XP firewall Profile problem

[Guest]

NT4 domain and we are rolling out XPSP2. We have a very complex networking
enviroment and I want to disable the firewall when the computer is connected
to the domain. I thought that the domain profile was supposed to do this but
so far I haven't gotten the computer to change profiles. No matter what I do
it always in th e standard profile. How do I get the firewall to use the
domain profile?

Thanks

 

[Torgeir Bakken \(MVP\)]

NT4 domain and we are rolling out XPSP2. We have a very complex networking
enviroment and I want to disable the firewall when the computer is connected
to the domain. I thought that the domain profile was supposed to do this but
so far I haven't gotten the computer to change profiles. No matter what I do
it always in th e standard profile. How do I get the firewall to use the
domain profile?

Hi,

As you have a NT4 domain, you will not be able to use the domain
profile, you will need to have Active Directory for this to work.


Here is how the SP2 firewall determines if it is to activate
the domain or standard profile:

If last-received Group Policy update DNS name match any of the
connection-specific DNS suffixes of the currently connected
connections (not PPP or SLIP-based) on the computer the FW's
domain settings will be used. In all other cases the standard
profile will be used. There is no way to change this behavior.

From
The Cable Guy - May 2004
Network Determination Behavior for Network-Related Group Policy Settings
http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx

<quote>
To apply this behavior to Windows Firewall settings:

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based (such as
an Ethernet or 802.11 wireless network adapter) matches the value
of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the domain profile.

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based does not
match the value of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the standard profile.

You can determine the connection-specific DNS suffixes of the
currently connected connections on the computer from the display
of the ipconfig command issued from a command prompt.

</quote>

Read the Cable Guy article for more about this.

 

[Krishnakumar]

Dear

i went through the following steps.

1. Already connected to a domain network (now the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group

Policy\History\NetworkName contain my domain name). Now firewall settings dialog shows that "windows is using your domain settings".

2. Disconnect from the network ( just unplug the network cable). Now the
firewall settings dialog shows that "windows is using your non-domain
settings". But the thing is that when i checked the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
Policy\History\NetworkName it contains the previous domain name.

Then how can i identify (by code) the current profile?
or i can i assume that the system is using the standard profile if the
network is not available?

Regards,
Krishnakumar