Vista Advanced Firewall

[RayG]

In Vista Ultimate I seem to have enabled in some way the advanced firewall.

Does anyone know how to go back to the basic firewall - i.e. disable the
advanced one

Having done that, how indeed to you actually enable the advanced one, as I
do not remember doing it in the first place

 

[Nick /////]

In Vista Ultimate I seem to have enabled in some way the advanced
firewall.

Does anyone know how to go back to the basic firewall - i.e. disable the
advanced one

Having done that, how indeed to you actually enable the advanced one, as I
do not remember doing it in the first place

Firstly I think you are a little confused.

There is only one Vista Firewall.

The difference is the level of control.

The Basic control is via "Start\Programs\Accessories\Control Panel\Windows
Firewall"

The Advanced control is via "Start\Programs\Administrative Tools\Windows
Firewall with Advanced Security"

The Advanced bit is basically allowing much more granular control. Basic is
just that. If you like Basic provides a selection of common or preset
rules.

Nick /////

 

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

You get that if you are behind a server and on a domain profile.

You are still either confused... or you've been hit with malware that is
controlling your firewall.

 

[BillD]

open the start menu and type this word: firewall.
you'll see these 2 items:
- Windows Firewall
- Windows Firewall with advanced security

you can modify the firewall's rules using the basic interface or the
advanced interface.

 

[RayG]

You get that if you are behind a server and on a domain profile.

You are still either confused... or you've been hit with malware that
is controlling your firewall.

No, No malware and not connected to a domain

 

[RayG]

open the start menu and type this word: firewall.
you'll see these 2 items:
- Windows Firewall
- Windows Firewall with advanced security

you can modify the firewall's rules using the basic interface or the
advanced interface.

No sorry you cannot turn off the firewall if it is in advanced mode from the
basic screen

See image attached to my reply to Nick///

What I want to know is how to turn off advanced mode and conversly how to
turn it on outside of being connected to a domain.

 

[Kerry Brown]

No, No malware and not connected to a domain

In the Network and Sharing Center is the network Public, Private, or Domain?
If it's Public or Domain there's your problem. If it's Private then try
running secpol.msc. Change all of the settings in the Private profile to Not
configured then reboot. If this doesn't fix it then it is very likely you do
have some malware installed.

 

[RayG]

In the Network and Sharing Center is the network Public, Private, or
Domain? If it's Public or Domain there's your problem. If it's
Private then try running secpol.msc. Change all of the settings in
the Private profile to Not configured then reboot. If this doesn't
fix it then it is very likely you do have some malware installed.

Kerry,

Ah! I think you may have hit the nail on the head.

I have VMware installed in this system and it has its IP addresses in the
"Public" space and no matter what I try to do I cannot get them to stay in
the "Private" space. Is there a trick in Vista that I am missing?

Network Properties shows

192.168.10 - PC
192.168.102 - VMware
192.169.109 - VMware

and my ethernet adapter is listed in both private and public.

 

[Nick /////]

No sorry you cannot turn off the firewall if it is in advanced mode from
the basic screen

See image attached to my reply to Nick///

What I want to know is how to turn off advanced mode and conversly how to
turn it on outside of being connected to a domain.

Open up "Firewall with Advanced Control"

Select top item in left hand pane and the central pane should be titled
"Windows Firewall With Advanced Security on Local Computer" (Note the Local)
Below this the central window should be "Overview"
In this you should see 3 profile with one marked as "Active".

Which is your Active profile? For a normal home lan and router setup your
profile should/will be "Private"

On any profile there are 3 active lines: Normal default values are:
o Windows Firewall Is On
o Inbound connections that do match rule are blocked
o Outbound connections that do match rule are allowed

If you deviate from these then you could say that you have enabled the
Advanced Firewall.

Last item on this central pane below the profiles is a hotlink "Windows
Firewall Properties"
Following this will take you to the control that affect the 3 active lines
mentioned above. ie. you want:

o Firewall state ON
o Inbound Block - default
o Outbound Allow - default

Open Up the Normal Windows Firewall Control and you want to set: (do/check
in order listed)

Advance Tab - Check ALL network connections listed are ticked
Exceptions - At LEAST Core Networking and Network Discovery should be ticked
(you may have others)
General - You should be On or Even Off

Going back to Profiles. If you are on an Active Domain profile, or Public
profile then I as yet have no experience of these. Certainly in Domain
profile then the level of control you have is determined by the domain
set-up/controller, be that a person or a machine or remote administration.

If nothing else hopefully the above will give you some idea as to what most
home set-ups see.

Nick /////

 

[Kerry Brown]

Kerry,

Ah! I think you may have hit the nail on the head.

I have VMware installed in this system and it has its IP addresses in the
"Public" space and no matter what I try to do I cannot get them to stay in
the "Private" space. Is there a trick in Vista that I am missing?

Network Properties shows

192.168.10 - PC
192.168.102 - VMware
192.169.109 - VMware

and my ethernet adapter is listed in both private and public.

Is Vista running in a virtual machine?

 

[RayG]

Is Vista running in a virtual machine?

No I have Linux and Solaris in the VM's Vist is the main OS that VMWare runs
on.

