Turning XP firewall off

G

Guest

My Question is: Is the firewall turned off? Why am I getting the errors in
the security log?


I have created a group policy that turns off the windows XP firewall.
The policy is working – I have verified it both using the group policy
results and registry settings.
I have made the following changes to the group policy:

Prohibit use of Internet Connection Firewall on your DNS domain network
Enabled

Windows Firewall: Protect all network connections
Disabled

Windows Firewall: Protect all network connections
Enabled

When I run a: netsh firewall show state verbose=enable
<clip>
Local Area Connection 3 firewall settings:
-----------------------------------------------------------------
Operational mode = Enable
Version = IPv4
GUID = {01BC0070-58E6-4F13-80D9-FD590F38B2D1}
<clip>

In the event viewer:

The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 212
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 68
Allowed: No
User notified: No

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Of course when I click the link in the event view I get:
We’re sorry
There is no additional information about this issue in the Error and Event
Log Messages or Knowledge Base databases at this time. You can use the links
in the Support area to determine whether any additional information might be
available elsewhere


Thanks!
 
G

Guest

More information:


C:\>Netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile = Domain
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Disable
 
G

Guest

H:\>Netsh firewall show config

Domain profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable

Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No UPnP Framework
Enable No Remote Desktop

Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable Message Queuing / C:\WINDOWS\system32\mqsvc.exe
Enable Microsoft Management Console / C:\WINDOWS\system32\mmc.exe
Enable Remote Desktop Connection / C:\WINDOWS\system32\mstsc.exe
Enable Microsoft Word for Windows / C:\Program Files\Microsoft
Office\Office\WINWORD.EXE
Enable Meditech Client/Server HCIS / C:\Program
Files\Meditech\MagicCS\Client\VMAGIC.EXE
Enable Track-It! Remote Control / C:\WINDOWS\TIREMOTE\wuser32.exe
Enable Track-It! Workstation Manager /
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
Enable pcAnywhere Main Executable / C:\Program
Files\Symantec\pcAnywhere\Winaw32.exe
Enable pcAnywhere Host Service / C:\Program
Files\Symantec\pcAnywhere\awhost32.exe
Enable pcAnywhere Remote Service / C:\Program
Files\Symantec\pcAnywhere\awrem32.exe

Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
1900 UDP Enable SSDP Component of UPnP Framework
2869 TCP Enable UPnP Framework over TCP
3389 TCP Enable Remote Desktop

Standard profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable

Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No UPnP Framework
Enable No Remote Desktop

Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable Message Queuing / C:\WINDOWS\system32\mqsvc.exe
Enable Scheduler / C:\WINDOWS\SMINST\Scheduler.exe

Port configuration for Standard profile:
Port Protocol Mode Name
-------------------------------------------------------------------
1900 UDP Enable SSDP Component of UPnP Framework
2869 TCP Enable UPnP Framework over TCP
3389 TCP Enable Remote Desktop

Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable

Local Area Connection 3 firewall configuration:
-------------------------------------------------------------------
Operational mode = Disable

Wireless Network Connection firewall configuration:
 
G

Guest

Found a note in technet:

Note:
Windows Firewall events are written to the event log any time the Windows
Firewall/Internet Connection Sharing service is running, even if Windows
Firewall is turned off (disabled).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Firewall still rejecting packets 1
Firewall OFF! 2
Turning off Firewall 2
XP Firewall Issue - Domain 1
Disable firewall through GPO's 5
Event log fills up with Failure Audit events (XP-Pro) 2
How to disable the firewall on XP SP2 2
How to control Windows Firewall (XP Service Pack 2) at CLIENT Level 1

Top