Ok,

I've just updated this machine after being away for a year, so now
have xp pro SP2 and all upto date. I noticed however an issue with the
new firewall. All the options to turn it on/off are GREYED OUT and
disabled. At the top it reads:

For your security, some settnigs are controlled by Group Policy.

It is a stand alone machine (it is attached to a network but it's just
peer to peer, not domain), and I have never touched any policies
whatsoever.

The Windows Firewall/ICS service has this error when double clicking
it:
Configuration Manager: The Specified device instance handler does not
correspond to a present device.

It will then open the service allowing me to make alterations. It is
AUTO and STARTED. All settings are the same as an XP home machine
which functions correctly, and I have not channged anything in here
either. (ie, it should be the default settings)

After not finding much on the internet (and I've tried reregisted dlls
and running netsh firewall reset etc etc, and even netsh winsock
reset), I uninstalled SP2 and then reinstalled it. Firewall wasn't
even isntalled as seen here:

http://windowsxp.mvps.org/sharedaccess.htm

After installing the registry entry and rebooting I'm back to how I
was before.

I did have some spyware/trojans on my system before I initially
installed SP2 and the other upgrades, but that's all gone now, so a
reinstall should have fixed things.

Any help as to how I fix these issues? I don't use the windwos
firewall but I'm always concerned when there are errors.

Much thanks,
Josh

Joshua,

See if this helps:

You cannot start the Windows Firewall service in Windows XP Service Pack 2:
http://support.microsoft.com/kb/892199

-and-

From Start/Run, type Gpedit.msc and navigate to:

Computer Configuration
=> Administrative Templates
=> System
=> Network
=> Network Connections
=> Windows Firewall
=> Standard Profile

Set the following options to "Not Configured" (defaults)

Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Define program exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow file and printer sharing exception
Windows Firewall: Allow ICMP exceptions
Windows Firewall: Allow Remote Desktop exception
Windows Firewall: Allow UPnP framework exception
Windows Firewall: Prohibit notifications
Windows Firewall: Allow logging
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests
Windows Firewall: Define port exceptions
Windows Firewall: Allow local port exceptions

--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org


"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:(E-Mail Removed)...
> Ok,
>
> I've just updated this machine after being away for a year, so now
> have xp pro SP2 and all upto date. I noticed however an issue with the
> new firewall. All the options to turn it on/off are GREYED OUT and
> disabled. At the top it reads:
>
> For your security, some settnigs are controlled by Group Policy.
>
> It is a stand alone machine (it is attached to a network but it's just
> peer to peer, not domain), and I have never touched any policies
> whatsoever.
>
> The Windows Firewall/ICS service has this error when double clicking
> it:
> Configuration Manager: The Specified device instance handler does not
> correspond to a present device.
>
> It will then open the service allowing me to make alterations. It is
> AUTO and STARTED. All settings are the same as an XP home machine
> which functions correctly, and I have not channged anything in here
> either. (ie, it should be the default settings)
>
> After not finding much on the internet (and I've tried reregisted dlls
> and running netsh firewall reset etc etc, and even netsh winsock
> reset), I uninstalled SP2 and then reinstalled it. Firewall wasn't
> even isntalled as seen here:
>
> http://windowsxp.mvps.org/sharedaccess.htm
>
> After installing the registry entry and rebooting I'm back to how I
> was before.
>
> I did have some spyware/trojans on my system before I initially
> installed SP2 and the other upgrades, but that's all gone now, so a
> reinstall should have fixed things.
>
> Any help as to how I fix these issues? I don't use the windwos
> firewall but I'm always concerned when there are errors.
>
> Much thanks,
> Josh

Thanks for the quick reply.

However, nothing in that KB seems to relate to me, I don't get any of
the errors listed, and all the solutions listed are how my system
already is. Also, the polices listed below are already set to Not
Configured. As are the domain ones.

I'm wondering if SP2 is thinking my machine is on a domain or
something somehow, how can I check this? My network setup says my
machine is part of a workgroup, and not a domain....

Also, the firewall service is started and running ok, but I still get
that error when trying to access it's properties from the service
menu.

I've noticed this account in my local security policy settings, not
sure what it belongs to, or how to find out, or if it is having any
effect:
*S-1-5-21-1229272821-1677128483-854245398-1002 and
*S-1-5-21-1229272821-1677128483-854245398-1004 and
*S-1-5-21-1229272821-1677128483-854245398-1005

Any more ideas? I'm wondering if the spyware/trojan has someone
altered something in one of my group/local polices... and how to reset
them perhaps? Or how to debug them. I haven't touched any of this
stuff myself.

