G
Guest
Hi
Is it possilbe to enable the Windows Firewall on my XP machines via a GPO
Thanks all!!!
Is it possilbe to enable the Windows Firewall on my XP machines via a GPO
Thanks all!!!
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
S
serverguy
If you have a domain (since you are talking about GPOs), then I assume you
already have a firewall, so why would you want to enable the XP firewall?
It is only intended for use on computers directly connected to the Internet
that are not already behind a firewall. If you turn it on, you may have
other problems with file & printer sharing, etc..
I know that doesn't answer your question. I have not seen an option to
enable this setting via GPO, but that doesn't mean it can't be done. There
are ways to create your own administrative templates based on registry
settings, but I have not gotten that to work. As for which registry
settings you would need, you could find out using snapshot software like
Wininstall or Zenworks. How many machines are you trying to configure? It
might be easier to hit them manually.
But if it is alot of machines, again, they should already be behind one
firewall.
already have a firewall, so why would you want to enable the XP firewall?
It is only intended for use on computers directly connected to the Internet
that are not already behind a firewall. If you turn it on, you may have
other problems with file & printer sharing, etc..
I know that doesn't answer your question. I have not seen an option to
enable this setting via GPO, but that doesn't mean it can't be done. There
are ways to create your own administrative templates based on registry
settings, but I have not gotten that to work. As for which registry
settings you would need, you could find out using snapshot software like
Wininstall or Zenworks. How many machines are you trying to configure? It
might be easier to hit them manually.
But if it is alot of machines, again, they should already be behind one
firewall.
G
Guest
Over the last few months we have bee hit with several viruses including Saser if I can enable the firewalls on all my machines this will stop these types of attacks dead in there tracks, and gives us an added layer of securit
S
Steven L Umbach
For Windows 2000 and XP Pro machines you could quickly enable ipsec
filtering or ipsec negotiation policies if needed. Ipsec filtering using
permit and block filter actions can be implemented via Group Policy to be a
packet filtering firewall that can control inbound AND outbound traffic. A
policy can also be assigned/unassigned very easily. Of course the policy
change will not propagate right away, though reboots or shortening the Group
Policy refresh interval for computer configuration will help. See the link
below if interested for an example of how to implement. --- Steve
http://www.securityfocus.com/infocus/1566
types of attacks dead in there tracks, and gives us an added layer of
security
filtering or ipsec negotiation policies if needed. Ipsec filtering using
permit and block filter actions can be implemented via Group Policy to be a
packet filtering firewall that can control inbound AND outbound traffic. A
policy can also be assigned/unassigned very easily. Of course the policy
change will not propagate right away, though reboots or shortening the Group
Policy refresh interval for computer configuration will help. See the link
below if interested for an example of how to implement. --- Steve
http://www.securityfocus.com/infocus/1566
Saser if I can enable the firewalls on all my machines this will stop theseGreenman said:Over the last few months we have bee hit with several viruses including
types of attacks dead in there tracks, and gives us an added layer of
security
D
Drew Cooper [MSFT]
Yes. At least yes for SP2. I'm not an ICF expert, but I was interested
enough in their changes in SP2 that I read about ICF group-policy in this
doc:
http://www.microsoft.com/technet/community/columns/cableguy/cg0104.mspx
(At least that looks like the same doc I read. )
I don't know what policies they have for pre-SP2. You can probably google
for something like "windows firewall group policy site:microsoft.com" and
find more info, though.
enough in their changes in SP2 that I read about ICF group-policy in this
doc:
http://www.microsoft.com/technet/community/columns/cableguy/cg0104.mspx
(At least that looks like the same doc I read. )
I don't know what policies they have for pre-SP2. You can probably google
for something like "windows firewall group policy site:microsoft.com" and
find more info, though.
E
Eric Chamberlain
Not until SP2 is available. Currently you would have to use startup
scripts.
scripts.