Windows XP SP3 Enables The Firewall even If you have it disabled as a Group Policy! Quick Fix!
Written by Karl L. Gechlik | AskTheAdmin.com on April 30, 2008 – 2:10 pm -
So after installing Windows XP SP3 this morning I noticed that the Windows Firewall popped up on restart asking me if I wanted to allow My VNC server access to the internet then my instant messenger. WTF?
I hate the Windows Firewall. You can see my feelings illustrated by the picture at the top of top of this post. I have a domain group policy in place - explicitly disabling the service via a few options. That didn’t stop them from re-enabling it.
After closer inspection I discovered M$ has renamed the Firewall services’ name to be “SharedAccess” and this breaks some stuff. (I am sure they did it intentionally for the MalWare authors of the world!)
Since we do not use the Windows Firewall in my domain it is NOT configured - so when it automagically pops on - SHIT DON”T WORK FOR THE GOOD OLD END USERS!
After querying my machine for services using this command:
I got a full listing of my services and after scrolling down I found this:
Now I needed a quick work-a-round for my SP3 test group. I created a line in my default user login script:
And that shut it down! Thanks for letting me know M$ as always I appreciate the curve ball. I know your just keeping us Admin’s on our toes!
On some happier notes, I am seeing some other great results with memory allocation and overall speediness. I am digging the updated MSTSC remote desktop client as well.
_TheNotSoBetaTestingAdmiN_
Tags: General
Posted in How To |
By Dan on Apr 29, 2008 | Reply
You're right. Windows firewall is dreadful. I installed SP3 Final tonight (after un-installing RC1) and it DID NOT turn my firewall on - and it was off beforehand as I have third party cover. Strange…..
By AskTheAdmin on Apr 29, 2008 | Reply
Very.
All 4 of my sp machines did it. 3 normal upgrades and one clean install with sp3 slip streamed.
anyone else??
By Michael on Apr 29, 2008 | Reply
Office machine went great! about to do my home machine
By Louie on Apr 30, 2008 | Reply
I'll make sure I do this when I get to install SP3 :) Thanks man. Great tip.
By Jay on Apr 30, 2008 | Reply
I had the same issue and was able to manually disable it through the services.msc on reboot. Only one of 8 machines I did had this issue any one know why?
By Rever on Apr 30, 2008 | Reply
We did not run into this at my place yet. I have installed it on only 2 PCs so far. I have GPO that disables the firewall. Both on reboot stayed off.
By AskTheAdmin on Apr 30, 2008 | Reply
How did you have it disabled? I have been getting mixed reactions today - I wonder if it is which options you use to disable it.
Thanks!
By Rever75 on Apr 30, 2008 | Reply
I have it disabled in a few places.
1) Computer => Windows Settings => Security Settings => System Services =>Windows Firewall/Internet Connection Sharing (ICS) (Startup Mode: Disabled)
2) Computer Config => Administraive Template => Network/ Network Connections =>Prohibit use of Internet Connection Firewall on your DNS domain network Enabled
By AskTheAdmin on Apr 30, 2008 | Reply
I had the second one in my Group Policy and I had defined the actual Windows Firewall service to be disabled via:
Computer Configuration— Windows Settings —- System Services it was disabled.
I did not have the first one. I will add this to my G and try deploying again! Thanks Rever75 -how has your testing been going?
By Rever75 on May 1, 2008 | Reply
So far testing is going pretty smoothly. I am running SP3 on 2 test networks. One in a VM network another in out Testing Lab. We have a few in house Apps I need to test a bit more but not to familiar with them. Waiting on someone from that dept. If all goes well, when MS release it I will deploy via WSUS.
By Sandeep on May 20, 2008 | Reply
This article is rubbish.
SharedAccess has always been the name of "Windows firewall" and after every SP upgrade we have had the same issue, That looks pretty much like designed. Seems like people have forgot how the service packs work.
You dont need to play with the "service controller" as advised here.
Open the GPMC (Group Policy Management Console)
Click on Start> Run>
Type in GPEDIT.MSC and click on OK.
The Windows policy that allows you to disable the Internet Connection Firewall for all users including administrators is at the following location in the Windows policy tree:
Local Computer Policy/Computer Configuration/Administrative Templates/Network/Network Connections
On the right hand side, you will see "Prohibit use of Internet Connection Firewall on your DNS Domain." That's where you get to play with it and the of course run the GPUPDATE /FORCE
By AskTheAdmin on May 20, 2008 | Reply
Thanks for your outspoken input Sandeep always appreciated :)
By TheOrc on Apr 9, 2009 | Reply
Hello, I’m one year behind, but can I have yet to be able to solve this problem.
I tried what Sandeep said, but the Firewall still turns itself on upon every reboot.
Or rather I have no idea what to set up in Local Computer Policy/Computer Configuration/Administrative Templates/Network/Network Connections.
Please advise.