Double check the setting for 'Prohibit use of Internet Connection
Firewall on your DNS domain network'. If it's at regular intervals that
the firewall disables itself, does it coincide with your GPO refresh
rate? What does the machines event viewer logs look like?
Also, have you ruled out the user as the one who is changing the
settings? A user with administrative rights can change the settings.
Tim
-----Original Message-----
From: Michael van Zwieten [mailto:mvanzwieten (at) gmail (dot) com [email concealed]]
Sent: Thursday, December 02, 2004 12:40 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: XP SP2 & GPO controlled firewall gets activated for unknown
reasons...
Hi Everyone,
I configured GroupPolicy to control the XP SP2 Firewall using the
standard and domain profiles. In the standard profile, the firewall is
on... in the Domain profile, the firewall is off.
We have come to find that for some unknown reason, random workstations
throughout our organization will simply turn their domain profile off,
and turn their firewall on. This makes remote admin/support impossible
in our situation...
Doing a 'netsh firewall show state' shows that the firewall is on when
it should be off, since the workstation is sitting on a LAN hooking into
our domain. When we reboot, or do a 'gpupdate /force' and a reboot will
usually turn the firewall off, and normal operations are resumed...
until it randomly drops again, and turns the firewall on.
Like others that I'm in contact with have found, this problem only
occurs sometimes, not always... and it seems random. When looking at
client settings, they are no different from ones that work, to ones that
don't work. Nothing in the event log.
Apparently SP2 does some sort of network discovery to see if it belongs
to the same DNS suffix as the domain it belongs to in AD. The clients
aren't dropping off the network, and never lose connection.
Clients aren't hibernating, nic cards aren't going to sleep, etc.
Does anyone have any ideas on how to make this GP controlled XP Firewall
mess a bit more reliable?
Firewall on your DNS domain network'. If it's at regular intervals that
the firewall disables itself, does it coincide with your GPO refresh
rate? What does the machines event viewer logs look like?
Also, have you ruled out the user as the one who is changing the
settings? A user with administrative rights can change the settings.
Tim
-----Original Message-----
From: Michael van Zwieten [mailto:mvanzwieten (at) gmail (dot) com [email concealed]]
Sent: Thursday, December 02, 2004 12:40 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: XP SP2 & GPO controlled firewall gets activated for unknown
reasons...
Hi Everyone,
I configured GroupPolicy to control the XP SP2 Firewall using the
standard and domain profiles. In the standard profile, the firewall is
on... in the Domain profile, the firewall is off.
We have come to find that for some unknown reason, random workstations
throughout our organization will simply turn their domain profile off,
and turn their firewall on. This makes remote admin/support impossible
in our situation...
Doing a 'netsh firewall show state' shows that the firewall is on when
it should be off, since the workstation is sitting on a LAN hooking into
our domain. When we reboot, or do a 'gpupdate /force' and a reboot will
usually turn the firewall off, and normal operations are resumed...
until it randomly drops again, and turns the firewall on.
Like others that I'm in contact with have found, this problem only
occurs sometimes, not always... and it seems random. When looking at
client settings, they are no different from ones that work, to ones that
don't work. Nothing in the event log.
Apparently SP2 does some sort of network discovery to see if it belongs
to the same DNS suffix as the domain it belongs to in AD. The clients
aren't dropping off the network, and never lose connection.
Clients aren't hibernating, nic cards aren't going to sleep, etc.
Does anyone have any ideas on how to make this GP controlled XP Firewall
mess a bit more reliable?
Thanks for your help,
Mike
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]