Turning on the firewall via a GPO

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello:

I have been working on getting my network ready for WinXP SP2. The firewall
is the big thing for me. I have found the GPO that allows me to turn the
firewall on, but when I do that the user can not turn it off if they choose
to. Ideally I want the firewall configured so it will be on everytime the
user restarts there computer. They can turn it off, but when the computer
reboots the firewall will be back on again.

Does any know if I can configure it this way?

Harrison Midkiff
4 answers Last reply
More about turning firewall
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Check out:

    http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

    and the useful links at end of that article.

    Do let us know if it helps. Thanks.


    "Harrison Midkiff" wrote:

    > Hello:
    >
    > I have been working on getting my network ready for WinXP SP2. The firewall
    > is the big thing for me. I have found the GPO that allows me to turn the
    > firewall on, but when I do that the user can not turn it off if they choose
    > to. Ideally I want the firewall configured so it will be on everytime the
    > user restarts there computer. They can turn it off, but when the computer
    > reboots the firewall will be back on again.
    >
    > Does any know if I can configure it this way?
    >
    > Harrison Midkiff
    >
    >
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi Harrison,

    Thanks for posting here. Also thank the other customer's reply.

    From your post, my understanding of your concern is: You want to know how
    to configure the Windows Firewall to allow user to turn off the Firewall,
    but itself will turn on after next restarting. If this is not correct,
    please feel free to let me know.

    Although there isn't a proper simple policy with GPO to do this, we still
    can complete this by Script:

    1. Edit a script which can run the following command:

    netsh firewall set opmode enable

    Above command will turn on the Windows Firewall

    For more information about this command, please refer to the following
    document:

    Deploying Windows Firewall Settings for Microsoft Windows XP with Service
    Pack 2
    http://download.microsoft.com/download/6/8/a/68a81446-cd73-4a61-8665-8a67781
    ac4e8/wf_xpsp2.doc

    2. Add the script file to Domain Default GPO as Computer Startup or/and
    Shutdown Scripts

    For more information about how to write script and GPO Startup/Shutdown
    Scripts, please refer to the following Microsoft Web site:

    Script Center
    http://www.microsoft.com/technet/community/scriptcenter/default.mspx

    Windows 2000 Computer Startup Scripts:
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/optimi
    ze/startw2k.asp?frame=true

    Active Directory Services and Group Policy in Windows Server 2003:
    http://www.microsoft.com/israel/events/downloads/ws2003event/Active_Director
    y.ppt

    Hope this helps!

    Have a nice day!

    Sincerely,
    Tom Che
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    >Thread-Topic: Turning on the firewall via a GPO
    >thread-index: AcVPZp7a56Usv23ORUKE40cVRr7WNg==
    >X-WBNR-Posting-Host: 83.78.3.187
    >From: "=?Utf-8?B?RGVzbW9uZCBMZWU=?=" <mcp@donotspamplease.mars>
    >References: <OTk5#Y1TFHA.544@TK2MSFTNGP15.phx.gbl>
    >Subject: RE: Turning on the firewall via a GPO
    >Date: Mon, 2 May 2005 15:31:02 -0700
    >Lines: 27
    >Message-ID: <49F889A8-125C-430F-8A6D-3FB743D47DBD@microsoft.com>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="Utf-8"
    >Content-Transfer-Encoding: 7bit
    >X-Newsreader: Microsoft CDO for Windows 2000
    >Content-Class: urn:content-classes:message
    >Importance: normal
    >Priority: normal
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    >Newsgroups: microsoft.public.windowsxp.security_admin
    >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.security_admin:45766
    >X-Tomcat-NG: microsoft.public.windowsxp.security_admin
    >
    >Check out:
    >
    > http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx
    >
    >and the useful links at end of that article.
    >
    >Do let us know if it helps. Thanks.
    >
    >
    >"Harrison Midkiff" wrote:
    >
    >> Hello:
    >>
    >> I have been working on getting my network ready for WinXP SP2. The
    firewall
    >> is the big thing for me. I have found the GPO that allows me to turn the
    >> firewall on, but when I do that the user can not turn it off if they
    choose
    >> to. Ideally I want the firewall configured so it will be on everytime
    the
    >> user restarts there computer. They can turn it off, but when the
    computer
    >> reboots the firewall will be back on again.
    >>
    >> Does any know if I can configure it this way?
    >>
    >> Harrison Midkiff
    >>
    >>
    >>
    >>
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Tom:

