XP SP2 Windows Firewall Local Administration
Last response: in Windows XP
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Active Directory environment, 1000 clients.
We manage XP SP2 Windows Firewall settings with domain Group Policy and it
works just fine.
But, occasionally we really need a local administrator (typically a domain
account that was delegeted with complete FULL CONTROL of the entire OU and is
also in the local Administrators group in the client computer) to be able to
log on locally to the client computer and toggle on and off Windows Firewall
for debugging purposes.
I find it hard to believe that once GPO is applied we cannot grant the local
administrator of our choosing the power to toggle Windows Firewall on and off.
Any suggestion is very much appreciated.
Thanks
Pat
Active Directory environment, 1000 clients.
We manage XP SP2 Windows Firewall settings with domain Group Policy and it
works just fine.
But, occasionally we really need a local administrator (typically a domain
account that was delegeted with complete FULL CONTROL of the entire OU and is
also in the local Administrators group in the client computer) to be able to
log on locally to the client computer and toggle on and off Windows Firewall
for debugging purposes.
I find it hard to believe that once GPO is applied we cannot grant the local
administrator of our choosing the power to toggle Windows Firewall on and off.
Any suggestion is very much appreciated.
Thanks
Pat
More about : sp2 windows firewall local administration
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Not sure if any of this will help, give it a try if interested...
Star\Run\gpedit.msc\right click on Local Machine Directives\Properties\check
on; Disable Machine Configuration parameters.
Or Start\Run\Services.msc\ and disable the Firewall service
Try any of these alternatives with the network line removed if necessary.
----------------------------------------------
"Pat" <Pat@discussions.microsoft.com> escribió en el mensaje
news:76D05D4A-A2B3-4527-B747-895D7BA3CD97@microsoft.com...
> Active Directory environment, 1000 clients.
> We manage XP SP2 Windows Firewall settings with domain Group Policy and it
> works just fine.
> But, occasionally we really need a local administrator (typically a domain
> account that was delegeted with complete FULL CONTROL of the entire OU and
is
> also in the local Administrators group in the client computer) to be able
to
> log on locally to the client computer and toggle on and off Windows
Firewall
> for debugging purposes.
> I find it hard to believe that once GPO is applied we cannot grant the
local
> administrator of our choosing the power to toggle Windows Firewall on and
off.
> Any suggestion is very much appreciated.
> Thanks
> Pat
>
Not sure if any of this will help, give it a try if interested...
Star\Run\gpedit.msc\right click on Local Machine Directives\Properties\check
on; Disable Machine Configuration parameters.
Or Start\Run\Services.msc\ and disable the Firewall service
Try any of these alternatives with the network line removed if necessary.
----------------------------------------------
"Pat" <Pat@discussions.microsoft.com> escribió en el mensaje
news:76D05D4A-A2B3-4527-B747-895D7BA3CD97@microsoft.com...
> Active Directory environment, 1000 clients.
> We manage XP SP2 Windows Firewall settings with domain Group Policy and it
> works just fine.
> But, occasionally we really need a local administrator (typically a domain
> account that was delegeted with complete FULL CONTROL of the entire OU and
is
> also in the local Administrators group in the client computer) to be able
to
> log on locally to the client computer and toggle on and off Windows
Firewall
> for debugging purposes.
> I find it hard to believe that once GPO is applied we cannot grant the
local
> administrator of our choosing the power to toggle Windows Firewall on and
off.
> Any suggestion is very much appreciated.
> Thanks
> Pat
>
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Juan,
Thank you. The second solution works.
The first did not work because OU policies override local policies.
The local administrator can stop/start the Firewall service form the
services.msc and that solves my problem.
Thanks.
Pat
"Juan" wrote:
> Not sure if any of this will help, give it a try if interested...
> Star\Run\gpedit.msc\right click on Local Machine Directives\Properties\check
> on; Disable Machine Configuration parameters.
> Or Start\Run\Services.msc\ and disable the Firewall service
>
> Try any of these alternatives with the network line removed if necessary.
>
> ----------------------------------------------
> "Pat" <Pat@discussions.microsoft.com> escribió en el mensaje
> news:76D05D4A-A2B3-4527-B747-895D7BA3CD97@microsoft.com...
> > Active Directory environment, 1000 clients.
> > We manage XP SP2 Windows Firewall settings with domain Group Policy and it
> > works just fine.
> > But, occasionally we really need a local administrator (typically a domain
> > account that was delegeted with complete FULL CONTROL of the entire OU and
> is
> > also in the local Administrators group in the client computer) to be able
> to
> > log on locally to the client computer and toggle on and off Windows
> Firewall
> > for debugging purposes.
> > I find it hard to believe that once GPO is applied we cannot grant the
> local
> > administrator of our choosing the power to toggle Windows Firewall on and
> off.
> > Any suggestion is very much appreciated.
> > Thanks
> > Pat
> >
>
>
>
Juan,
Thank you. The second solution works.
The first did not work because OU policies override local policies.
The local administrator can stop/start the Firewall service form the
services.msc and that solves my problem.
Thanks.
Pat
"Juan" wrote:
> Not sure if any of this will help, give it a try if interested...
> Star\Run\gpedit.msc\right click on Local Machine Directives\Properties\check
> on; Disable Machine Configuration parameters.
> Or Start\Run\Services.msc\ and disable the Firewall service
>
> Try any of these alternatives with the network line removed if necessary.
>
> ----------------------------------------------
> "Pat" <Pat@discussions.microsoft.com> escribió en el mensaje
> news:76D05D4A-A2B3-4527-B747-895D7BA3CD97@microsoft.com...
> > Active Directory environment, 1000 clients.
> > We manage XP SP2 Windows Firewall settings with domain Group Policy and it
> > works just fine.
> > But, occasionally we really need a local administrator (typically a domain
> > account that was delegeted with complete FULL CONTROL of the entire OU and
> is
> > also in the local Administrators group in the client computer) to be able
> to
> > log on locally to the client computer and toggle on and off Windows
> Firewall
> > for debugging purposes.
> > I find it hard to believe that once GPO is applied we cannot grant the
> local
> > administrator of our choosing the power to toggle Windows Firewall on and
> off.
> > Any suggestion is very much appreciated.
> > Thanks
> > Pat
> >
>
>
>
Related ressources:
- ForumXP Pro sp2 Firewall on Corporate domain
- ForumHOWTO: XP SP2 firewall for remote access
- ForumXP SP2 firewall administration using windows 2000 Server d..
- ForumWindows XP SP2 firewall port exceptions via Group Policy f..
- ForumSP2 problem: Add Domain users in the local Administrators ..
- ForumEnabling Disk Managment remote administration in XP after ..
- ForumCANNOT ENABLE SP2 FIREWALL
- ForumHow to disbale WXP SP2 firewall remotely on a LAN
- ForumHow to disable the Windows Firewall Service in XP SP2 ?
- ForumFirewall grayed out after applying SP2
- ForumMapping to Hard Drives for Windows XP SP2 Clients
- ForumXP SP2 Firewall Problem
- Forumcannot enable windows firewall in XP SP2
- ForumWindows xp sp2 firewall gpo
- ForumProblem With Windows Firewall After Windows SP-2 Upgrade
- ForumProblem about Window Xp SP2 firewall and the buildin FTP c..
- ForumHELP!!! Please with Windows XP
- ForumWindows Firewall and FTP Problem
- ForumProblem windows XP SP2 firewall FTP
- Forumxp sp2 firewall grayed out.
- More resources
Read discussions in other Windows XP categories
!
