Firewall Mysteriously Turning On After Enabling DHCP - XP SP3

  • Thread starter Thread starter Rico
  • Start date Start date
R

Rico

When trying to change corporate PCs from static assignments to DHCP, I
am getting all sorts of results (I inherited this situation). The
oddest and most frequent one I am running into is that the firewall is
turning on -- not good.

The PCs do not have admin rights, and many a GPO is applied (I can not
find anything in the policies that would cause this)


Since PCs do not have admin rights, here are the two methods I have
tried to change IP from static to DHCP (inc. DNS server assignments):


Method 1 -- PSEXEC
psexec \\PCNAME -s netsh interface ip set address name="Local Area
Connection" source=dhcp
psexec \\PCNAME -s netsh interface ip set dns name="Local Area
Connection" source=dhcp
--note: a "psexec \\rad03 -s netsh firewall set opmode disable"
issued prior to does not help


Method 2 -- For Giggles, Remote Control & RUNAS
Dameware to PC, then:
runas /env /user:administrator@domain "netsh interface ip set address
name=\"Local Area Connection\" source=dhcp"
runas /env /user:administrator@domain "netsh interface ip set dns name=
\"Local Area Connection\" source=dhcp"


I've tried various VB scripts also -- to no avail.


Summary, the DHCP command typically "takes" and the PC will get an
assignment from DHCP -- BUT the firewall will turn on.


This is driving me insane. Chicken dinner to the winner.


Thanks.
 
Rico said:
When trying to change corporate PCs from static assignments to DHCP, I
am getting all sorts of results (I inherited this situation). The
oddest and most frequent one I am running into is that the firewall is
turning on -- not good.
Click to expand...

I must beg to differ there. You should have the firewall enabled on your
clients. Set exceptions via group policy.
The PCs do not have admin rights, and many a GPO is applied (I can not
find anything in the policies that would cause this)
Since PCs do not have admin rights, here are the two methods I have
tried to change IP from static to DHCP (inc. DNS server assignments):


Method 1 -- PSEXEC
psexec \\PCNAME -s netsh interface ip set address name="Local Area
Connection" source=dhcp
psexec \\PCNAME -s netsh interface ip set dns name="Local Area
Connection" source=dhcp
--note: a "psexec \\rad03 -s netsh firewall set opmode disable"
issued prior to does not help


Method 2 -- For Giggles, Remote Control & RUNAS
Dameware to PC, then:
runas /env /user:administrator@domain "netsh interface ip set address
name=\"Local Area Connection\" source=dhcp"
runas /env /user:administrator@domain "netsh interface ip set dns
name= \"Local Area Connection\" source=dhcp"


I've tried various VB scripts also -- to no avail.


Summary, the DHCP command typically "takes" and the PC will get an
assignment from DHCP -- BUT the firewall will turn on.


This is driving me insane. Chicken dinner to the winner.


Thanks.
Click to expand...

Did you try running an rsop.msc on an affected client?
 
Yes. Only thing I see relevant is that we have disabled user access to
network settings and firewall disabled.

After turning on DHCP, the firewall enables itself. Note that by doing
this, GP is not updated anyway.

If we rebooted (or anything that would do a GPupdate) I'm certain that the
firewall would turn off, as GP forces that. Problem is, the next command I
want to run is setting DNS remotely, which I can't do once the FW
mysteriously turns itself on. BTW, and as USUAL, I can not find anything in
the event log pertinent.
 
Rico said:
Yes. Only thing I see relevant is that we have disabled user access
to network settings and firewall disabled.
Click to expand...

No user has access to that by default.
After turning on DHCP, the firewall enables itself. Note that by
doing this, GP is not updated anyway.
Click to expand...

I don't follow, sorry -
If we rebooted (or anything that would do a GPupdate) I'm certain
that the firewall would turn off, as GP forces that. Problem is, the
next command I want to run is setting DNS remotely,
Click to expand...

Isn't your DHCP setting doing that (as per the psexec command)?

which I can't do
once the FW mysteriously turns itself on.
Click to expand...

Sure you can. You can manage your firewall exceptions via group policy.
BTW, and as USUAL, I can
not find anything in the event log pertinent.
Click to expand...

I'm sorry I have no more suggestions. How many machines do you need to do
this on?
 
Really don't expect much with questions being asked/answered. (Especially
since I'm trying to avoid re-writing War And Peace. Nobody wants to see the
level of detail I've spent on this.) Was hoping that somebody ran into this
themselves -- and corrected it.

Thanks for your stab at it.
 
Rico said:
Really don't expect much with questions being asked/answered.
(Especially since I'm trying to avoid re-writing War And Peace.
Nobody wants to see the level of detail I've spent on this.) Was
hoping that somebody ran into this themselves -- and corrected it.

Thanks for your stab at it.
Click to expand...

Sure. Sorry I wasn't more help. I leave the firewall enabled in all my
networks, and I always set up the clients to use DHCP, so I haven't run into
this personally. Good luck.
 
Back
Top