    Excellent.... Works perfectly.... Thanks....

    Harrison Midkiff

    "Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
    news:GHIzRM8TFHA.388@TK2MSFTNGXA01.phx.gbl...
    > Hi Harrison,
    >
    > Thanks for posting here. Also thank the other customer's reply.
    >
    > From your post, my understanding of your concern is: You want to know how
    > to configure the Windows Firewall to allow user to turn off the Firewall,
    > but itself will turn on after next restarting. If this is not correct,
    > please feel free to let me know.
    >
    > Although there isn't a proper simple policy with GPO to do this, we still
    > can complete this by Script:
    >
    > 1. Edit a script which can run the following command:
    >
    > netsh firewall set opmode enable
    >
    > Above command will turn on the Windows Firewall
    >
    > For more information about this command, please refer to the following
    > document:
    >
    > Deploying Windows Firewall Settings for Microsoft Windows XP with Service
    > Pack 2
    > http://download.microsoft.com/download/6/8/a/68a81446-cd73-4a61-8665-8a67781
    > ac4e8/wf_xpsp2.doc
    >
    > 2. Add the script file to Domain Default GPO as Computer Startup or/and
    > Shutdown Scripts
    >
    > For more information about how to write script and GPO Startup/Shutdown
    > Scripts, please refer to the following Microsoft Web site:
    >
    > Script Center
    > http://www.microsoft.com/technet/community/scriptcenter/default.mspx
    >
    > Windows 2000 Computer Startup Scripts:
    > http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/optimi
    > ze/startw2k.asp?frame=true
    >
    > Active Directory Services and Group Policy in Windows Server 2003:
    > http://www.microsoft.com/israel/events/downloads/ws2003event/Active_Director
    > y.ppt
    >
    > Hope this helps!
    >
    > Have a nice day!
    >
    > Sincerely,
    > Tom Che
    > Microsoft Online Partner Support
    >
    > Get Secure! - www.microsoft.com/security
    > =====================================================
    > When responding to posts, please "Reply to Group" via your newsreader so
    > that others may learn and benefit from your issue.
    > =====================================================
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >
    > --------------------
    >>Thread-Topic: Turning on the firewall via a GPO
    >>thread-index: AcVPZp7a56Usv23ORUKE40cVRr7WNg==
    >>X-WBNR-Posting-Host: 83.78.3.187
    >>From: "=?Utf-8?B?RGVzbW9uZCBMZWU=?=" <mcp@donotspamplease.mars>
    >>References: <OTk5#Y1TFHA.544@TK2MSFTNGP15.phx.gbl>
    >>Subject: RE: Turning on the firewall via a GPO
    >>Date: Mon, 2 May 2005 15:31:02 -0700
    >>Lines: 27
    >>Message-ID: <49F889A8-125C-430F-8A6D-3FB743D47DBD@microsoft.com>
    >>MIME-Version: 1.0
    >>Content-Type: text/plain;
    >> charset="Utf-8"
    >>Content-Transfer-Encoding: 7bit
    >>X-Newsreader: Microsoft CDO for Windows 2000
    >>Content-Class: urn:content-classes:message
    >>Importance: normal
    >>Priority: normal
    >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    >>Newsgroups: microsoft.public.windowsxp.security_admin
    >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    >>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    >>Xref: TK2MSFTNGXA01.phx.gbl
    >>microsoft.public.windowsxp.security_admin:45766
    >>X-Tomcat-NG: microsoft.public.windowsxp.security_admin
    >>
    >>Check out:
    >>
    >>
    >> http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx
    >>
    >>and the useful links at end of that article.
    >>
    >>Do let us know if it helps. Thanks.
    >>
    >>
    >>"Harrison Midkiff" wrote:
    >>
    >>> Hello:
    >>>
    >>> I have been working on getting my network ready for WinXP SP2. The
    > firewall
    >>> is the big thing for me. I have found the GPO that allows me to turn the
    >>> firewall on, but when I do that the user can not turn it off if they
    > choose
    >>> to. Ideally I want the firewall configured so it will be on everytime
    > the
    >>> user restarts there computer. They can turn it off, but when the
    > computer
    >>> reboots the firewall will be back on again.
    >>>
    >>> Does any know if I can configure it this way?
    >>>
    >>> Harrison Midkiff
    >>>
    >>>
    >>>
    >>>
    >>
    >
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi Harrison,

