Solved

group policy to disable the Windows notifications for the firewall?

Posted on 2012-04-04
13
4,316 Views
Last Modified: 2012-06-27
A little background to my issue. During the installation of the Kaspersky, it disables all the windows firewall for all except the domain. I have remedied this by creating an offline policy in Kaspersky which enables the Kaspersky firewall when out of the office (ie not connected to the office network). The problem now is that users in the office now see a notification showing that the firewall is disabled even though it’s enabled in all scenarios. It’s just that work and home show as disabled when the clients are connected to the office LAN. I've looked into the notifications and you can disable the notifications for firewall on a client by client basis but i want a way to achieve this through group policy.
0
Comment
Question by:resolver1
  • 7
  • 4
  • 2
13 Comments
 
LVL 19

Expert Comment

by:strivoli
Comment Utility
Do you mean the notification inside Windows 7 Action Center?
0
 
LVL 7

Expert Comment

by:hirenvmajithiya
Comment Utility
In GPO, navigate to Computer Configuration > Administrative Templates > Windows Components > Security Center.
In that, you will find "Turn on Security Center (Domain PCs only)". Just double click it and say "Disable"

Hiren
0
 

Author Comment

by:resolver1
Comment Utility
yeah the messages pop up as part of the action centre. However, I don't want to disable the whole of the action centre, just firewall messages.
0
 
LVL 19

Expert Comment

by:strivoli
Comment Utility
I've ended my tests and searches for official white-papers. Please be patient. I'll report tomorrow morning (about 12 hours from now). Thank you.
0
 
LVL 7

Expert Comment

by:hirenvmajithiya
Comment Utility
If you don't want to disable whole action center, you can just disable firewall notification by pushing small registry setting using GPO Preferences.

HKLM,"System\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile","DisableNotifications",0x00010001,0

If you set the value of DisableNotifications to 1 means no notification for firewall.

Source : http://www.microsoft.com/windowsembedded/en-us/develop/windows-xp-embedded-firewall.aspx

Hiren
0
 
LVL 19

Expert Comment

by:strivoli
Comment Utility
Hiren, the source (and the solution) you specified relates to XP and the posted question relates to 7. The specified key exists on 7 but I suspect it is unused. If I set the DisableNotifications value to 1 in the StandardProfile (and I've done the same under DomainProfile and PublicProfile) I still have "Turn off messages about network firewall" available in the Action Center, even after rebooting. I'm afraid your solution does not work.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 19

Accepted Solution

by:
strivoli earned 500 total points
Comment Utility
I've done some tests and I've searched for official white-papers.

The most interesting official (or quite official) white-paper I've found is http://blogs.technet.com/b/networking/archive/2010/12/16/disabling-firewall-alerts-in-the-action-center.aspx
It states that there is no way to disable the Firewall alerts. You can either disable the Action Center or disable all balloon notifications. You already wrote that you don't want either (you need the Action Center and you wish to display alerts for any issues except the Firewall.

Here come my tests. Settings are recorded in the registry. Registry can be managed via GPO either pushing a value or creating an administrative template that does the job. This is quite easy if the value is simple and/or there is a small number of values to manage. I decided to find which value needs to be changed when I select the option "Turn off messages about network firewall". I've done that using Process Monitor and inspecting which values get changed when I Turn off and on the messages. It ends up that there is at least one value HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\CheckSetting that gets changed. To make things more difficult (see the SID which already makes things difficult) the value is not a 0/1 or enable/disable but it's a REG_BINARY.

You expect to get a solution to your problem, but I'm afraid you will not find the exact solution you are looking for. I might suggest some other solutions and it's up to you to decide which one to choose considering many factors such as the number of clients and users (tens/hundreds/thousands?).

a. Leave things unchanged and instruct the users to disable the Firewall notification using the Action Center. Fast, easy and free. Be sure many will not read your instructions.
b. Disable all the notifications. I would not do that.
c. If you have roaming profiles and you know the user's password, you can use a 7 box, log each user and manually unset the messages. Works if you have a few tens of users. Impracticable if you have a higher number of users.
d. Use Windows Firewall instead of the Kaspersky Firewall. Yes, I know, it will take time and some effort but I believe it is the best long-term solution. Since XP (was it from SP2?) the Windows Firewall became better and better. The 7 version is by my opinion the best (personal) Firewall available. I've worked with Kaspersky time ago as well as with other Firewall (integrated in the AV such as Kaspersky or Trend or not integrated in any AV) and I think Windows 7 Firewall is second to none. Why adopting the Windows Firewall is a long-term solution? Because it frees your system from the AV+Firewall. I mean: if you adopt Windows Firewall you can change AV (in the future) more easily.

Hope I did help somehow. Your feedback is welcome!
0
 

Author Comment

by:resolver1
Comment Utility
its a tough one. Ive tried to use process monitor from sysinternals to track the registry changes but its like trying to find a needle in a heystack, i failed. your help is much appreciated.
0
 
LVL 19

Expert Comment

by:strivoli
Comment Utility
I wish to help with Process Monitor. After your capture is done:
a. Select "Show Registry activity",
b. Include the Explorer.EXE Process Name (in order to see only Explorer.EXE actions against the Registry),
c. Include the RegSetValue Operation (in order to see only the SET operations in the Registry).

Once you've applied these 3 filters your list should have only few rows. Remember to start capture a while before changing the setting in the Action Center and stop the capture immediately after. If you leave the capture running for a long time (tens of seconds) the filter operations and searches might require a long time.
0
 

Author Comment

by:resolver1
Comment Utility
I think ill go with option a  strivoli.   Thanks for all your hardwork, im very appreciative and the tips about process monitor will come in very handy.  Thanks
0
 

Author Closing Comment

by:resolver1
Comment Utility
Thanks
0
 
LVL 19

Expert Comment

by:strivoli
Comment Utility
Thank you for your feedback. If I did help, I kindly ask you to close the question. Have a nice day!
0
 
LVL 19

Expert Comment

by:strivoli
Comment Utility
Sorry, I wrote last post while you were closing the question. Thank you for closing it. Bye!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now