Much thanks,
Josh

On Sat, 8 Oct 2005 10:22:41 +0530, "Ramesh, MS-MVP"
<(E-Mail Removed)> wrote:

>Joshua,
>
>See if this helps:
>
>You cannot start the Windows Firewall service in Windows XP Service Pack 2:
>http://support.microsoft.com/kb/892199
>
>-and-
>
>From Start/Run, type Gpedit.msc and navigate to:
>
>Computer Configuration
>=> Administrative Templates
>=> System
>=> Network
>=> Network Connections
>=> Windows Firewall
>=> Standard Profile
>
>Set the following options to "Not Configured" (defaults)
>
>Windows Firewall: Protect all network connections
>Windows Firewall: Do not allow exceptions
>Windows Firewall: Define program exceptions
>Windows Firewall: Allow local program exceptions
>Windows Firewall: Allow remote administration exception
>Windows Firewall: Allow file and printer sharing exception
>Windows Firewall: Allow ICMP exceptions
>Windows Firewall: Allow Remote Desktop exception
>Windows Firewall: Allow UPnP framework exception
>Windows Firewall: Prohibit notifications
>Windows Firewall: Allow logging
>Windows Firewall: Prohibit unicast response to multicast or broadcast
>requests
>Windows Firewall: Define port exceptions
>Windows Firewall: Allow local port exceptions

Josh,

Can you check if the WindowsFirewall policy keys are present in the
registry?

Open Regedit.exe and navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil*e
(and)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf*ile

In the right-pane, delete the "EnableFirewall" value.

Close Regedit.exe and restart.

--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org


"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:(E-Mail Removed)...
> Thanks for the quick reply.
>
> However, nothing in that KB seems to relate to me, I don't get any of
> the errors listed, and all the solutions listed are how my system
> already is. Also, the polices listed below are already set to Not
> Configured. As are the domain ones.
>
> I'm wondering if SP2 is thinking my machine is on a domain or
> something somehow, how can I check this? My network setup says my
> machine is part of a workgroup, and not a domain....
>
> Also, the firewall service is started and running ok, but I still get
> that error when trying to access it's properties from the service
> menu.
>
> I've noticed this account in my local security policy settings, not
> sure what it belongs to, or how to find out, or if it is having any
> effect:
> *S-1-5-21-1229272821-1677128483-854245398-1002 and
> *S-1-5-21-1229272821-1677128483-854245398-1004 and
> *S-1-5-21-1229272821-1677128483-854245398-1005
>
> Any more ideas? I'm wondering if the spyware/trojan has someone
> altered something in one of my group/local polices... and how to reset
> them perhaps? Or how to debug them. I haven't touched any of this
> stuff myself.
>
> Much thanks,
> Josh
>
> On Sat, 8 Oct 2005 10:22:41 +0530, "Ramesh, MS-MVP"
> <(E-Mail Removed)> wrote:
>
>>Joshua,
>>
>>See if this helps:
>>
>>You cannot start the Windows Firewall service in Windows XP Service Pack
>>2:
>>http://support.microsoft.com/kb/892199
>>
>>-and-
>>
>>From Start/Run, type Gpedit.msc and navigate to:
>>
>>Computer Configuration
>>=> Administrative Templates
>>=> System
>>=> Network
>>=> Network Connections
>>=> Windows Firewall
>>=> Standard Profile
>>
>>Set the following options to "Not Configured" (defaults)
>>
>>Windows Firewall: Protect all network connections
>>Windows Firewall: Do not allow exceptions
>>Windows Firewall: Define program exceptions
>>Windows Firewall: Allow local program exceptions
>>Windows Firewall: Allow remote administration exception
>>Windows Firewall: Allow file and printer sharing exception
>>Windows Firewall: Allow ICMP exceptions
>>Windows Firewall: Allow Remote Desktop exception
>>Windows Firewall: Allow UPnP framework exception
>>Windows Firewall: Prohibit notifications
>>Windows Firewall: Allow logging
>>Windows Firewall: Prohibit unicast response to multicast or broadcast
>>requests
>>Windows Firewall: Define port exceptions
>>Windows Firewall: Allow local port exceptions

Both keys are present, with a value of 0.
I deleted these keys from the standard and the domian entries. Upon
reboot I can now change my firewall settings from control panel |
Firewall.
So progress!

However, it still says at the top of the firewall settings:
For your security, some settings are controlled by group policy.

I doubt that they are, and that whatever I just did was a "haclk"
around my problems.

When I double click on the firewall service I still get the:
"Configuration Manager: The specified device instance handle does not
correspond to a present device" error, same as before.

I click OK and it will then bring up the settings for the service, as
before.

Josh

On Sat, 8 Oct 2005 12:02:50 +0530, "Ramesh, MS-MVP"
<(E-Mail Removed)> wrote:

>Josh,
>
>Can you check if the WindowsFirewall policy keys are present in the
>registry?
>
>Open Regedit.exe and navigate to:
>
>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil*e
>(and)
>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf*ile
>
>In the right-pane, delete the "EnableFirewall" value.
>
>Close Regedit.exe and restart.

Josh,

The entire "WindowsFirewall" can be deleted (backup to a REG file first). I
have no idea about the "Configuration Manager" error, but will look into
that.

