XP firewall Profile problem

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

NT4 domain and we are rolling out XPSP2. We have a very complex networking
enviroment and I want to disable the firewall when the computer is connected
to the domain. I thought that the domain profile was supposed to do this but
so far I haven't gotten the computer to change profiles. No matter what I do
it always in th e standard profile. How do I get the firewall to use the
domain profile?

Thanks
1 answer Last reply
More about firewall profile problem
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    lunarpc wrote:

    > NT4 domain and we are rolling out XPSP2. We have a very complex networking
    > enviroment and I want to disable the firewall when the computer is connected
    > to the domain. I thought that the domain profile was supposed to do this but
    > so far I haven't gotten the computer to change profiles. No matter what I do
    > it always in th e standard profile. How do I get the firewall to use the
    > domain profile?
    Hi,

    As you have a NT4 domain, you will not be able to use the domain
    profile, you will need to have Active Directory for this to work.


    Here is how the SP2 firewall determines if it is to activate
    the domain or standard profile:

    If last-received Group Policy update DNS name match any of the
    connection-specific DNS suffixes of the currently connected
    connections (not PPP or SLIP-based) on the computer the FW's
    domain settings will be used. In all other cases the standard
    profile will be used. There is no way to change this behavior.

    From
    The Cable Guy - May 2004
    Network Determination Behavior for Network-Related Group Policy Settings
    http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx

    <quote>
    To apply this behavior to Windows Firewall settings:

    () If the connection-specific DNS suffix of a currently connected
    connection on the computer that is not PPP or SLIP-based (such as
    an Ethernet or 802.11 wireless network adapter) matches the value
    of the
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
    Policy\History\NetworkName registry entry, Windows Firewall uses
    the domain profile.

    () If the connection-specific DNS suffix of a currently connected
    connection on the computer that is not PPP or SLIP-based does not
    match the value of the
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
    Policy\History\NetworkName registry entry, Windows Firewall uses
    the standard profile.

    You can determine the connection-specific DNS suffixes of the
    currently connected connections on the computer from the display
    of the ipconfig command issued from a command prompt.

    </quote>

    Read the Cable Guy article for more about this.


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/scriptcenter/default.mspx
Ask a new question

Read More

Domain Firewalls Windows XP