XP Firewall & Group Policies

[Scott M.]

After installing XP SP2, I find that the XP Firewall is turned on (not a
surprise). The option to disable it (I use a different software firewall)
is itself disabled. A message at the top of the dialog says: "For your
security, some settings are controlled by Group Policy."

I've looked in the Local Security Policy settings and don't see anything
that seems to have anything to do with the firewall. I want to turn the
Windows SP 2 Firewall off. How can I do this?

 

[Doug Knox MS-MVP]

Assuming you're running XP Pro, open GPEDIT.MSC Go to:

Computer Configuration, Administrative Templates, Network, Network Connections, Standard Profile. Look in the right pane for the Windows Firewall: Protect All Network Connections entry. Double click it and set it to Not Configured.

Repeat for the Domain Profile.

 

[Scott M.]

All the entries for both Domain and Standard are set to "Not Configured".
Now, what?


Assuming you're running XP Pro, open GPEDIT.MSC Go to:

Computer Configuration, Administrative Templates, Network, Network
Connections, Standard Profile. Look in the right pane for the Windows
Firewall: Protect All Network Connections entry. Double click it and set it
to Not Configured.

Repeat for the Domain Profile.

 

[Doug Knox MS-MVP]

Set the Policy in both Domain and Standard to Enabled or Disabled, and Apply the change. Then set it back to Not Configured.

Alternatively, click Start, Run and enter REGEDIT Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile

Look in the right pane for a value called "EnableFirewall". If it exists, double click it and set it to 0 (zero). If not found there, check in:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile

 

[Scott M.]

Ok Doug,

I went into the registry and found that for StandardProfile and
DomainProfile the value for EnableFirewall was set to 1, I changed both to 0
and that did the trick except that while the firewall is now off, the dialog
that lets me control on/off is still grayed out. Any thoughts on how to
enable this dialog without having to go to the registry each time?

Thanks.


Set the Policy in both Domain and Standard to Enabled or Disabled, and Apply
the change. Then set it back to Not Configured.

Alternatively, click Start, Run and enter REGEDIT Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile

Look in the right pane for a value called "EnableFirewall". If it exists,
double click it and set it to 0 (zero). If not found there, check in:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com

 

[Guest]

This worked on my Small Business Server 2003 network, but it affects all
domain-based workstations running XP-SP2.

Solution ----

1) On the server, go to Start->Administrative Tools->Group Policy
Management, drill down to Forest--Domains--<domain name>--Small Business
Server Windows Firewall

2) Right-click on this object (Small Business Server Firewall) and select
Edit

3) Drill down to Computer Configuration->Administrative
Templates->Network->Network Connections->Windows Firewall->Domain Profile

4) Change the value of "Windows Firewall: Protect All Network Connections"
from 'Enabled' to 'Not Configured'

5) This will allow the client workstation the ability to turn on/off the
Windows Firewall.

6) If you want to do the same for a client workstation when its disconnected
from the domain (i.e. a mobile, laptop computer), then choose 'Standard
Profile' instead of 'Domain Profile' in Step #3 above.

Regards,

Terry