Solved

No advanced tab under network properties on XP - Unable to enable or disable ICF

Posted on 2004-04-29
5
1,424 Views
Last Modified: 2013-12-04
I have several users running Windows XP who cannot see the Advanced tab under the network properties.  Therefore they are unable to enable/disable the ICF.  These users are local admins on the pc and should have full functionality.  Has MS moved this on us, or could it be a domain policy hiding it?  If so, does anyone by any chance know which policy section it is under?
0
Comment
Question by:caw01
5 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 250 total points
ID: 10954195
Try - User Configuration/Administrative Templates/Network/Network & Dial up Connections

There should be a key there to prevent access to advanced settings.]#

I am on a 2K machine at present but it should be in the same folder.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10954955
The firewall... it's always under the advanced tab, unless XP home Edition is being used...
http://support.microsoft.com/default.aspx?scid=kb;EN-US;283673 they even have a cute video ;)
http://www.microsoft.com/windowsxp/pro/using/itpro/securing/enableicf.asp
http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp


Ah ha!  Good `ol service pack2 strikes again! (look in the control panel... should be a FIREWALL icon :)
http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

In XP SP2, ICF has been replaced with a new firewall, appropriately named Windows Firewall. Like ICF, Windows Firewall is a stateful firewall that monitors inbound network traffic, turning away unsolicited connections. Unlike ICF, Windows Firewall is enabled by default, and it protects traffic moving in two ways--inbound and outbound--and not just one-way (inbound), as with ICF. And it includes more functionality as well as a more obvious and more configurable management interface, similar to third party firewall products you might have tried, like ZoneAlarm.

First, Windows Firewall provides boot-time protection against network-based intrusion, eliminating a flaw in ICF where your XP-based computer was left unprotected for a short period of time. What I like about the boot-time protection feature is that it cannot be configured: While booting up, your computer is able to access basic network services like DHCP and DNS, but that's it. Once boot-up is complete, Windows Firewall switches into its normal runtime mode, which you can configure.

With Windows Firewall, XP adopts a global firewall strategy for the first time This contrasts to ICF, where each network adapter had its own firewall settings. A global policy means a firewall change is automatically transmitted to all network adapters, making it less likely that you'll forget to configure a single network adapter correctly. Also, enterprises that wish to rollout company-wide Group Policy (GP) via Active Directory (AD) can now do

But wait, there's more. Windows Firewall can also be configured to accept certain traffic only from the local network, but to deny it from the wider Internet. The obvious application here is file sharing: You may want to open up a share on your PC to other PCs in your home network, but you don't want people to access that share remotely. This local network restriction also makes the controversial Universal Plug and Play (UPnP) less dangerous; With SP2, XP-based PCs will only communicate with UPnP devices on the local network.

From the end user's perspective, Windows Firewall is far more obvious in the UI than was ICF. It's now available directly from the main Control Panel page and features a multi-tabbed configuration UI that lets you manage the feature (figure). You can set up the oddly-named "exceptions" (programs and services that are allowed through the firewall), for example, without having to drill down into a specific network adapter's advanced settings (figure). But the fun starts once you actually start using XP SP2: You will quickly begin noticing pop-up warnings--essentially a challenge-response system--as various applications and services attempt to get out past your firewall. As with Zone Alarm-type products, this process can get pretty annoying, and the confusingly-named buttons on the warning dialog don't do much to dispel any innate fears you may have. I've been told this UI will likely change before the final release, so it's too early to pass judgment. But stick with it: After a flurry of warnings early on, the Windows Firewall warning dialogs will slow down and appear infrequently.

-rich
0
 

Author Comment

by:caw01
ID: 11035681
Yeah, I knew that was coming, however they haven't installed the RC, so thats not it.  I'm going to try hunting down the policy path that you suggested.
0
 

Expert Comment

by:RedCrimson
ID: 11065241
I had this same problem and experimented with a whole set of possibilities.  Ultimately I discovered that the "problem" was that the GPO "prohibit use of internet connection firewall on your dns domain network" was enabled.  You can change the policy under "Computer Configuration\Administrative Templates\Network\Network Connections" and there are full details at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/33_xpape.mspx.

That solved it for me... apparently there have been different resolutions for other people.  There is a tool to replace certain WinSock files outlined in the thread at: http://forum.tweakxp.com/forum/forum_posts_view.asp?TID=13862.  That thread also points to a useful article on resetting the TCP/IP configuration to a pristine condition.  That article is located at: http://support.microsoft.com/default.aspx?scid=kb;en-us;299357&Product=winxp.

My guess is that the GPO setting will solve your problem though.

Best of luck!

-Mark
0
 

Author Comment

by:caw01
ID: 11065512
Thanks Gidds and Red Crimson.  I actually found it from Gidds's note but forgot to reply back that it was fixed.  I did find it though under GPO and that resolved the problem.  It sounded like a good idea when I did it 6 months ago...  :)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
OfficeMate Freezes on login or does not load after login credentials are input.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now