No advanced tab under network properties on XP - Unable to enable or disable ICF

I have several users running Windows XP who cannot see the Advanced tab under the network properties.  Therefore they are unable to enable/disable the ICF.  These users are local admins on the pc and should have full functionality.  Has MS moved this on us, or could it be a domain policy hiding it?  If so, does anyone by any chance know which policy section it is under?
Who is Participating?
gidds99Connect With a Mentor Commented:
Try - User Configuration/Administrative Templates/Network/Network & Dial up Connections

There should be a key there to prevent access to advanced settings.]#

I am on a 2K machine at present but it should be in the same folder.
Rich RumbleSecurity SamuraiCommented:
The firewall... it's always under the advanced tab, unless XP home Edition is being used...;EN-US;283673 they even have a cute video ;)

Ah ha!  Good `ol service pack2 strikes again! (look in the control panel... should be a FIREWALL icon :)

In XP SP2, ICF has been replaced with a new firewall, appropriately named Windows Firewall. Like ICF, Windows Firewall is a stateful firewall that monitors inbound network traffic, turning away unsolicited connections. Unlike ICF, Windows Firewall is enabled by default, and it protects traffic moving in two ways--inbound and outbound--and not just one-way (inbound), as with ICF. And it includes more functionality as well as a more obvious and more configurable management interface, similar to third party firewall products you might have tried, like ZoneAlarm.

First, Windows Firewall provides boot-time protection against network-based intrusion, eliminating a flaw in ICF where your XP-based computer was left unprotected for a short period of time. What I like about the boot-time protection feature is that it cannot be configured: While booting up, your computer is able to access basic network services like DHCP and DNS, but that's it. Once boot-up is complete, Windows Firewall switches into its normal runtime mode, which you can configure.

With Windows Firewall, XP adopts a global firewall strategy for the first time This contrasts to ICF, where each network adapter had its own firewall settings. A global policy means a firewall change is automatically transmitted to all network adapters, making it less likely that you'll forget to configure a single network adapter correctly. Also, enterprises that wish to rollout company-wide Group Policy (GP) via Active Directory (AD) can now do

But wait, there's more. Windows Firewall can also be configured to accept certain traffic only from the local network, but to deny it from the wider Internet. The obvious application here is file sharing: You may want to open up a share on your PC to other PCs in your home network, but you don't want people to access that share remotely. This local network restriction also makes the controversial Universal Plug and Play (UPnP) less dangerous; With SP2, XP-based PCs will only communicate with UPnP devices on the local network.

From the end user's perspective, Windows Firewall is far more obvious in the UI than was ICF. It's now available directly from the main Control Panel page and features a multi-tabbed configuration UI that lets you manage the feature (figure). You can set up the oddly-named "exceptions" (programs and services that are allowed through the firewall), for example, without having to drill down into a specific network adapter's advanced settings (figure). But the fun starts once you actually start using XP SP2: You will quickly begin noticing pop-up warnings--essentially a challenge-response system--as various applications and services attempt to get out past your firewall. As with Zone Alarm-type products, this process can get pretty annoying, and the confusingly-named buttons on the warning dialog don't do much to dispel any innate fears you may have. I've been told this UI will likely change before the final release, so it's too early to pass judgment. But stick with it: After a flurry of warnings early on, the Windows Firewall warning dialogs will slow down and appear infrequently.

caw01Author Commented:
Yeah, I knew that was coming, however they haven't installed the RC, so thats not it.  I'm going to try hunting down the policy path that you suggested.
I had this same problem and experimented with a whole set of possibilities.  Ultimately I discovered that the "problem" was that the GPO "prohibit use of internet connection firewall on your dns domain network" was enabled.  You can change the policy under "Computer Configuration\Administrative Templates\Network\Network Connections" and there are full details at

That solved it for me... apparently there have been different resolutions for other people.  There is a tool to replace certain WinSock files outlined in the thread at:  That thread also points to a useful article on resetting the TCP/IP configuration to a pristine condition.  That article is located at:;en-us;299357&Product=winxp.

My guess is that the GPO setting will solve your problem though.

Best of luck!

caw01Author Commented:
Thanks Gidds and Red Crimson.  I actually found it from Gidds's note but forgot to reply back that it was fixed.  I did find it though under GPO and that resolved the problem.  It sounded like a good idea when I did it 6 months ago...  :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.