Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

group policy to disable the Windows notifications for the firewall?

Posted on 2012-04-04
13
Medium Priority
?
6,890 Views
Last Modified: 2012-06-27
A little background to my issue. During the installation of the Kaspersky, it disables all the windows firewall for all except the domain. I have remedied this by creating an offline policy in Kaspersky which enables the Kaspersky firewall when out of the office (ie not connected to the office network). The problem now is that users in the office now see a notification showing that the firewall is disabled even though it’s enabled in all scenarios. It’s just that work and home show as disabled when the clients are connected to the office LAN. I've looked into the notifications and you can disable the notifications for firewall on a client by client basis but i want a way to achieve this through group policy.
0
Comment
Question by:resolver1
  • 7
  • 4
  • 2
13 Comments
 
LVL 20

Expert Comment

by:strivoli
ID: 37805505
Do you mean the notification inside Windows 7 Action Center?
0
 
LVL 7

Expert Comment

by:hirenvmajithiya
ID: 37805614
In GPO, navigate to Computer Configuration > Administrative Templates > Windows Components > Security Center.
In that, you will find "Turn on Security Center (Domain PCs only)". Just double click it and say "Disable"

Hiren
0
 

Author Comment

by:resolver1
ID: 37805741
yeah the messages pop up as part of the action centre. However, I don't want to disable the whole of the action centre, just firewall messages.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 20

Expert Comment

by:strivoli
ID: 37808678
I've ended my tests and searches for official white-papers. Please be patient. I'll report tomorrow morning (about 12 hours from now). Thank you.
0
 
LVL 7

Expert Comment

by:hirenvmajithiya
ID: 37809362
If you don't want to disable whole action center, you can just disable firewall notification by pushing small registry setting using GPO Preferences.

HKLM,"System\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile","DisableNotifications",0x00010001,0

If you set the value of DisableNotifications to 1 means no notification for firewall.

Source : http://www.microsoft.com/windowsembedded/en-us/develop/windows-xp-embedded-firewall.aspx

Hiren
0
 
LVL 20

Expert Comment

by:strivoli
ID: 37809855
Hiren, the source (and the solution) you specified relates to XP and the posted question relates to 7. The specified key exists on 7 but I suspect it is unused. If I set the DisableNotifications value to 1 in the StandardProfile (and I've done the same under DomainProfile and PublicProfile) I still have "Turn off messages about network firewall" available in the Action Center, even after rebooting. I'm afraid your solution does not work.
0
 
LVL 20

Accepted Solution

by:
strivoli earned 2000 total points
ID: 37809958
I've done some tests and I've searched for official white-papers.

The most interesting official (or quite official) white-paper I've found is http://blogs.technet.com/b/networking/archive/2010/12/16/disabling-firewall-alerts-in-the-action-center.aspx
It states that there is no way to disable the Firewall alerts. You can either disable the Action Center or disable all balloon notifications. You already wrote that you don't want either (you need the Action Center and you wish to display alerts for any issues except the Firewall.

Here come my tests. Settings are recorded in the registry. Registry can be managed via GPO either pushing a value or creating an administrative template that does the job. This is quite easy if the value is simple and/or there is a small number of values to manage. I decided to find which value needs to be changed when I select the option "Turn off messages about network firewall". I've done that using Process Monitor and inspecting which values get changed when I Turn off and on the messages. It ends up that there is at least one value HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\CheckSetting that gets changed. To make things more difficult (see the SID which already makes things difficult) the value is not a 0/1 or enable/disable but it's a REG_BINARY.

You expect to get a solution to your problem, but I'm afraid you will not find the exact solution you are looking for. I might suggest some other solutions and it's up to you to decide which one to choose considering many factors such as the number of clients and users (tens/hundreds/thousands?).

a. Leave things unchanged and instruct the users to disable the Firewall notification using the Action Center. Fast, easy and free. Be sure many will not read your instructions.
b. Disable all the notifications. I would not do that.
c. If you have roaming profiles and you know the user's password, you can use a 7 box, log each user and manually unset the messages. Works if you have a few tens of users. Impracticable if you have a higher number of users.
d. Use Windows Firewall instead of the Kaspersky Firewall. Yes, I know, it will take time and some effort but I believe it is the best long-term solution. Since XP (was it from SP2?) the Windows Firewall became better and better. The 7 version is by my opinion the best (personal) Firewall available. I've worked with Kaspersky time ago as well as with other Firewall (integrated in the AV such as Kaspersky or Trend or not integrated in any AV) and I think Windows 7 Firewall is second to none. Why adopting the Windows Firewall is a long-term solution? Because it frees your system from the AV+Firewall. I mean: if you adopt Windows Firewall you can change AV (in the future) more easily.

Hope I did help somehow. Your feedback is welcome!
0
 

Author Comment

by:resolver1
ID: 37809979
its a tough one. Ive tried to use process monitor from sysinternals to track the registry changes but its like trying to find a needle in a heystack, i failed. your help is much appreciated.
0
 
LVL 20

Expert Comment

by:strivoli
ID: 37810182
I wish to help with Process Monitor. After your capture is done:
a. Select "Show Registry activity",
b. Include the Explorer.EXE Process Name (in order to see only Explorer.EXE actions against the Registry),
c. Include the RegSetValue Operation (in order to see only the SET operations in the Registry).

Once you've applied these 3 filters your list should have only few rows. Remember to start capture a while before changing the setting in the Action Center and stop the capture immediately after. If you leave the capture running for a long time (tens of seconds) the filter operations and searches might require a long time.
0
 

Author Comment

by:resolver1
ID: 37812587
I think ill go with option a  strivoli.   Thanks for all your hardwork, im very appreciative and the tips about process monitor will come in very handy.  Thanks
0
 

Author Closing Comment

by:resolver1
ID: 37812592
Thanks
0
 
LVL 20

Expert Comment

by:strivoli
ID: 37812598
Thank you for your feedback. If I did help, I kindly ask you to close the question. Have a nice day!
0
 
LVL 20

Expert Comment

by:strivoli
ID: 37812606
Sorry, I wrote last post while you were closing the question. Thank you for closing it. Bye!
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question