Scripting Laptops to turn on personal firewall

[Peter]

Here is my issue.

I have a 2000 domain in native mode with all windows XP
pro clients. Some are laptops when these laptops leave
the internal network I would like the personal firewall
to turn on. The users do not have admin rights so is this
possible can anyone point me in any direction. Script
center didnt seem to having anything so im down to
forums. Let me know!

Peter

 

[Dr. Jack Seredyniecki]

From the command line:

net start "Internet Connection Firewall (ICF) / Internet Connection Sharing
(ICS)"

 

[Peter]

Thanks for the help,

That helps but I would like to know if anyone has been
able to do this with group policy or scripting short of
just stopping a service. The issue is we cannot rely on
people to turn this on everytime they move from there
home to work etc so I want to automate it.

Peter

 

[Roger Abell]

You can manage services with a WMI script.
However, if the user is not logging in as an admin
you cannot set this in a login script. You conld look
into using a startup script - but many people just use
hibernate on transportables now a days, and during
startup you would not know what environment the
machine is in - corp net or home/road.
Perhaps your closest approach is to use a GPO to
set the service to automatic, and then use a startup
script to stop the service - if it can detect that it is in
the corp net (remember that things will cache so the
GPO being enforced does not fail just becasue the
domain is not there).

 

[Kent W. England [MVP]]

Instead, get a personal firewall that supports trusted networks.
Configure your corporate network as a trusted network. Then the firewall
can work the same way on your corporate network and at home.