Re: Change SP2 firewall profile from CLI

You could try configuring the standard profile with the exceptions you need
such as for remote admin only from your subnet or admin workstation IPs.

Steve


"Jeff Vandervoort" <jeffv @ jrvsystems dot com> wrote in message
news:OzMfXtJ4GHA.5000@xxxxxxxxxxxxxxxxxxxxxxx
OK, I guess that makes sense. Thanks.

What doesn't make sense is that if this is by design, it's a lousy design!
It only gives me the choice of enabling or disabling the firewall for my
VPN clients after logon to allow remote admin, instead of just allowing
specific exceptions. It's all or nothing.

--
Jeff Vandervoort
JRVsystems
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7oidnXuTvsWvrorYnZ2dnUVZ_t2dnZ2d@xxxxxxxxxxxxxx
Hi Jeff.

My understanding is that unless you specify a profile the default profile
is used for the option you set in set opmode mode and is not to change
mode. The possibilities are current, standard, domain, and all. So I
suspect that your command is actually setting the Windows Firewall to be
enabled in the standard profile. As far as I know the profile used can
only be determined on whether or not the operating system detects a
domain controller for it's domain on the network it is connected to and
it supposed to be periodically be determined by the network location
awareness service.

Steve


"Jeff Vandervoort" <jeffv @ jrvsystems dot com> wrote in message
news:%23KhPS8D4GHA.600@xxxxxxxxxxxxxxxxxxxxxxx
Windows XP SP2 client in SBS2003 SP1 domain. XP client firewall settings
set
by GPO.

When the computer is connected to the SBS network, and logged on to with
the Administrator account, NETSH help leads me to believe that the
command...
netsh firewall set opmode mode = enable profile = standard
...should change the firewall profile from Domain to Standard.

And when I issue the command, NETSH responds with "Ok." as though it's
actually done something useful. Yet this command...
netsh firewall show opmode
...shows that the Domain profile remains the current profile.

I've also tried it with a Scheduled Task that runs in the SYSTEM
account, with the same result.

In the GPO, "Windows Firewall: Protect all network connections" is set
to Not Configured for both profiles. I can enable and disable the
firewall from the NETSH command line, just can't switch profiles.

What's up with that?

--
Jeff Vandervoort
JRVsystems







.

Relevant Pages

  • Re: XPsp2 - firewall enable/disable based on net
    ... The sp2 firewall has two "profiles", Domain and Standard. ... only allows configuration of the current profile, ... your corporate network has an ipsec deployment you can specify that your sms ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows Firewall Turned on Automatically
    ... > Windows Firewall Has Two Profiles Domain and Standard. ... GPO is ineffective as a result of this ... > the domain profile. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows Firewall Turned on Automatically
    ... Windows Firewall Has Two Profiles Domain and Standard. ... GPO is ineffective as a result of this because we want the firewall ... on for the standard profile and off for the domain profile. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Blu-Ray player for $349
    ... Neither one is a standard, ... are staying away from this format war. ... With the marketplace dealing with Profile 1.0, Profile 1.1, Profile 2.0, ...
    (alt.tv.tech.hdtv)
  • Re: Change SP2 firewall profile from CLI
    ... My understanding is that unless you specify a profile the default profile is ... used for the option you set in set opmode mode and is not to change mode. ... your command is actually setting the Windows Firewall to be enabled in the ... NETSH help leads me to believe that the ...
    (microsoft.public.windowsxp.security_admin)