: Turing of SP2 Firewall via registry entry?"
- Next in thread: Torgeir Bakken \(MVP\): "Re: Turing of SP2 Firewall via registry entry?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
