XP SP2 Windows Firewall Local Administration

[Guest]

Active Directory environment, 1000 clients.
We manage XP SP2 Windows Firewall settings with domain Group Policy and it
works just fine.
But, occasionally we really need a local administrator (typically a domain
account that was delegeted with complete FULL CONTROL of the entire OU and is
also in the local Administrators group in the client computer) to be able to
log on locally to the client computer and toggle on and off Windows Firewall
for debugging purposes.
I find it hard to believe that once GPO is applied we cannot grant the local
administrator of our choosing the power to toggle Windows Firewall on and off.
Any suggestion is very much appreciated.
Thanks
Pat

 

[Juan]

Not sure if any of this will help, give it a try if interested...
Star\Run\gpedit.msc\right click on Local Machine Directives\Properties\check
on; Disable Machine Configuration parameters.
Or Start\Run\Services.msc\ and disable the Firewall service

Try any of these alternatives with the network line removed if necessary.

 

[Guest]

Juan,

Thank you. The second solution works.
The first did not work because OU policies override local policies.
The local administrator can stop/start the Firewall service form the
services.msc and that solves my problem.

Thanks.
Pat