browsing workgroup fails when windows firewall service is stopped

[Guest]

Two xp sp2 machines, no wins, no firewall, netbios over tcp/ip enabled

If the windows firewall service is set to disabled or manual and is not
started then computer browser will start then terminate (eventid: 7023, The
Computer Browser service terminated with the following error: This operation
returned because the timeout period expired.) and browsing a workgroup will
fail.

 

[Hans-Georg Michna]

Two xp sp2 machines, no wins, no firewall, netbios over tcp/ip enabled

If the windows firewall service is set to disabled or manual and is not
started then computer browser will start then terminate (eventid: 7023, The
Computer Browser service terminated with the following error: This operation
returned because the timeout period expired.) and browsing a workgroup will
fail.

Alex,

I tried to find out whether this service is needed, but am still
searching.

In any case you can and possibly should set the service to
automatic and disable the firewall through its user interface,
Control panel, Windows firewall.

Generally the service settings should not be changed, unless you
know very well what you are doing. There are some
recommendations on the web to disable all and sundry services.
These are not recommendable. Windows requires its services. It
is not tested in constellations where the user disables selected
services. In other words, as soon as you change such system
settings without a very good reason, you're on your own.

Hans-Georg

 

[BGood]

I am seeing the exact same behavior and it is killing me! We do NOT want
the firewall service to be turned on, but the computer browser terminates
very quickly after disabling the firewall service. As soon as we restart
the firewall service, the computer browser service restarts and runs fine.

Constructive resonses most welcome!

Thanks!

 

[Hans-Georg Michna]

I am seeing the exact same behavior and it is killing me! We do NOT want
the firewall service to be turned on, but the computer browser terminates
very quickly after disabling the firewall service. As soon as we restart
the firewall service, the computer browser service restarts and runs fine.

What happened when you tried the advice in Message-ID:
<[email protected]>?

Hans-Georg

 

[BGood]

Yes, we did enable the Windows Firewall service and disable the firewall
through group policy. That seems to have worked. Now, if Microsoft would
explain to me WHY I am forced to enable and run a service that I desire to
disable in order for a second servie to run, I would appreciate it.
Consider that according to the Dependencies tab of the Firewall Service,
NOTHING depends upon it!

Frankly, it is a travesty that they are now tying these services together.
However, the least they can do is correctly reflect this new relationship in
the Dependencies tab.

Thanks for your time.

 

[Chuck]

Yes, we did enable the Windows Firewall service and disable the firewall
through group policy. That seems to have worked. Now, if Microsoft would
explain to me WHY I am forced to enable and run a service that I desire to
disable in order for a second servie to run, I would appreciate it.
Consider that according to the Dependencies tab of the Firewall Service,
NOTHING depends upon it!

Frankly, it is a travesty that they are now tying these services together.
However, the least they can do is correctly reflect this new relationship in
the Dependencies tab.

Thanks for your time.

Knowing how insecure Windows is, I would suspect that the WF service is required
(with WF enabled or not), to prevent malware from enabling unrestricted access
to your computer, by simply stopping the service. Kind of like a fuse, that
burns out, and disconnects what it's protecting from the electric service.

It is unfortunate that the Dependencies tab does not reflect the true
consequence of stopping the service. Probably another reason why this OS is
named eXPerience.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Hans-Georg Michna]

Yes, we did enable the Windows Firewall service and disable the firewall
through group policy. That seems to have worked. Now, if Microsoft would
explain to me WHY I am forced to enable and run a service that I desire to
disable in order for a second servie to run, I would appreciate it.
Consider that according to the Dependencies tab of the Firewall Service,
NOTHING depends upon it!

Frankly, it is a travesty that they are now tying these services together.
However, the least they can do is correctly reflect this new relationship in
the Dependencies tab.

Thanks for your time.

The services are not a normal user choice. Their settings are
not meant to be touched by the user.

They can be changed, very carefully, by experienced network
administrators who know exactly what they are doing.

The problem here is that people issue strange recommendations
and post them to the web. Other people read these
recommendations and act on them without knowing whether they are
good or bad. Here they were bad.

Microsoft can hardly be blamed, because nowhere did they say
that the user could disable any service and still have Windows
run properly. And, actually, most users don't do that, so the
problem is small.

Hans-Georg

 

[BGood]

Security-conscious businesses WILL look to disable ALL UNNECESSARY services
on deployed Windows Systems.

I would refer you to Microsoft's "Security Settings for Windows XP Clients",
Chapter 2
(http://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/xpsgch03.mspx)
where they state:
Important: Keep in mind that any service or application is a potential point
of attack. Therefore, any unneeded services or executable files should be
disabled or removed in your environment.
Later, in talking about the firewall, they state:

There are some limitations with ICF that organizations must consider before
enabling it throughout their enterprise.

So, then, it should not be unreasonable to attempt to disable the firewall
by disabling the service. Furthermore, if there IS a depencency between the
firewall service and the computer browser service, it should be shown in the
user interface on the "Dependencies" tab.

 

[Hans-Georg Michna]

Security-conscious businesses WILL look to disable ALL UNNECESSARY services
on deployed Windows Systems.

I would refer you to Microsoft's "Security Settings for Windows XP Clients",
Chapter 2
(http://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/xpsgch03.mspx)
where they state:
Important: Keep in mind that any service or application is a potential point
of attack. Therefore, any unneeded services or executable files should be
disabled or removed in your environment.
Later, in talking about the firewall, they state:

There are some limitations with ICF that organizations must consider before
enabling it throughout their enterprise.

Cite from that document: "covers in detail the primary security
settings configured via Group Policy in a Microsoft® Windows
Server 2003â„¢ domain."

So, then, it should not be unreasonable to attempt to disable the firewall
by disabling the service.

If you're a trained administrator in a corporate environment,
then you would presumably know whether that's reasonable or not.

Furthermore, if there IS a depencency between the
firewall service and the computer browser service, it should be shown in the
user interface on the "Dependencies" tab.

Yes, I agree that that would be nice. But there are quite a few
dependencies that aren't listed there. Another example is a
service that is by default set to manual and is nonetheless
started automatically by other processes on demand. Again, you
wouldn't know, unless you had background information.

In this situation my advice can only be, if you have very good
background information, then you can do such things. If you
don't the best advice is to stick to the default settings.

If you have changed the start type of your services and don't
know what they should be, use the following web page.

Windows XP Home and Professional Service Pack 2 Service
Configurations
http://www.BlackViper.com/WinXP/servicecfg.htm

Hans-Georg