How to detect if the Windows XP firewall is enabled on my LAN computers ?

[Eric]

Hi,

a lot of users in our LAN have admin rights (I know it's bad but please
it is like that, so please dont blame me about that ).

Some of them have the Windows XP firewall enabled and not configured
correctly. By the way, I am not able to detect those computers on the
network through a ping and I cannot force a group policy because the
firewall is blocking the trafic too; neither remotely request a service
state etc...

My question is : How can I detect computers that are running XP
firewall ?

Thanks in advance

 

[Malke]

Hi,

a lot of users in our LAN have admin rights (I know it's bad but please
it is like that, so please dont blame me about that ).

Some of them have the Windows XP firewall enabled and not configured
correctly. By the way, I am not able to detect those computers on the
network through a ping and I cannot force a group policy because the
firewall is blocking the trafic too; neither remotely request a service
state etc...

My question is : How can I detect computers that are running XP
firewall ?

If you can't access the machines remotely, you'll need to go on-site and fix
them. If you have assigned static IP addresses, obviously the ones you
can't ping are the problem machines. Otherwise it's just trial and error,
comparing machines you can reach to the ones you can't on your inventory
list. Unless you're talking about thousands of machines, probably easier to
just go on-site or have someone at the remote site sit at the machines and
talk to you on the phone.

Malke

 

[Pegasus \(MVP\)]

Hi,

a lot of users in our LAN have admin rights (I know it's bad but please it
is like that, so please dont blame me about that ).

Some of them have the Windows XP firewall enabled and not configured
correctly. By the way, I am not able to detect those computers on the
network through a ping and I cannot force a group policy because the
firewall is blocking the trafic too; neither remotely request a service
state etc...

My question is : How can I detect computers that are running XP firewall ?

Thanks in advance

You could insert the following lines into your logon script. I have numbered
the lines so that you can unwrap them correctly.

1. @echo off
2. set
Key=HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
3. reg query %Key% | find /i "EnableFirewall" | find /i "0x1" > nul && goto
:eof
4. echo %date% %time% %UserName% %computername% >>
\\YourServer\SomeShare\SomeFolder\FW.txt

The file \\YourServer\SomeShare\SomeFolder\FW.txt will accumulate a list of
workstations that have the firewall disabled.

By the way, I suggest you resolve the issue of local administrators by
negotiating with the respective managers. If you have a bunch of primadonnas
who insist on running their PCs they way they think best then sooner or
later you're going to be hit by something big and bad. When making your case
then you must outline the likely consequences of users being allowed to make
their own security adjustments - in writing so that you won't be the fall
guy when the sh... hits the fan.