Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


problem browsing the local network & enabling the xp firewall

Posted on 2006-11-04
Medium Priority
Last Modified: 2010-03-18
We have just cleard down a workstation which had been infected with loads of viruses. The workstation is just one of a small XP workgroup, and is connected directly to the Internet. Although our antivirus software (AVG) and antispyware (Spyware Doctor) now show this workstation to be clean, the following problems remain:-

1). We cannot enable the XP firewall (XPSP2). I have checked that the group policy object for the firewall,is not active, but the firewall options, to enable the firewall, remain greyed out.

2). We cannot browse the local network, using my computer - network places etc. We can ping the other workstations however. We cannot use the "net use" command, as this too returns an error.

The internet connection seems to work perfectly.

Does anyone have any suggestions. We are loathed to just wipe the workstation and re install, as we have spent so much time now trying to recover!!!
Question by:nigelbeatson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 750 total points
ID: 17872676

If you find the settings on your XP clients are greyed out and you CANNOT ENABLE the built in XP firewall see http://support.microsoft.com/default.aspx?scid=kb;en-us;872769 

If the settings are grayed out and you need to DISABLE the firewall check the following

To get to the Group Policy Management console, click start, programs, administrative tools, Group Policy Management
Once inside, find the Small Business Server Windows Firewall
To edit it, right mouse click on edit
Drill down the tree to Computer configuration, Administrative Templates, Network, Windows Firewall, Domain Profile
On the right hand side is the firewall policies you can now control


Windows Firewall:  Protect all network connections – Enabled

Set the above to NOT CONFIGURED and local admins can enable and disable their own firewalls

If those wonts cure the problem the following will disable the firewall on an XP client.

The following commands enable and disable

netsh firewall ipv4 set opmode enable
netsh firewall ipv4 set opmode disable

The following peice of code turns off the firewall "Save as .vbs"

Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile

objPolicy.FirewallEnabled = FALSE

The Following Registry entries enable and disable the firewall

HKLM\system\currentcontrolset\services\shared access\parameters\firewall\policy\standard profile
HKLM\system\currentcontrolset\services\shared access\parameters\firewall\policy\domain profile

The latter SHOULD apply when on the domain and the former when NOT on the domain

They each have a setting called

EnableFIrewall and DoNotAllowExceptions

Set to 0=off or 1=on


Has the network browswer service srtated?
In the advanced properties of the network card under TCP/IP advanced > is Netbios over TCP enabled?
LVL 40

Accepted Solution

Fatal_Exception earned 750 total points
ID: 17873344
Hey, Pete!  Hope things are  well!

You may also want to ck out this neat utility that allows repairs for things that break due to cleaning these...  If you want to ck this out, look under the Tools button and you will see some of the items you can fix with this tool....   I was impressed, as it combines a lot of command line fixes into a GUI:

Dial a Fix:


In a nutshell, Dial-a-fix: stops services, installs selected software (if packages are available -- see below), registers DLLs, restarts services, and removes several rogue policies. Dial-a-fix will not cause any issues if your system is already working properly.There is an optional package available that includes many Microsoft redistributable libraries (such as Script Engine, XML 3.0 & 4.0, Windows Installer 2.0 & 3.0 and more).

Author Comment

ID: 17888264
Thanks for your imput. Being a simple soul, I tried the dial-a-fix click to fix option first, but it did not resolve either of my problems. Thanks for your help though. I am in the process of wading through the recommendations suggested by Pete, and will let you know how I get on. Many thanks.

Author Comment

ID: 17888479
The XP workstation is part of a small workgroup, and is not on a domain. We do not have a group policy editor in the admin tools. I do know that I followed a document which did tell me how to invoke the group policy editor, and did check at that time - the firewall option you mentioned is set to "not configured".

The firwewall is actually greyed out and is currently not switched on.

The two variables you mention ie EnableFIrewall is currently set to 1, and DoNotAllowExceptions is not visible,

The command "netsh firewall ipv4 set opmode enable" produced "The following command was not found" I cut and pasted it, so I know I entered it correctly.

The option setting for "enable NetBios over TCPIP" was set to the default setting ie not set on.

I have tried setting this to on, and it still will not let me browes the network.


LVL 40

Expert Comment

ID: 17894754
I have a feeling that your firewall has been junked...  did you try the reset option on Dial-a-fix for the firewall?  

You know, in a case like this, I do not fool around with trying to fix all the problems that the virus / spyware caused..  I just relaod the machine, as no matter what you do, you never know if you really have fixed everything..  this is the one way to know for sure that the problems are fixed, and that no holes exist in your system...  Just MHO...  :)

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question