Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Activating internet connection firewall with a GPO...

Posted on 2004-09-03
6
Medium Priority
?
206 Views
Last Modified: 2013-11-16
I would like to know if its possible to actually turn on the ICF in windows XP SP1 with a GPO. So far I am able to allow the option when users are not logged into the local domain, but all it does when a user connects elsewhere is allow the option to be checked, but does not actually do it for them. I know with SP2 you can have it actually be on, but I am not deploying that just yet.

Thanks!
0
Comment
Question by:cbtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11980136
I don't think so.  If you enable ICF on a domain machine, then it will no longer co-operate and you won't be able to reach it !
You'd be better off using ISA and the ISA Firewall Client ?
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 11982238
From what I know, MS didn't want to use ICF in a domain (corporate) environment due to potential printer, file, application, etc. problems.  In fact, the GPO setting only allows for you to turn off ICF while inside a domain - basically confirming that ICF wasn't meant originally for a secure domain environment (even though it may work).  The reason why ICF can be enabled outside of the office is probably because MS figured that domain laptops would need some protection outside the office.

With XP SP2, they did a 180 and turned it on by default and gave the ability for admins enforce this in the GPO.  I am guessing more testing was done on Windows Firewall for them to be comfortable with leaving it on (as opposed to ICF).
0
 
LVL 8

Accepted Solution

by:
pjcrooks2000 earned 600 total points
ID: 11986415
Yep it isSeems as though it is possible

http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/xpsec.mspx
read under where it says "Location-aware Group Policy in ICF"


I hope this helps you

pjcrooks2000
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 23

Expert Comment

by:Tim Holman
ID: 11988376
The location aware GP means that GP can turn off the ICF if it finds it enabled and on the domain.
There are no means for GP to turn the ICF back on again.
0
 

Author Comment

by:cbtech
ID: 11990447
This seems to be an easier thing to do with XP SP2, as its on by defualt if its not in a domain. With SP1 I am able to use a GPO to diable the ICF within my domain,  and then if the machine is disconnected from the domain, the advanced tab appears on the connections property page, and it allows you to click the checkbox to turn on the ICF, then once you connect again to the domain, it disables it, but if you disconnect from the domain again, it enables it and the ICF remembers your setting that you check it on. How can I get that initial checking of the the ICF to enable it with a GPO instead of visiting each individual machine?
0
 
LVL 8

Expert Comment

by:pjcrooks2000
ID: 12128137
Thanks cbtech ;)

good luck to you!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out what's been happening in the Experts Exchange community.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question