XPSP2 Firewall - How to prevent users from changing the settings in Windows Firewall?

Posted on 2005-03-06
Medium Priority
Last Modified: 2011-09-20
I would like to prevent users from 'playing around' with the Windows Firewall interface. For example, in some computers I don't want to enable the Windows Firewall. But users think that they are smart, and they enable the firewall.
I would like the 'On' radio button in the Control Panel > Windows firewall to be dimmed, unclickable.

Any idea how do I do that?

Question by:itaym
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 34

Expert Comment

ID: 13470370
Hi ItayM,

Is it a Domain Environment or stand-alone system?

You may use the Group Policy Editor in either case (for XP Pro)

Policy: Protect all network connections

Turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP Service Pack 2.

If you enable this policy setting, Windows Firewall runs and ignores the "Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting.

If you disable this policy setting, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on locally cannot start it.

If you do not configure this policy setting, administrators can use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides.

Managing Windows XP Service Pack 2 Features Using Group Policy:Windows Firewall:

Author Comment

ID: 13480216
It's a stand-alone system. Can I still use this Group Policy on the machine?
Let's assume that the user itself logs on as administrator.
LVL 34

Accepted Solution

sramesh2k earned 750 total points
ID: 13483587
It works for stand-alone machines as well. But, if your users are administrators, then they can again goto GPEdit and disable this policy.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question