--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org


"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:(E-Mail Removed)...
> Both keys are present, with a value of 0.
> I deleted these keys from the standard and the domian entries. Upon
> reboot I can now change my firewall settings from control panel |
> Firewall.
> So progress!
>
> However, it still says at the top of the firewall settings:
> For your security, some settings are controlled by group policy.
>
> I doubt that they are, and that whatever I just did was a "haclk"
> around my problems.
>
> When I double click on the firewall service I still get the:
> "Configuration Manager: The specified device instance handle does not
> correspond to a present device" error, same as before.
>
> I click OK and it will then bring up the settings for the service, as
> before.
>
> Josh
>
> On Sat, 8 Oct 2005 12:02:50 +0530, "Ramesh, MS-MVP"
> <(E-Mail Removed)> wrote:
>
>>Josh,
>>
>>Can you check if the WindowsFirewall policy keys are present in the
>>registry?
>>
>>Open Regedit.exe and navigate to:
>>
>>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil*e
>>(and)
>>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf*ile
>>
>>In the right-pane, delete the "EnableFirewall" value.
>>
>>Close Regedit.exe and restart.

Would be good to not have the "group policy" settings for the firewall
mentioned.... since that still implies to me that something has been
changed on my system (which might have been done via the trojans). So
if you can find anything more about resetting/fixing that, that would
be much apprecaited also.

Thanks for the help so far.
Josh

On Sat, 8 Oct 2005 17:45:05 +0530, "Ramesh, MS-MVP"
<(E-Mail Removed)> wrote:

>Josh,
>
>The entire "WindowsFirewall" can be deleted (backup to a REG file first). I
>have no idea about the "Configuration Manager" error, but will look into
>that.

Any updates?

Josh

On Sun, 09 Oct 2005 11:23:10 +1300, Joshua Wood
<t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote:

>Would be good to not have the "group policy" settings for the firewall
>mentioned.... since that still implies to me that something has been
>changed on my system (which might have been done via the trojans). So
>if you can find anything more about resetting/fixing that, that would
>be much apprecaited also.
>
>Thanks for the help so far.
>Josh
>
>On Sat, 8 Oct 2005 17:45:05 +0530, "Ramesh, MS-MVP"
><(E-Mail Removed)> wrote:
>
>>Josh,
>>
>>The entire "WindowsFirewall" can be deleted (backup to a REG file first). I
>>have no idea about the "Configuration Manager" error, but will look into
>>that.

Josh,

Does deleting the WindowsFirewall entry help?

From my previous post:

<quote>
The entire "WindowsFirewall" can be deleted (backup to a REG file first).
</quote>

Still no clue about the "Configuration Manager..." error. In case you want
to apply SP2 again, use the walkthrough here:
http://support.microsoft.com/default...t=windowsxpsp2

--
Ramesh, Microsoft MVP
Windows XP Shell/User

Windows XP Troubleshooting
http://www.winhelponline.com


"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:(E-Mail Removed)...
> Any updates?
>
> Josh
>
> On Sun, 09 Oct 2005 11:23:10 +1300, Joshua Wood
> <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote:
>
>>Would be good to not have the "group policy" settings for the firewall
>>mentioned.... since that still implies to me that something has been
>>changed on my system (which might have been done via the trojans). So
>>if you can find anything more about resetting/fixing that, that would
>>be much apprecaited also.
>>
>>Thanks for the help so far.
>>Josh
>>
>>On Sat, 8 Oct 2005 17:45:05 +0530, "Ramesh, MS-MVP"
>><(E-Mail Removed)> wrote:
>>
>>>Josh,
>>>
>>>The entire "WindowsFirewall" can be deleted (backup to a REG file first).
>>>I
>>>have no idea about the "Configuration Manager" error, but will look into
>>>that.

Funnily enough, removing the whole firewall setting here:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil*e
(and)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf*ile

as you suggested, makes the firewall (appear) to work. Already I could
turn it on/off from the "Enabled" key deletion, but now it says either
"Your PC is not protected" or "It is..." and no longer mentions
anything about group policy settings, which is great.

I still get the configuration manager error with the service though.

How come the firewall service wasn't even installed when I reinstalled
SP2 though? That's strange to me, the whole firewall section was
missing. Should I try to reinstall SP2 over the top of itself? I'm not
keen on removing and then reinstalling SP2 if I can help it.

I'm also interested to know why the firewall works correctly WITHOUT
any registry entries, and did not work WITH them... perhaps this might
give you some clues to the service error?

Much thanks again,
Josh


On Fri, 14 Oct 2005 10:37:06 +0530, "Ramesh, MS-MVP"
<(E-Mail Removed)> wrote:

>Josh,
>
>Does deleting the WindowsFirewall entry help?
>
>From my previous post:
>
><quote>
>The entire "WindowsFirewall" can be deleted (backup to a REG file first).
></quote>
>
>Still no clue about the "Configuration Manager..." error. In case you want
>to apply SP2 again, use the walkthrough here:
>http://support.microsoft.com/default...t=windowsxpsp2