• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 246
  • Last Modified:

Disable Windows XP Internet Connection Firewall Remotely

I am looking for a way to disable the internet connection firewall feature in XP remotely either by script or group policy. I am on a Windows 2000 domain and i dont see anything in group policies refering to the Internet Connection Firewall feature in Windows XP. The firewall prohibits the help desk technicians from remotly placing files on user's computer even with a domain admin account. Any suggestions? (Note: Going to each computer individually is out of the question)
0
gbarrientos
Asked:
gbarrientos
  • 9
  • 8
  • 7
  • +3
2 Solutions
 
novacopyCommented:
isnt the whole point of a firewall to prevent something like this?

i heard in xp service pack 2 it automatically turns your firewall on
0
 
billyeaCommented:
It does actually, but you can turn the firewall off if you use a wireless network, that is, you're not really connecting to the computer using the internet, but more rather a local (in the building) wireless network.
It should allow this because since the connection is coming through the trusted local wireless port and not the web.
0
 
billyeaCommented:
Or a simple solution would be keeping the firewall off and using a commercial firewall.
They have more configs. Just set the firewall to accept connections from your wireless device so that you can turn it off.
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

 
robrandonCommented:
Install the 2003 Administration Tools on an XP box.  From that box, if you configure your GPO, you'll see the Firewall Settings, where you can force the firewall to off and not allow it to turn on, set the default to off and let people turn it on, or just have your setting ignored.
0
 
billyeaCommented:
No, i still reccomend a commercial firewall, but you can download a FREE ultra configuable (for your switch-off needs) firewall.
Go to: http://www.download.com/ZoneAlarm/3000-2092-10306241.html?tag=list (it's zone alarm)
In fact this gives MORE configuration than GPO and its EASY!
0
 
robrandonCommented:
billyea, what do you mean, "No"?  I think gbarrientos was looking for a way to globally disable MS's FW.  That's how I've done is succesfully here.

If you are eluding to running without a FW, I would agree with you, that it isn't recommended.  We use ISS' Realsecure here for our laptops, which is deployed and configured centrally.  Also has a neat tool that lets me monitor events on all of the workstations.  Not free though.



0
 
gbarrientosAuthor Commented:
Well our company does have a firewall. We use PIX between our router and the "outside world" salong with other hardware to stop things like virus and worms. So in this case there is no need for each computer to have an individual firewall.  
0
 
gbarrientosAuthor Commented:
robrandon can i use the 2003 admin tools on a windows xp box to configure my domain policy? If so is there any issues that i should worry about....or keep an eye out for?
0
 
gbarrientosAuthor Commented:
Or should i go ahead and purchase a license for Windows Server 2003 and configure the changes there?
0
 
billyeaCommented:
If he has a router firewall then he shouldn't be worred about this question at all, since you wont need a firewall on each computer
0
 
gbarrientosAuthor Commented:
Yes i have hardware firewall...but my question is how to DISABLE the firewall of my clients so that I, as an Domain Administrator, can freely access files on my cliets computers.
0
 
billyeaCommented:
This is a script to turn off the firewall , its in Visual Basic.
I KNOW THIS ISN't THE PROGRAMMING SECTOR, but I think i could help, if you could figure out how to run it remotely.

Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
objPolicy.FirewallEnabled = FALSE

I'm sure you cant, but...who knows, you could set up a schedule so this can execute automatically.
0
 
robrandonCommented:
You don't need a 2003 server to do this.  You can do it just by loading the admin pak on the XP box.  I have not run into any compatibility problems and am doing the same thing before rolling out SP2 for XP (hopefully that will minimize some of the headaches...).  I log on as a domain admin to the XP box to configure the GP.



0
 
gbarrientosAuthor Commented:
Thanx robrandon and  billyea i will try this out in my test lab and will post results.
0
 
billyeaCommented:
You're welcome.
0
 
robrandonCommented:
FYI, the setting can be found at:

Computer Configuration\Administrative Templates\Network\Network Connections

0
 
gbarrientosAuthor Commented:
robrandon,
I can’t seem to find the setting that you are talking about. Is there a need for a Windows 2003 serer to be in place to do this? I am using a Windows Xp Pro Computer with admin pack installed and I don’t see the setting that you are talking about.
I am looking at Computer Configuration>Admin Templates>Network>Network and Dial up Connections and the only thing I see there is the Prohibit configurations of connection sharing.

0
 
gbarrientosAuthor Commented:
billyea,
Do you know what the script will do on a domain with both Windows 2000 and Windows XP systems? Will there be some type of error.  And does the script need to be ran under a user with Admin Rights?
0
 
billyeaCommented:
Probably with admin rights.
To be safe, make a system restore before executing the script. Currently, windows doesn't allow the script to be run remotely (as that would defeat the purpose of a firewall and hackers would come in). If you do find a way to run it remotely, you're on the right track.

This info is correct though. It simply creates a new object for the firewall and then turns that object off, nothing harmful, although you might need a Visual Basic technician to check it out.
0
 
gbarrientosAuthor Commented:
billyea
I will have our programmer check it out.

However...i would prefer to use Group Policies to change this feature....
0
 
robrandonCommented:
gbarrientos,
Under Network, the subfolders I have are DNS Client, Offline Files, Network Connections, QoS Packet Scheduler, and SNMP.  I'm using Windows XP with Service Pack 1.   No need for a 2003 server on the network.  

Did you load up the 2003 admin tools or the 2000 admin tools?


0
 
robrandonCommented:
Yeah, I think you have the 2000 tools loaded, because I see Network and Dial-up Connections when I check the Policy on my 2000 Server.

If you load up the 2003 Tools you should be fine to do this in GP.
0
 
gbarrientosAuthor Commented:
robrandon,
I see the problem...i am editing the existing policy already on the server. However when i created a new policy i see all the options you described above. Now my next question, and im not sure if this should be another post, is there a way to import the settings from the existing Default Domain Policy into a new policy which supports XP functions?
0
 
robrandonCommented:
No idea on that one.  I wonder if it can't be the default domain policy at all because it is a 2000 domain.  But I'm really not sure of that, or if you can copy settings from one policy to another.  Sorry.



0
 
NoahVailCommented:
You can launch the script remotely with the "at" command.  

at \\machine_name 12:00PM cmd /c "c:\scripts\nofirewall.vbs"

or at /? at a command prompt for more options.

NV
0
 
apcsolutionCommented:
NoahVail can you e-mail me that nofirewall.vbs script.  Thank you.
0
 
NoahVailCommented:
I don't have your email address.  Anyway it's the script that's posted above.

Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
objPolicy.FirewallEnabled = FALSE

The soon command is better than the at command because you aren't dependant on the clock of the remote machine being accurate.

Microsoft posts info and a download link for soon.exe here.
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/soon-o.asp

NV
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 9
  • 8
  • 7
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now