    I appreciate your update and response, and I am glad to hear that the
    problem has been fixed. If you have any other questions or concerns,
    please do not hesitate to contact us. It is always our pleasure to be of
    assistance.

    Have a nice day!

    Sincerely,
    Tom Che
    Microsoft Online Partner Support

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    Business-Critical Phone Support (BCPS) provides you with technical phone
    support at no charge during critical LAN outages or "business down"
    situations. This benefit is available 24 hours a day, 7 days a week to all
    Microsoft technology partners in the United States and Canada.

    This and other support options are available here:
    BCPS:
    https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469
    Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/

    If you are outside the United States, please visit our International
    Support page: http://support.microsoft.com/common/international.aspx.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.


    --------------------
    >Reply-To: "Harrison Midkiff" <HMidkiff@aviinc.com>
    >From: "Harrison Midkiff" <HMidkiff@aviinc.com>
    >References: <OTk5#Y1TFHA.544@TK2MSFTNGP15.phx.gbl>
    <49F889A8-125C-430F-8A6D-3FB743D47DBD@microsoft.com>
    <GHIzRM8TFHA.388@TK2MSFTNGXA01.phx.gbl>
    >Subject: Re: Turning on the firewall via a GPO
    >Date: Tue, 3 May 2005 08:32:01 -0400
    >Lines: 129
    >Organization: Audio Visual Innovations, Inc.
    >X-Priority: 3
    >X-MSMail-Priority: Normal
    >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    >X-RFC2646: Format=Flowed; Original
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    >Message-ID: <eU#dYw9TFHA.736@TK2MSFTNGP10.phx.gbl>
    >Newsgroups: microsoft.public.windowsxp.security_admin
    >NNTP-Posting-Host: 208.5.55.190
    >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
    >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.security_admin:45790
    >X-Tomcat-NG: microsoft.public.windowsxp.security_admin
    >
    >Tom:
    >
    >Excellent.... Works perfectly.... Thanks....
    >
    >Harrison Midkiff
    >
    >"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
    >news:GHIzRM8TFHA.388@TK2MSFTNGXA01.phx.gbl...
    >> Hi Harrison,
    >>
    >> Thanks for posting here. Also thank the other customer's reply.
    >>
    >> From your post, my understanding of your concern is: You want to know how
    >> to configure the Windows Firewall to allow user to turn off the Firewall,
    >> but itself will turn on after next restarting. If this is not correct,
    >> please feel free to let me know.
    >>
    >> Although there isn't a proper simple policy with GPO to do this, we still
    >> can complete this by Script:
    >>
    >> 1. Edit a script which can run the following command:
    >>
    >> netsh firewall set opmode enable
    >>
    >> Above command will turn on the Windows Firewall
    >>
    >> For more information about this command, please refer to the following
    >> document:
    >>
    >> Deploying Windows Firewall Settings for Microsoft Windows XP with Service
    >> Pack 2
    >>
    http://download.microsoft.com/download/6/8/a/68a81446-cd73-4a61-8665-8a67781
    >> ac4e8/wf_xpsp2.doc
    >>
    >> 2. Add the script file to Domain Default GPO as Computer Startup or/and
