Mike said:
I need to deploy SP2 without the firewall on by default. I
already know how to edit the netfw.inf file to do this once it
is already installed, but I need to be able to have SP2
installed with the firewall off by default. I don't know how
to edit the install package.
Hi
If you have Active Directory, use Group Policy for this, more about
Windows Firewall Group Policy settings in WF_XPSP2.doc:
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
If Group Policy is not an option:
1)
An alternative is to set some registry settings before the SP2
installation so the FW disables itself when it finds those registry
settings:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
\EnableFirewall=0 (DWORD data type)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
\EnableFirewall=0 (DWORD data type)
(adding the registry values after SP2 is installed will also disable
the firewall at next startup)
Those registry values are documented in WF_XPSP2.doc
WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft
Windows XP with Service Pack 2" is downloadable from
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
2)
The following command line will disable SP2's firewall (must be
run after SP2 is installed and at least one reboot is done):
netsh.exe firewall set opmode mode=disable profile=all
(this will do the same as the registry values above)
The netsh.exe syntax is also documented in WF_XPSP2.doc.
If you want to disable the firewall service as well, run this command
line (do not remove the space after start= ):
sc.exe config SharedAccess start= disabled
The netsh.exe, as well as sc.exe command above can be put into RunOnce
in registry so they are automatically run at first logon after the SP2
installation.
If you don't want to disable the FW, but you need to configure it in a
non-AD environment, you can use the command line "netsh firewall ...",
or the file Netfw.inf (well, you can use netsh.exe and Netfw.inf to
disable the firewall as well).
A new file is introduced with SP2 for Windows XP, the Windows Firewall
INF file (Netfw.inf). It can be used to to modify default settings
either as part of the installation or after installation.
Search for Netfw.inf in the document available here (WF_XPSP2.doc):
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
and more here as well:
Using the Windows Firewall INF File in Microsoft Windows XP Service Pack 2
http://download.microsoft.com/download/4/2/c/42c9b5d4-25d7-414c-a149-648ca4149596/WFINF_Guide.doc
To use netfw.inf so your FW configuration changes comes in as part of
the SP2 installation (this way it is no need for any post installation
operations) take a look here:
http://groups.google.com/[email protected]