 

[RayG]

Open up "Firewall with Advanced Control"

Select top item in left hand pane and the central pane should be
titled "Windows Firewall With Advanced Security on Local Computer"
(Note the Local) Below this the central window should be "Overview"
In this you should see 3 profile with one marked as "Active".

Which is your Active profile? For a normal home lan and router setup
your profile should/will be "Private"

On any profile there are 3 active lines: Normal default values are:
o Windows Firewall Is On
o Inbound connections that do match rule are blocked
o Outbound connections that do match rule are allowed

If you deviate from these then you could say that you have enabled the
Advanced Firewall.

Last item on this central pane below the profiles is a hotlink
"Windows Firewall Properties"
Following this will take you to the control that affect the 3 active
lines mentioned above. ie. you want:

o Firewall state ON
o Inbound Block - default
o Outbound Allow - default

Open Up the Normal Windows Firewall Control and you want to set:
(do/check in order listed)

Advance Tab - Check ALL network connections listed are ticked
Exceptions - At LEAST Core Networking and Network Discovery should be
ticked (you may have others)
General - You should be On or Even Off

Going back to Profiles. If you are on an Active Domain profile, or
Public profile then I as yet have no experience of these. Certainly
in Domain profile then the level of control you have is determined by
the domain set-up/controller, be that a person or a machine or remote
administration.
If nothing else hopefully the above will give you some idea as to
what most home set-ups see.

Nick /////

Nick,

Thanks for that explanation and what you say is correct. However I think
Kerry discovered what the real issue that caused the advanced firewall to be
on was - and that is I installed VMWare Workstation on Vista and that causes
a "Public" item to be created and this in turn causes the Advanced firewall
to be on rather than just the basic one.

 

[Kerry Brown]

No I have Linux and Solaris in the VM's Vist is the main OS that VMWare
runs on.

What happens if you shut down VMWare?

I don't have a lot of experience with VMWare in Vista. I tried it with Vista
x64 but because the VMWare driver is not signed it got to be a pain pressing
F8 on every boot up to allow the unsigned driver. I switched to VPC 2007.
When I was testing VMWare I didn't see this problem so it may be something
in the way you have configured networking in the VM's.

 

[RayG]

What happens if you shut down VMWare?

I don't have a lot of experience with VMWare in Vista. I tried it
with Vista x64 but because the VMWare driver is not signed it got to
be a pain pressing F8 on every boot up to allow the unsigned driver.
I switched to VPC 2007. When I was testing VMWare I didn't see this
problem so it may be something in the way you have configured
networking in the VM's.

Kerry,

VMWare is not running a VM it is just installed so it is just the VMWare
adapters that run all the time when it is installed.

To change this and see what happens I would need to uninstall VMWare

 

[Hayabusa]

What happens if you shut down VMWare?

I don't have a lot of experience with VMWare in Vista. I tried it with
Vista x64 but because the VMWare driver is not signed it got to be a
pain pressing F8 on every boot up to allow the unsigned driver. I
switched to VPC 2007. When I was testing VMWare I didn't see this
problem so it may be something in the way you have configured networking
in the VM's.

Not sure what VMware product you refer to but I got VMware Workstation
6.0.2 build-59824 running on Vista Ultimate x64, no need to press F8 on
boot here!


Cheers
Hayabusa

 

[Hayabusa]

Nick,

Thanks for that explanation and what you say is correct. However I think
Kerry discovered what the real issue that caused the advanced firewall
to be on was - and that is I installed VMWare Workstation on Vista and
that causes a "Public" item to be created and this in turn causes the
Advanced firewall to be on rather than just the basic one.

Just installing VMware Workstation on Vista (64-bit at least)does not
cause this behaviour by default. Can't help you with your problem
though... sorry.

Cheers
Hayabusa

 

[Kerry Brown]

Not sure what VMware product you refer to but I got VMware Workstation
6.0.2 build-59824 running on Vista Ultimate x64, no need to press F8 on
boot here!

I didn't see it was VMWare Workstation until later. I was using VMWare
Server.

 

[RayG]

I didn't see it was VMWare Workstation until later. I was using VMWare
Server.

Ok I think I have now sorted my problem.

In order to get back to the basix mode of operation you have to run wf.msc
and set all three types (Domain, Public, Private) to unconfigured. When this
is done the basic functionality is restored

What I did to work through this was:

I uninstalled any other firewall/AV S/W
I uninstalled VMWare Workstation

The issue remained the same so it was not VMWare as I would have expected it
to reverse what it did. It was also not the other Firewall AV S/W as that
could not handle the advanced configuration.

Having done installs/uninstalls several times to prove one thing or another
what I also discovered was that my ethernet adapter had associated with it a
169 IP address that was causing it to appear in both public and private
network domains. I looked in all the places I could think of but could not
locate that item. So what I did next was to delete the ethernet card ftom
device manager and reboot letting the system discover the hardware again.

This at least cleared up the 169 address and the ethernet adapter is now in
the private space only. I then installed VMWare nothing changed apart from
the VMWare adapters going into the public space. I then did the same with
other firwall and A/V S/W and again nothing changed.

So whilst I have resolved my problem I have no idea how it got into that
state in the first place.

 

[RayG]

Just installing VMware Workstation on Vista (64-bit at least)does not
cause this behaviour by default. Can't help you with your problem
though... sorry.

Cheers
Hayabusa

See my reply to Kerry above