Re: Windows Firewall Turned on Automatically

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 09/26/05 

Date: Mon, 26 Sep 2005 00:24:57 -0400

In news:D754EA3A-5B54-418D-8FD7-66D374950613@microsoft.com,
Dave Petzel <DavePetzel@discussions.microsoft.com> typed:
> We have narrowed this down some. It appears to be a problem on the XP
> boxes not correctly detecting the correct firewall profile. When the
> boxes were initially built they were joined to the domain as well as
> had the firewall turned off, thus disabling the firewall for that
> profile. Now that we have upgrade we see the machines are randomly
> selecting which domain profile to use, since we do not have the
> firewall disabled on the standard profile when the machine
> incorrectly determines which profile to use the firewall is on. We
> did a lot of testing on this. We would take a single machine and not
> make any changes to and just reboot it over and over. After each
> reboot we would run 'netsh firewall show config' to see which profile
> was active. sometimes it would be the domain profile sometimes it
> would be the standard profile. To get around this temporarily we have
> implemented a login script element to disable the firewall, however
> it stinks that we can not rely on the workstation to determine
> correctly.

Hi - what do you mean by domain profile, and why can't you handle this via
GPO, and why can't you just add the exceptions you need to the firewall
rather than disabling it outright?
>
> "Lanwench [MVP - Exchange]" wrote:
>
>>
>>
>> In news:A0EA3176-C05A-4BEB-8996-BC33FFF2D440@microsoft.com,
>> Dave Petzel <DavePetzel@discussions.microsoft.com> typed:
>>> Just experienced a very strange situation. We have several hundred
>>> XP clients on an NT Domain. We disable windows firewall. Over the
>>> weekend we upgraded our NT 4 Domain to Windows 2003 Mixed Mode
>>> Active Directory. We are now seeing today and yesterday some
>>> machines have the windows firewall enabled. We discoverd the
>>> problem due to an older legacy application we have had stopped
>>> working. The application was working yesterday (2 days after the
>>> upgrade) but today it was not. The machines experiencing the
>>> problem are located in seperate office and seperate departments. so
>>> far we have seen only about 15 with the firewall enabled. As we
>>> just upgraded we dont have any GPO's in place that would enable
>>> this. We dont have any other automated customization tools that
>>> were configured to do this either.
>>>
>>> Is there any log file or any way to determine when/by who the
>>> firewall was enabled. The users of the machines dont have admin
>>> rights so we know it was not them. Any insight on this one would be
>>> great!
>>>
>>> Thanks
>>
>> Really does sound like group policy to me. Run the GPMC and see what
>> policy settings you have - and on the client, run gpresult in a
>> command prompt to see the 'resultant set of policy'
>>
>> Any chance you can just add an exception for your legacy app? I
>> personally like leaving the firewalls enabled, but with the
>> exceptions I wish.

Relevant Pages