No advanced tab under network properties on XP - Unable to enable or disable ICF

Posted on 2004-04-29
Medium Priority
Last Modified: 2013-12-04
I have several users running Windows XP who cannot see the Advanced tab under the network properties.  Therefore they are unable to enable/disable the ICF.  These users are local admins on the pc and should have full functionality.  Has MS moved this on us, or could it be a domain policy hiding it?  If so, does anyone by any chance know which policy section it is under?
Question by:caw01
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 12

Accepted Solution

gidds99 earned 750 total points
ID: 10954195
Try - User Configuration/Administrative Templates/Network/Network & Dial up Connections

There should be a key there to prevent access to advanced settings.]#

I am on a 2K machine at present but it should be in the same folder.
LVL 38

Expert Comment

by:Rich Rumble
ID: 10954955
The firewall... it's always under the advanced tab, unless XP home Edition is being used...
http://support.microsoft.com/default.aspx?scid=kb;EN-US;283673 they even have a cute video ;)

Ah ha!  Good `ol service pack2 strikes again! (look in the control panel... should be a FIREWALL icon :)

In XP SP2, ICF has been replaced with a new firewall, appropriately named Windows Firewall. Like ICF, Windows Firewall is a stateful firewall that monitors inbound network traffic, turning away unsolicited connections. Unlike ICF, Windows Firewall is enabled by default, and it protects traffic moving in two ways--inbound and outbound--and not just one-way (inbound), as with ICF. And it includes more functionality as well as a more obvious and more configurable management interface, similar to third party firewall products you might have tried, like ZoneAlarm.

First, Windows Firewall provides boot-time protection against network-based intrusion, eliminating a flaw in ICF where your XP-based computer was left unprotected for a short period of time. What I like about the boot-time protection feature is that it cannot be configured: While booting up, your computer is able to access basic network services like DHCP and DNS, but that's it. Once boot-up is complete, Windows Firewall switches into its normal runtime mode, which you can configure.

With Windows Firewall, XP adopts a global firewall strategy for the first time This contrasts to ICF, where each network adapter had its own firewall settings. A global policy means a firewall change is automatically transmitted to all network adapters, making it less likely that you'll forget to configure a single network adapter correctly. Also, enterprises that wish to rollout company-wide Group Policy (GP) via Active Directory (AD) can now do

But wait, there's more. Windows Firewall can also be configured to accept certain traffic only from the local network, but to deny it from the wider Internet. The obvious application here is file sharing: You may want to open up a share on your PC to other PCs in your home network, but you don't want people to access that share remotely. This local network restriction also makes the controversial Universal Plug and Play (UPnP) less dangerous; With SP2, XP-based PCs will only communicate with UPnP devices on the local network.

From the end user's perspective, Windows Firewall is far more obvious in the UI than was ICF. It's now available directly from the main Control Panel page and features a multi-tabbed configuration UI that lets you manage the feature (figure). You can set up the oddly-named "exceptions" (programs and services that are allowed through the firewall), for example, without having to drill down into a specific network adapter's advanced settings (figure). But the fun starts once you actually start using XP SP2: You will quickly begin noticing pop-up warnings--essentially a challenge-response system--as various applications and services attempt to get out past your firewall. As with Zone Alarm-type products, this process can get pretty annoying, and the confusingly-named buttons on the warning dialog don't do much to dispel any innate fears you may have. I've been told this UI will likely change before the final release, so it's too early to pass judgment. But stick with it: After a flurry of warnings early on, the Windows Firewall warning dialogs will slow down and appear infrequently.


Author Comment

ID: 11035681
Yeah, I knew that was coming, however they haven't installed the RC, so thats not it.  I'm going to try hunting down the policy path that you suggested.

Expert Comment

ID: 11065241
I had this same problem and experimented with a whole set of possibilities.  Ultimately I discovered that the "problem" was that the GPO "prohibit use of internet connection firewall on your dns domain network" was enabled.  You can change the policy under "Computer Configuration\Administrative Templates\Network\Network Connections" and there are full details at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/33_xpape.mspx.

That solved it for me... apparently there have been different resolutions for other people.  There is a tool to replace certain WinSock files outlined in the thread at: http://forum.tweakxp.com/forum/forum_posts_view.asp?TID=13862.  That thread also points to a useful article on resetting the TCP/IP configuration to a pristine condition.  That article is located at: http://support.microsoft.com/default.aspx?scid=kb;en-us;299357&Product=winxp.

My guess is that the GPO setting will solve your problem though.

Best of luck!


Author Comment

ID: 11065512
Thanks Gidds and Red Crimson.  I actually found it from Gidds's note but forgot to reply back that it was fixed.  I did find it though under GPO and that resolved the problem.  It sounded like a good idea when I did it 6 months ago...  :)

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month8 days, 1 hour left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question