group policy to disable the Windows notifications for the firewall?

A little background to my issue. During the installation of the Kaspersky, it disables all the windows firewall for all except the domain. I have remedied this by creating an offline policy in Kaspersky which enables the Kaspersky firewall when out of the office (ie not connected to the office network). The problem now is that users in the office now see a notification showing that the firewall is disabled even though it’s enabled in all scenarios. It’s just that work and home show as disabled when the clients are connected to the office LAN. I've looked into the notifications and you can disable the notifications for firewall on a client by client basis but i want a way to achieve this through group policy.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Do you mean the notification inside Windows 7 Action Center?
hirenvmajithiyaManager (System Administration)Commented:
In GPO, navigate to Computer Configuration > Administrative Templates > Windows Components > Security Center.
In that, you will find "Turn on Security Center (Domain PCs only)". Just double click it and say "Disable"

resolver1Author Commented:
yeah the messages pop up as part of the action centre. However, I don't want to disable the whole of the action centre, just firewall messages.
10 Holiday Gifts Perfect for Your Favorite Geeks

Still have some holiday shopping to do for the geeks in your life? While toys, clothing, games, and gift cards are still viable options for your friends and family, there’s more reason than ever to consider gadgets and software.

I've ended my tests and searches for official white-papers. Please be patient. I'll report tomorrow morning (about 12 hours from now). Thank you.
hirenvmajithiyaManager (System Administration)Commented:
If you don't want to disable whole action center, you can just disable firewall notification by pushing small registry setting using GPO Preferences.


If you set the value of DisableNotifications to 1 means no notification for firewall.

Source :

Hiren, the source (and the solution) you specified relates to XP and the posted question relates to 7. The specified key exists on 7 but I suspect it is unused. If I set the DisableNotifications value to 1 in the StandardProfile (and I've done the same under DomainProfile and PublicProfile) I still have "Turn off messages about network firewall" available in the Action Center, even after rebooting. I'm afraid your solution does not work.
I've done some tests and I've searched for official white-papers.

The most interesting official (or quite official) white-paper I've found is
It states that there is no way to disable the Firewall alerts. You can either disable the Action Center or disable all balloon notifications. You already wrote that you don't want either (you need the Action Center and you wish to display alerts for any issues except the Firewall.

Here come my tests. Settings are recorded in the registry. Registry can be managed via GPO either pushing a value or creating an administrative template that does the job. This is quite easy if the value is simple and/or there is a small number of values to manage. I decided to find which value needs to be changed when I select the option "Turn off messages about network firewall". I've done that using Process Monitor and inspecting which values get changed when I Turn off and on the messages. It ends up that there is at least one value HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\CheckSetting that gets changed. To make things more difficult (see the SID which already makes things difficult) the value is not a 0/1 or enable/disable but it's a REG_BINARY.

You expect to get a solution to your problem, but I'm afraid you will not find the exact solution you are looking for. I might suggest some other solutions and it's up to you to decide which one to choose considering many factors such as the number of clients and users (tens/hundreds/thousands?).

a. Leave things unchanged and instruct the users to disable the Firewall notification using the Action Center. Fast, easy and free. Be sure many will not read your instructions.
b. Disable all the notifications. I would not do that.
c. If you have roaming profiles and you know the user's password, you can use a 7 box, log each user and manually unset the messages. Works if you have a few tens of users. Impracticable if you have a higher number of users.
d. Use Windows Firewall instead of the Kaspersky Firewall. Yes, I know, it will take time and some effort but I believe it is the best long-term solution. Since XP (was it from SP2?) the Windows Firewall became better and better. The 7 version is by my opinion the best (personal) Firewall available. I've worked with Kaspersky time ago as well as with other Firewall (integrated in the AV such as Kaspersky or Trend or not integrated in any AV) and I think Windows 7 Firewall is second to none. Why adopting the Windows Firewall is a long-term solution? Because it frees your system from the AV+Firewall. I mean: if you adopt Windows Firewall you can change AV (in the future) more easily.

Hope I did help somehow. Your feedback is welcome!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
resolver1Author Commented:
its a tough one. Ive tried to use process monitor from sysinternals to track the registry changes but its like trying to find a needle in a heystack, i failed. your help is much appreciated.
I wish to help with Process Monitor. After your capture is done:
a. Select "Show Registry activity",
b. Include the Explorer.EXE Process Name (in order to see only Explorer.EXE actions against the Registry),
c. Include the RegSetValue Operation (in order to see only the SET operations in the Registry).

Once you've applied these 3 filters your list should have only few rows. Remember to start capture a while before changing the setting in the Action Center and stop the capture immediately after. If you leave the capture running for a long time (tens of seconds) the filter operations and searches might require a long time.
resolver1Author Commented:
I think ill go with option a  strivoli.   Thanks for all your hardwork, im very appreciative and the tips about process monitor will come in very handy.  Thanks
resolver1Author Commented:
Thank you for your feedback. If I did help, I kindly ask you to close the question. Have a nice day!
Sorry, I wrote last post while you were closing the question. Thank you for closing it. Bye!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.