    >> Shutdown Scripts
    >>
    >> For more information about how to write script and GPO Startup/Shutdown
    >> Scripts, please refer to the following Microsoft Web site:
    >>
    >> Script Center
    >> http://www.microsoft.com/technet/community/scriptcenter/default.mspx
    >>
    >> Windows 2000 Computer Startup Scripts:
    >>
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/optimi
    >> ze/startw2k.asp?frame=true
    >>
    >> Active Directory Services and Group Policy in Windows Server 2003:
    >>
    http://www.microsoft.com/israel/events/downloads/ws2003event/Active_Director
    >> y.ppt
    >>
    >> Hope this helps!
    >>
    >> Have a nice day!
    >>
    >> Sincerely,
    >> Tom Che
    >> Microsoft Online Partner Support
    >>
    >> Get Secure! - www.microsoft.com/security
    >> =====================================================
    >> When responding to posts, please "Reply to Group" via your newsreader so
    >> that others may learn and benefit from your issue.
    >> =====================================================
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    >> --------------------
    >>>Thread-Topic: Turning on the firewall via a GPO
    >>>thread-index: AcVPZp7a56Usv23ORUKE40cVRr7WNg==
    >>>X-WBNR-Posting-Host: 83.78.3.187
    >>>From: "=?Utf-8?B?RGVzbW9uZCBMZWU=?=" <mcp@donotspamplease.mars>
    >>>References: <OTk5#Y1TFHA.544@TK2MSFTNGP15.phx.gbl>
    >>>Subject: RE: Turning on the firewall via a GPO
    >>>Date: Mon, 2 May 2005 15:31:02 -0700
    >>>Lines: 27
    >>>Message-ID: <49F889A8-125C-430F-8A6D-3FB743D47DBD@microsoft.com>
    >>>MIME-Version: 1.0
    >>>Content-Type: text/plain;
    >>> charset="Utf-8"
    >>>Content-Transfer-Encoding: 7bit
    >>>X-Newsreader: Microsoft CDO for Windows 2000
    >>>Content-Class: urn:content-classes:message
    >>>Importance: normal
    >>>Priority: normal
    >>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    >>>Newsgroups: microsoft.public.windowsxp.security_admin
    >>>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    >>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    >>>Xref: TK2MSFTNGXA01.phx.gbl
    >>>microsoft.public.windowsxp.security_admin:45766
    >>>X-Tomcat-NG: microsoft.public.windowsxp.security_admin
    >>>
    >>>Check out:
    >>>
    >>>
    >>> http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx
    >>>
    >>>and the useful links at end of that article.
    >>>
    >>>Do let us know if it helps. Thanks.
    >>>
    >>>
    >>>"Harrison Midkiff" wrote:
    >>>
    >>>> Hello:
    >>>>
    >>>> I have been working on getting my network ready for WinXP SP2. The
    >> firewall
    >>>> is the big thing for me. I have found the GPO that allows me to turn
    the
    >>>> firewall on, but when I do that the user can not turn it off if they
    >> choose
    >>>> to. Ideally I want the firewall configured so it will be on everytime
    >> the
    >>>> user restarts there computer. They can turn it off, but when the
    >> computer
    >>>> reboots the firewall will be back on again.
    >>>>
    >>>> Does any know if I can configure it this way?
    >>>>
    >>>> Harrison Midkiff
    >>>>
    >>>>
    >>>>
    >>>>
    >>>
    >>
    >
    >
    >
Ask a new question

Read More

Security Computers Firewalls Microsoft Windows XP