Solved

group policy to disable the Windows notifications for the firewall?

Posted on 2012-04-04
13
5,185 Views
Last Modified: 2012-06-27
A little background to my issue. During the installation of the Kaspersky, it disables all the windows firewall for all except the domain. I have remedied this by creating an offline policy in Kaspersky which enables the Kaspersky firewall when out of the office (ie not connected to the office network). The problem now is that users in the office now see a notification showing that the firewall is disabled even though it’s enabled in all scenarios. It’s just that work and home show as disabled when the clients are connected to the office LAN. I've looked into the notifications and you can disable the notifications for firewall on a client by client basis but i want a way to achieve this through group policy.
0
Comment
Question by:resolver1
  • 7
  • 4
  • 2
13 Comments
 
LVL 19

Expert Comment

by:strivoli
ID: 37805505
Do you mean the notification inside Windows 7 Action Center?
0
 
LVL 7

Expert Comment

by:hirenvmajithiya
ID: 37805614
In GPO, navigate to Computer Configuration > Administrative Templates > Windows Components > Security Center.
In that, you will find "Turn on Security Center (Domain PCs only)". Just double click it and say "Disable"

Hiren
0
 

Author Comment

by:resolver1
ID: 37805741
yeah the messages pop up as part of the action centre. However, I don't want to disable the whole of the action centre, just firewall messages.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 19

Expert Comment

by:strivoli
ID: 37808678
I've ended my tests and searches for official white-papers. Please be patient. I'll report tomorrow morning (about 12 hours from now). Thank you.
0
 
LVL 7

Expert Comment

by:hirenvmajithiya
ID: 37809362
If you don't want to disable whole action center, you can just disable firewall notification by pushing small registry setting using GPO Preferences.

HKLM,"System\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile","DisableNotifications",0x00010001,0

If you set the value of DisableNotifications to 1 means no notification for firewall.

Source : http://www.microsoft.com/windowsembedded/en-us/develop/windows-xp-embedded-firewall.aspx

Hiren
0
 
LVL 19

Expert Comment

by:strivoli
ID: 37809855
Hiren, the source (and the solution) you specified relates to XP and the posted question relates to 7. The specified key exists on 7 but I suspect it is unused. If I set the DisableNotifications value to 1 in the StandardProfile (and I've done the same under DomainProfile and PublicProfile) I still have "Turn off messages about network firewall" available in the Action Center, even after rebooting. I'm afraid your solution does not work.
0
 
LVL 19

Accepted Solution

by:
strivoli earned 500 total points
ID: 37809958
I've done some tests and I've searched for official white-papers.

The most interesting official (or quite official) white-paper I've found is http://blogs.technet.com/b/networking/archive/2010/12/16/disabling-firewall-alerts-in-the-action-center.aspx
It states that there is no way to disable the Firewall alerts. You can either disable the Action Center or disable all balloon notifications. You already wrote that you don't want either (you need the Action Center and you wish to display alerts for any issues except the Firewall.

Here come my tests. Settings are recorded in the registry. Registry can be managed via GPO either pushing a value or creating an administrative template that does the job. This is quite easy if the value is simple and/or there is a small number of values to manage. I decided to find which value needs to be changed when I select the option "Turn off messages about network firewall". I've done that using Process Monitor and inspecting which values get changed when I Turn off and on the messages. It ends up that there is at least one value HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\CheckSetting that gets changed. To make things more difficult (see the SID which already makes things difficult) the value is not a 0/1 or enable/disable but it's a REG_BINARY.

You expect to get a solution to your problem, but I'm afraid you will not find the exact solution you are looking for. I might suggest some other solutions and it's up to you to decide which one to choose considering many factors such as the number of clients and users (tens/hundreds/thousands?).

a. Leave things unchanged and instruct the users to disable the Firewall notification using the Action Center. Fast, easy and free. Be sure many will not read your instructions.
b. Disable all the notifications. I would not do that.
c. If you have roaming profiles and you know the user's password, you can use a 7 box, log each user and manually unset the messages. Works if you have a few tens of users. Impracticable if you have a higher number of users.
d. Use Windows Firewall instead of the Kaspersky Firewall. Yes, I know, it will take time and some effort but I believe it is the best long-term solution. Since XP (was it from SP2?) the Windows Firewall became better and better. The 7 version is by my opinion the best (personal) Firewall available. I've worked with Kaspersky time ago as well as with other Firewall (integrated in the AV such as Kaspersky or Trend or not integrated in any AV) and I think Windows 7 Firewall is second to none. Why adopting the Windows Firewall is a long-term solution? Because it frees your system from the AV+Firewall. I mean: if you adopt Windows Firewall you can change AV (in the future) more easily.

Hope I did help somehow. Your feedback is welcome!
0
 

Author Comment

by:resolver1
ID: 37809979
its a tough one. Ive tried to use process monitor from sysinternals to track the registry changes but its like trying to find a needle in a heystack, i failed. your help is much appreciated.
0
 
LVL 19

Expert Comment

by:strivoli
ID: 37810182
I wish to help with Process Monitor. After your capture is done:
a. Select "Show Registry activity",
b. Include the Explorer.EXE Process Name (in order to see only Explorer.EXE actions against the Registry),
c. Include the RegSetValue Operation (in order to see only the SET operations in the Registry).

Once you've applied these 3 filters your list should have only few rows. Remember to start capture a while before changing the setting in the Action Center and stop the capture immediately after. If you leave the capture running for a long time (tens of seconds) the filter operations and searches might require a long time.
0
 

Author Comment

by:resolver1
ID: 37812587
I think ill go with option a  strivoli.   Thanks for all your hardwork, im very appreciative and the tips about process monitor will come in very handy.  Thanks
0
 

Author Closing Comment

by:resolver1
ID: 37812592
Thanks
0
 
LVL 19

Expert Comment

by:strivoli
ID: 37812598
Thank you for your feedback. If I did help, I kindly ask you to close the question. Have a nice day!
0
 
LVL 19

Expert Comment

by:strivoli
ID: 37812606
Sorry, I wrote last post while you were closing the question. Thank you for closing it. Bye!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question