Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


No advanced tab under network properties on XP - Unable to enable or disable ICF

Posted on 2004-04-29
Medium Priority
Last Modified: 2013-12-04
I have several users running Windows XP who cannot see the Advanced tab under the network properties.  Therefore they are unable to enable/disable the ICF.  These users are local admins on the pc and should have full functionality.  Has MS moved this on us, or could it be a domain policy hiding it?  If so, does anyone by any chance know which policy section it is under?
Question by:caw01
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 12

Accepted Solution

gidds99 earned 750 total points
ID: 10954195
Try - User Configuration/Administrative Templates/Network/Network & Dial up Connections

There should be a key there to prevent access to advanced settings.]#

I am on a 2K machine at present but it should be in the same folder.
LVL 38

Expert Comment

by:Rich Rumble
ID: 10954955
The firewall... it's always under the advanced tab, unless XP home Edition is being used...
http://support.microsoft.com/default.aspx?scid=kb;EN-US;283673 they even have a cute video ;)

Ah ha!  Good `ol service pack2 strikes again! (look in the control panel... should be a FIREWALL icon :)

In XP SP2, ICF has been replaced with a new firewall, appropriately named Windows Firewall. Like ICF, Windows Firewall is a stateful firewall that monitors inbound network traffic, turning away unsolicited connections. Unlike ICF, Windows Firewall is enabled by default, and it protects traffic moving in two ways--inbound and outbound--and not just one-way (inbound), as with ICF. And it includes more functionality as well as a more obvious and more configurable management interface, similar to third party firewall products you might have tried, like ZoneAlarm.

First, Windows Firewall provides boot-time protection against network-based intrusion, eliminating a flaw in ICF where your XP-based computer was left unprotected for a short period of time. What I like about the boot-time protection feature is that it cannot be configured: While booting up, your computer is able to access basic network services like DHCP and DNS, but that's it. Once boot-up is complete, Windows Firewall switches into its normal runtime mode, which you can configure.

With Windows Firewall, XP adopts a global firewall strategy for the first time This contrasts to ICF, where each network adapter had its own firewall settings. A global policy means a firewall change is automatically transmitted to all network adapters, making it less likely that you'll forget to configure a single network adapter correctly. Also, enterprises that wish to rollout company-wide Group Policy (GP) via Active Directory (AD) can now do

But wait, there's more. Windows Firewall can also be configured to accept certain traffic only from the local network, but to deny it from the wider Internet. The obvious application here is file sharing: You may want to open up a share on your PC to other PCs in your home network, but you don't want people to access that share remotely. This local network restriction also makes the controversial Universal Plug and Play (UPnP) less dangerous; With SP2, XP-based PCs will only communicate with UPnP devices on the local network.

From the end user's perspective, Windows Firewall is far more obvious in the UI than was ICF. It's now available directly from the main Control Panel page and features a multi-tabbed configuration UI that lets you manage the feature (figure). You can set up the oddly-named "exceptions" (programs and services that are allowed through the firewall), for example, without having to drill down into a specific network adapter's advanced settings (figure). But the fun starts once you actually start using XP SP2: You will quickly begin noticing pop-up warnings--essentially a challenge-response system--as various applications and services attempt to get out past your firewall. As with Zone Alarm-type products, this process can get pretty annoying, and the confusingly-named buttons on the warning dialog don't do much to dispel any innate fears you may have. I've been told this UI will likely change before the final release, so it's too early to pass judgment. But stick with it: After a flurry of warnings early on, the Windows Firewall warning dialogs will slow down and appear infrequently.


Author Comment

ID: 11035681
Yeah, I knew that was coming, however they haven't installed the RC, so thats not it.  I'm going to try hunting down the policy path that you suggested.

Expert Comment

ID: 11065241
I had this same problem and experimented with a whole set of possibilities.  Ultimately I discovered that the "problem" was that the GPO "prohibit use of internet connection firewall on your dns domain network" was enabled.  You can change the policy under "Computer Configuration\Administrative Templates\Network\Network Connections" and there are full details at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/33_xpape.mspx.

That solved it for me... apparently there have been different resolutions for other people.  There is a tool to replace certain WinSock files outlined in the thread at: http://forum.tweakxp.com/forum/forum_posts_view.asp?TID=13862.  That thread also points to a useful article on resetting the TCP/IP configuration to a pristine condition.  That article is located at: http://support.microsoft.com/default.aspx?scid=kb;en-us;299357&Product=winxp.

My guess is that the GPO setting will solve your problem though.

Best of luck!


Author Comment

ID: 11065512
Thanks Gidds and Red Crimson.  I actually found it from Gidds's note but forgot to reply back that it was fixed.  I did find it though under GPO and that resolved the problem.  It sounded like a good idea when I did it 6 months ago...  :)

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question