No advanced tab under network properties on XP - Unable to enable or disable ICF
I have several users running Windows XP who cannot see the Advanced tab under the network properties. Therefore they are unable to enable/disable the ICF. These users are local admins on the pc and should have full functionality. Has MS moved this on us, or could it be a domain policy hiding it? If so, does anyone by any chance know which policy section it is under?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah, I knew that was coming, however they haven't installed the RC, so thats not it. I'm going to try hunting down the policy path that you suggested.
I had this same problem and experimented with a whole set of possibilities. Ultimately I discovered that the "problem" was that the GPO "prohibit use of internet connection firewall on your dns domain network" was enabled. You can change the policy under "Computer Configuration\Administrati
That solved it for me... apparently there have been different resolutions for other people. There is a tool to replace certain WinSock files outlined in the thread at: http://forum.tweakxp.com/forum/forum_posts_view.asp?TID=13862. That thread also points to a useful article on resetting the TCP/IP configuration to a pristine condition. That article is located at: http://support.microsoft.com/default.aspx?scid=kb;en-us;299357&Product=winxp.
My guess is that the GPO setting will solve your problem though.
Best of luck!
-Mark
That solved it for me... apparently there have been different resolutions for other people. There is a tool to replace certain WinSock files outlined in the thread at: http://forum.tweakxp.com/forum/forum_posts_view.asp?TID=13862. That thread also points to a useful article on resetting the TCP/IP configuration to a pristine condition. That article is located at: http://support.microsoft.com/default.aspx?scid=kb;en-us;299357&Product=winxp.
My guess is that the GPO setting will solve your problem though.
Best of luck!
-Mark
ASKER
Thanks Gidds and Red Crimson. I actually found it from Gidds's note but forgot to reply back that it was fixed. I did find it though under GPO and that resolved the problem. It sounded like a good idea when I did it 6 months ago... :)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;283673 they even have a cute video ;)
http://www.microsoft.com/windowsxp/pro/using/itpro/securing/enableicf.asp
http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp
Ah ha! Good `ol service pack2 strikes again! (look in the control panel... should be a FIREWALL icon :)
http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx
In XP SP2, ICF has been replaced with a new firewall, appropriately named Windows Firewall. Like ICF, Windows Firewall is a stateful firewall that monitors inbound network traffic, turning away unsolicited connections. Unlike ICF, Windows Firewall is enabled by default, and it protects traffic moving in two ways--inbound and outbound--and not just one-way (inbound), as with ICF. And it includes more functionality as well as a more obvious and more configurable management interface, similar to third party firewall products you might have tried, like ZoneAlarm.
First, Windows Firewall provides boot-time protection against network-based intrusion, eliminating a flaw in ICF where your XP-based computer was left unprotected for a short period of time. What I like about the boot-time protection feature is that it cannot be configured: While booting up, your computer is able to access basic network services like DHCP and DNS, but that's it. Once boot-up is complete, Windows Firewall switches into its normal runtime mode, which you can configure.
With Windows Firewall, XP adopts a global firewall strategy for the first time This contrasts to ICF, where each network adapter had its own firewall settings. A global policy means a firewall change is automatically transmitted to all network adapters, making it less likely that you'll forget to configure a single network adapter correctly. Also, enterprises that wish to rollout company-wide Group Policy (GP) via Active Directory (AD) can now do
But wait, there's more. Windows Firewall can also be configured to accept certain traffic only from the local network, but to deny it from the wider Internet. The obvious application here is file sharing: You may want to open up a share on your PC to other PCs in your home network, but you don't want people to access that share remotely. This local network restriction also makes the controversial Universal Plug and Play (UPnP) less dangerous; With SP2, XP-based PCs will only communicate with UPnP devices on the local network.
From the end user's perspective, Windows Firewall is far more obvious in the UI than was ICF. It's now available directly from the main Control Panel page and features a multi-tabbed configuration UI that lets you manage the feature (figure). You can set up the oddly-named "exceptions" (programs and services that are allowed through the firewall), for example, without having to drill down into a specific network adapter's advanced settings (figure). But the fun starts once you actually start using XP SP2: You will quickly begin noticing pop-up warnings--essentially a challenge-response system--as various applications and services attempt to get out past your firewall. As with Zone Alarm-type products, this process can get pretty annoying, and the confusingly-named buttons on the warning dialog don't do much to dispel any innate fears you may have. I've been told this UI will likely change before the final release, so it's too early to pass judgment. But stick with it: After a flurry of warnings early on, the Windows Firewall warning dialogs will slow down and appear infrequently.
-rich