Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

group policy to disable the Windows notifications for the firewall?

Posted on 2012-04-04
13
Medium Priority
?
6,658 Views
Last Modified: 2012-06-27
A little background to my issue. During the installation of the Kaspersky, it disables all the windows firewall for all except the domain. I have remedied this by creating an offline policy in Kaspersky which enables the Kaspersky firewall when out of the office (ie not connected to the office network). The problem now is that users in the office now see a notification showing that the firewall is disabled even though it’s enabled in all scenarios. It’s just that work and home show as disabled when the clients are connected to the office LAN. I've looked into the notifications and you can disable the notifications for firewall on a client by client basis but i want a way to achieve this through group policy.
0
Comment
Question by:resolver1
  • 7
  • 4
  • 2
13 Comments
 
LVL 20

Expert Comment

by:strivoli
ID: 37805505
Do you mean the notification inside Windows 7 Action Center?
0
 
LVL 7

Expert Comment

by:hirenvmajithiya
ID: 37805614
In GPO, navigate to Computer Configuration > Administrative Templates > Windows Components > Security Center.
In that, you will find "Turn on Security Center (Domain PCs only)". Just double click it and say "Disable"

Hiren
0
 

Author Comment

by:resolver1
ID: 37805741
yeah the messages pop up as part of the action centre. However, I don't want to disable the whole of the action centre, just firewall messages.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 20

Expert Comment

by:strivoli
ID: 37808678
I've ended my tests and searches for official white-papers. Please be patient. I'll report tomorrow morning (about 12 hours from now). Thank you.
0
 
LVL 7

Expert Comment

by:hirenvmajithiya
ID: 37809362
If you don't want to disable whole action center, you can just disable firewall notification by pushing small registry setting using GPO Preferences.

HKLM,"System\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile","DisableNotifications",0x00010001,0

If you set the value of DisableNotifications to 1 means no notification for firewall.

Source : http://www.microsoft.com/windowsembedded/en-us/develop/windows-xp-embedded-firewall.aspx

Hiren
0
 
LVL 20

Expert Comment

by:strivoli
ID: 37809855
Hiren, the source (and the solution) you specified relates to XP and the posted question relates to 7. The specified key exists on 7 but I suspect it is unused. If I set the DisableNotifications value to 1 in the StandardProfile (and I've done the same under DomainProfile and PublicProfile) I still have "Turn off messages about network firewall" available in the Action Center, even after rebooting. I'm afraid your solution does not work.
0
 
LVL 20

Accepted Solution

by:
strivoli earned 2000 total points
ID: 37809958
I've done some tests and I've searched for official white-papers.

The most interesting official (or quite official) white-paper I've found is http://blogs.technet.com/b/networking/archive/2010/12/16/disabling-firewall-alerts-in-the-action-center.aspx
It states that there is no way to disable the Firewall alerts. You can either disable the Action Center or disable all balloon notifications. You already wrote that you don't want either (you need the Action Center and you wish to display alerts for any issues except the Firewall.

Here come my tests. Settings are recorded in the registry. Registry can be managed via GPO either pushing a value or creating an administrative template that does the job. This is quite easy if the value is simple and/or there is a small number of values to manage. I decided to find which value needs to be changed when I select the option "Turn off messages about network firewall". I've done that using Process Monitor and inspecting which values get changed when I Turn off and on the messages. It ends up that there is at least one value HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\CheckSetting that gets changed. To make things more difficult (see the SID which already makes things difficult) the value is not a 0/1 or enable/disable but it's a REG_BINARY.

You expect to get a solution to your problem, but I'm afraid you will not find the exact solution you are looking for. I might suggest some other solutions and it's up to you to decide which one to choose considering many factors such as the number of clients and users (tens/hundreds/thousands?).

a. Leave things unchanged and instruct the users to disable the Firewall notification using the Action Center. Fast, easy and free. Be sure many will not read your instructions.
b. Disable all the notifications. I would not do that.
c. If you have roaming profiles and you know the user's password, you can use a 7 box, log each user and manually unset the messages. Works if you have a few tens of users. Impracticable if you have a higher number of users.
d. Use Windows Firewall instead of the Kaspersky Firewall. Yes, I know, it will take time and some effort but I believe it is the best long-term solution. Since XP (was it from SP2?) the Windows Firewall became better and better. The 7 version is by my opinion the best (personal) Firewall available. I've worked with Kaspersky time ago as well as with other Firewall (integrated in the AV such as Kaspersky or Trend or not integrated in any AV) and I think Windows 7 Firewall is second to none. Why adopting the Windows Firewall is a long-term solution? Because it frees your system from the AV+Firewall. I mean: if you adopt Windows Firewall you can change AV (in the future) more easily.

Hope I did help somehow. Your feedback is welcome!
0
 

Author Comment

by:resolver1
ID: 37809979
its a tough one. Ive tried to use process monitor from sysinternals to track the registry changes but its like trying to find a needle in a heystack, i failed. your help is much appreciated.
0
 
LVL 20

Expert Comment

by:strivoli
ID: 37810182
I wish to help with Process Monitor. After your capture is done:
a. Select "Show Registry activity",
b. Include the Explorer.EXE Process Name (in order to see only Explorer.EXE actions against the Registry),
c. Include the RegSetValue Operation (in order to see only the SET operations in the Registry).

Once you've applied these 3 filters your list should have only few rows. Remember to start capture a while before changing the setting in the Action Center and stop the capture immediately after. If you leave the capture running for a long time (tens of seconds) the filter operations and searches might require a long time.
0
 

Author Comment

by:resolver1
ID: 37812587
I think ill go with option a  strivoli.   Thanks for all your hardwork, im very appreciative and the tips about process monitor will come in very handy.  Thanks
0
 

Author Closing Comment

by:resolver1
ID: 37812592
Thanks
0
 
LVL 20

Expert Comment

by:strivoli
ID: 37812598
Thank you for your feedback. If I did help, I kindly ask you to close the question. Have a nice day!
0
 
LVL 20

Expert Comment

by:strivoli
ID: 37812606
Sorry, I wrote last post while you were closing the question. Thank you for closing it. Bye!
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question