I have about 300 computers in my AD domain. I'm unable to start the Windows Firewall Service on only my XP 32-bit machines. The service is set to start automatically and I get this error if I try to manually start the service:
error 0x80004015: The class is configured to run as a security id different from the caller
The security descriptor for the SharedAccess service on my XP 32-bit machines is set to this:
I followed Microsoft's article (http://support.microsoft.com/kb/892199
) and manually reset the security descriptor using the following command:
SC sdset SharedAccess D:(A;;CCLCSWRPWPDTLOCRRC;;
After that I'm able to successfully start the Firewall Service.
However, if I refresh the group policy on the machine (gpupdate /force) the security descriptor is changed back to the first key listed above.
I've tested changing a few things in my default domain group policy, resetting the SD for SharedAccess, and then refreshing the group policy, but each time they key is reverted back to the one that doesn't work.
I have the Administrative Template for the Windows Firewall set to disabled in the domain and standard group policy, but it makes no difference if I set it to enabled or not configured.
What other areas in Group Policy might be causing this change? Or is there something else going on? All of my XP 64-bit machines work fine.