-
November 10th, 2005, 08:33 PM
#11
Member
One difficulty with this is if you have laptop users, particularly if they have WLAN cards, then they may take their machines out to various other sites.
There having the firewall disabled is much less of a good idea.
Then they'll bring all sorts of nasties back in with them when they return. I wonder if there's a recipe which can make it turn off only when logged on to your nice safe lan?
Slarty
Fortunatly we don't have "take home" laptops (except for mine...but my firewall/router at home is configured quite well)
I'm on it right now, thumbing through Tim hill's NT shell scripting book. I know some people that can make some very robust hardcore batch scripts. Since the firewall is a NT native .exe it shouldn't be that difficult. I'll be back with something.
I'm really looking forward to your response...
-
November 11th, 2005, 04:19 AM
#12
Re: XP SP2 Firewall
Originally posted here by unonthedl
and yes you MUST have admin access to the local box which means I have to walk to every damn machine (yea I can use a script but someone still has to be there to login in to run it). Anyway...that is all...I'm done...
PS Thanks for creating a place for me to vent...I feel better...suggestions are welcome...
Suggestion, rather a question. Can't you just use netsh commands? -- remotely
Before I attempt this bombastic script ........... I wanna try this one....
Regulators......We regulate any stealing of his property and we damn good too.... But you
can't be any geek off the street, gotta be handy with the keys if you know what I mean, earn your keep.
-
November 11th, 2005, 04:55 AM
#13
Member
Suggestion, rather a question. Can't you just use netsh commands? -- remotely
I haven't tried this...but I don't think I can do anything remotely (outside of RDP - which is only active on our servers) with the firewall active.
-
November 11th, 2005, 06:09 AM
#14
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
\DomainProfile \EnableFirewall=0 (DWORD data type)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
\StandardProfile \EnableFirewall=0 (DWORD data type)
EDIT*********************
I just read the whole post.
Here is what you need I believe.
Deploying Windows Firewall Settings Without Group Policy
-
November 11th, 2005, 09:05 AM
#15
I am not an admin, so I might be way off here... but it seems like configuring the laptop locally to have the firewall enabled and then to have it inhierit disabling the firewall for the local domain policy would work.
The firewall is on when it is part of an untrusted network and off when in the office.
cheers,
catch
-
November 11th, 2005, 02:30 PM
#16
Member
Only local administrators can successfully execute scripts or custom configuration programs from an email message, a file share, or a Web page.
Again, still have to be an admin.
One solution to this possible problem is to create the registry settings on your client computers to disable Windows Firewall before your users have a chance to install Windows XP SP2 from Windows Update. ICF on computers running Windows XP with SP1 and Windows XP with no service packs installed ignores these registry settings. When the user installs Windows XP SP2 from Windows Update and restarts their computer, Windows Firewall reads the registry settings already in place and disables itself.
So I have to re-install SP2? All the PCs are already running SP2...will this still work?
To add a registry setting on all of your computers running Windows XP, you can use the Regini.exe or Reg.exe tools. For either tool, you create a script file that is read by the tool to add a registry setting. The tool has to be run in the security context of a local administrator account.
Do these programs need to be installed on all PCs? Again I still have to "touch" each PC.
I really hate putting in cases to Microsoft Support...but I might have to because this has been bothering me for some time.
-
November 11th, 2005, 03:59 PM
#17
Can you run
netsh firewall show config
without admin rights?
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
November 11th, 2005, 06:41 PM
#18
Member
Can you run
netsh firewall show config
without admin rights?
Yes
Code:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
K:\>netsh firewall show config
Domain profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINNT\system32\sessmgr.exe
Standard profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINNT\system32\sessmgr.exe
Enable RealPlayer / C:\Program Files\Real\RealOne Player\realplay.exe
Log configuration:
-------------------------------------------------------------------
File location = C:\WINNT\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
Access is denied.
K:\>
-
November 11th, 2005, 07:09 PM
#19
And that is viewable without admin rights? Sheesh, talk about an information security breech.
\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
- Charles Darwin
-
November 11th, 2005, 07:30 PM
#20
I'm pretty sure you can use netsh firewall to reset the firewall settings and then disable. I know If done it in the past but can't remember how exactly but I know I was not admin on the remote box.
netsh /? see if any thing there will help. I have a feeling firewall dump and what not may give you a access denied error.
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|