XP SP2 Windows Firewall Local Administration

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Active Directory environment, 1000 clients.
We manage XP SP2 Windows Firewall settings with domain Group Policy and it
works just fine.
But, occasionally we really need a local administrator (typically a domain
account that was delegeted with complete FULL CONTROL of the entire OU and is
also in the local Administrators group in the client computer) to be able to
log on locally to the client computer and toggle on and off Windows Firewall
for debugging purposes.
I find it hard to believe that once GPO is applied we cannot grant the local
administrator of our choosing the power to toggle Windows Firewall on and off.
Any suggestion is very much appreciated.
Thanks
Pat
2 answers Last reply
More about windows firewall local administration
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Not sure if any of this will help, give it a try if interested...
    Star\Run\gpedit.msc\right click on Local Machine Directives\Properties\check
    on; Disable Machine Configuration parameters.
    Or Start\Run\Services.msc\ and disable the Firewall service

    Try any of these alternatives with the network line removed if necessary.

    ----------------------------------------------
    "Pat" <Pat@discussions.microsoft.com> escribió en el mensaje
    news:76D05D4A-A2B3-4527-B747-895D7BA3CD97@microsoft.com...
    > Active Directory environment, 1000 clients.
    > We manage XP SP2 Windows Firewall settings with domain Group Policy and it
    > works just fine.
    > But, occasionally we really need a local administrator (typically a domain
    > account that was delegeted with complete FULL CONTROL of the entire OU and
    is
    > also in the local Administrators group in the client computer) to be able
    to
    > log on locally to the client computer and toggle on and off Windows
    Firewall
    > for debugging purposes.
    > I find it hard to believe that once GPO is applied we cannot grant the
    local
    > administrator of our choosing the power to toggle Windows Firewall on and
    off.
    > Any suggestion is very much appreciated.
    > Thanks
    > Pat
    >
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Juan,

    Thank you. The second solution works.
    The first did not work because OU policies override local policies.
    The local administrator can stop/start the Firewall service form the
    services.msc and that solves my problem.

    Thanks.
    Pat


    "Juan" wrote:

    > Not sure if any of this will help, give it a try if interested...
    > Star\Run\gpedit.msc\right click on Local Machine Directives\Properties\check
    > on; Disable Machine Configuration parameters.
    > Or Start\Run\Services.msc\ and disable the Firewall service
    >
    > Try any of these alternatives with the network line removed if necessary.
    >
    > ----------------------------------------------
    > "Pat" <Pat@discussions.microsoft.com> escribió en el mensaje
    > news:76D05D4A-A2B3-4527-B747-895D7BA3CD97@microsoft.com...
    > > Active Directory environment, 1000 clients.
    > > We manage XP SP2 Windows Firewall settings with domain Group Policy and it
    > > works just fine.
    > > But, occasionally we really need a local administrator (typically a domain
    > > account that was delegeted with complete FULL CONTROL of the entire OU and
    > is
    > > also in the local Administrators group in the client computer) to be able
    > to
    > > log on locally to the client computer and toggle on and off Windows
    > Firewall
    > > for debugging purposes.
    > > I find it hard to believe that once GPO is applied we cannot grant the
    > local
    > > administrator of our choosing the power to toggle Windows Firewall on and
    > off.
    > > Any suggestion is very much appreciated.
    > > Thanks
    > > Pat
    > >
    >
    >
    >
Ask a new question

Read More

Firewalls Windows XP Active Directory