Question : Setting XP Sp2 firewall settings using zenworks

Hi there,

trying to set XP SP2 firewall settings using group policy.. i would like to disable the XP firewall when machines within our network.

I have used this group policy setting before when on active Dir domain and it has worked a treat. Normally i would select the group policy setting to disable the XP firewall whilst the machine is on the DNS domain. (therefore when outside our DNS network the firewall is enabled) Athough because i am using netware and do not have an AD domain how am i able to use this group pol setting.

anyone any ideas? has anyone using Zenworks 6.5 to apply policy settings got around this?

thanks

Answer : Setting XP Sp2 firewall settings using zenworks

You can't use EITHER of the two "windows firewall" profiles if you want to control it by DNS. You can ONLY use the old "internet connection firewall" setting. If you activate either of the "windows firewall" profiles by changing anything from the default "not configured" you will disable any settings made in the "internet connection firewall" which makes it impossible to control it by DNS.

You would have to have the computers members of a Windows AD Domain in order to use the "windows firewall" profiles. Microsoft probably discovered they were allowing folx to not use AD, and since that goes against their forced tie-in philosophy, changed the way the GP works. "standard" profile is for computers that are members of "workgroup" and "domain" profile is for computers that are members of an AD domain.

That means that you lose the GP control over the windows firewall settings, but that's the way they made it work.

The confusion here is the use of "DNS domain" in the ICF profile but "domain profile" in the Windows Firewall profile. They're two very different things.

Yes, the "network determination" is done using the DNS suffix and the connection-specific suffix, but it ONLY kicks in when the computer thinks it's on a "managed network" which in Microsoft-parlance means an AD network.

If the computer is a member of "workgroup" and not an AD domain member, it is ALWAYS considered to be connected to a non-managed network, making the "standard" profile the only one it will ever use.

What version of NetWare does this site have? If it's 6.5 or OES, you might be able to make the NetWare server a "traditional" domain controller and put the computers into that domain. Maybe that will trick the policy manager into accepting the local DNS as a "managed" network...

Otherwise, you're probably looking at kludging together a registry tweak to ship out via the application launcher, maybe in combination with the NETSH commands for the firewall...

Random Solutions

FTP stops working after a few minutes

Server Network Connection Problems

Windows System Error There is an IP address conflict with another system on the network.

VPN/Remote access issues

Setup a Tagged VLAN (802.1q) between Cisco 4ESW and 3Com 3C17203

zwsreg 6.5 imports duplicate workstations

After a DNS change, how do I get the changes known to my machine?

How can i trace gmail sender IP

Wireless connection goes blank after 24 hours. DLink wireless router and DLink wireless NIC card.

NetBIOS name resoltion issue in domain environment