Solved

Activating internet connection firewall with a GPO...

Posted on 2004-09-03
6
186 Views
Last Modified: 2013-11-16
I would like to know if its possible to actually turn on the ICF in windows XP SP1 with a GPO. So far I am able to allow the option when users are not logged into the local domain, but all it does when a user connects elsewhere is allow the option to be checked, but does not actually do it for them. I know with SP2 you can have it actually be on, but I am not deploying that just yet.

Thanks!
0
Comment
Question by:cbtech
6 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11980136
I don't think so.  If you enable ICF on a domain machine, then it will no longer co-operate and you won't be able to reach it !
You'd be better off using ISA and the ISA Firewall Client ?
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 11982238
From what I know, MS didn't want to use ICF in a domain (corporate) environment due to potential printer, file, application, etc. problems.  In fact, the GPO setting only allows for you to turn off ICF while inside a domain - basically confirming that ICF wasn't meant originally for a secure domain environment (even though it may work).  The reason why ICF can be enabled outside of the office is probably because MS figured that domain laptops would need some protection outside the office.

With XP SP2, they did a 180 and turned it on by default and gave the ability for admins enforce this in the GPO.  I am guessing more testing was done on Windows Firewall for them to be comfortable with leaving it on (as opposed to ICF).
0
 
LVL 8

Accepted Solution

by:
pjcrooks2000 earned 200 total points
ID: 11986415
Yep it isSeems as though it is possible

http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/xpsec.mspx
read under where it says "Location-aware Group Policy in ICF"


I hope this helps you

pjcrooks2000
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 23

Expert Comment

by:Tim Holman
ID: 11988376
The location aware GP means that GP can turn off the ICF if it finds it enabled and on the domain.
There are no means for GP to turn the ICF back on again.
0
 

Author Comment

by:cbtech
ID: 11990447
This seems to be an easier thing to do with XP SP2, as its on by defualt if its not in a domain. With SP1 I am able to use a GPO to diable the ICF within my domain,  and then if the machine is disconnected from the domain, the advanced tab appears on the connections property page, and it allows you to click the checkbox to turn on the ICF, then once you connect again to the domain, it disables it, but if you disconnect from the domain again, it enables it and the ICF remembers your setting that you check it on. How can I get that initial checking of the the ICF to enable it with a GPO instead of visiting each individual machine?
0
 
LVL 8

Expert Comment

by:pjcrooks2000
ID: 12128137
Thanks cbtech ;)

good luck to you!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now