Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Activating internet connection firewall with a GPO...

Posted on 2004-09-03
6
192 Views
Last Modified: 2013-11-16
I would like to know if its possible to actually turn on the ICF in windows XP SP1 with a GPO. So far I am able to allow the option when users are not logged into the local domain, but all it does when a user connects elsewhere is allow the option to be checked, but does not actually do it for them. I know with SP2 you can have it actually be on, but I am not deploying that just yet.

Thanks!
0
Comment
Question by:cbtech
6 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11980136
I don't think so.  If you enable ICF on a domain machine, then it will no longer co-operate and you won't be able to reach it !
You'd be better off using ISA and the ISA Firewall Client ?
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 11982238
From what I know, MS didn't want to use ICF in a domain (corporate) environment due to potential printer, file, application, etc. problems.  In fact, the GPO setting only allows for you to turn off ICF while inside a domain - basically confirming that ICF wasn't meant originally for a secure domain environment (even though it may work).  The reason why ICF can be enabled outside of the office is probably because MS figured that domain laptops would need some protection outside the office.

With XP SP2, they did a 180 and turned it on by default and gave the ability for admins enforce this in the GPO.  I am guessing more testing was done on Windows Firewall for them to be comfortable with leaving it on (as opposed to ICF).
0
 
LVL 8

Accepted Solution

by:
pjcrooks2000 earned 200 total points
ID: 11986415
Yep it isSeems as though it is possible

http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/xpsec.mspx
read under where it says "Location-aware Group Policy in ICF"


I hope this helps you

pjcrooks2000
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 23

Expert Comment

by:Tim Holman
ID: 11988376
The location aware GP means that GP can turn off the ICF if it finds it enabled and on the domain.
There are no means for GP to turn the ICF back on again.
0
 

Author Comment

by:cbtech
ID: 11990447
This seems to be an easier thing to do with XP SP2, as its on by defualt if its not in a domain. With SP1 I am able to use a GPO to diable the ICF within my domain,  and then if the machine is disconnected from the domain, the advanced tab appears on the connections property page, and it allows you to click the checkbox to turn on the ICF, then once you connect again to the domain, it disables it, but if you disconnect from the domain again, it enables it and the ICF remembers your setting that you check it on. How can I get that initial checking of the the ICF to enable it with a GPO instead of visiting each individual machine?
0
 
LVL 8

Expert Comment

by:pjcrooks2000
ID: 12128137
Thanks cbtech ;)

good luck to you!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
More Wifi, 5 68
reverse email lookup 8 66
Scan Mac for security breach? 5 42
Home security 15 41
In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question