Firewall ON/OFF

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi to All,

I am very curious if there is any easy way how to solve the following:
There is a need to switch of the firewall function in Windows XP for some
students/workstations. They are developing some applications that
communicate among various ports.
Is there any way how to achieve it without giving the admin rights?
PC are members of Active Directory.

Regards,
Milos

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Put the machines in their own OU and configure GPO to disable XP's Windows
Firewall when they are in the AD domain.

Run GPMC from a Win XP SP2 machine or copy System.adm template to a DC
(typically the PDC - Win 200x).

Set GPO at:

Computer Configuration > Administrative Templates > Network > Network
Connections > Windows Firewall > Domain Profile > Windows Firewall: Protect
all network connections = Disabled.

Alternatively, disable the Windows Firewall Service altogether via GPO.

Do let us know if this helps. Thanks!


"Milos Puchta" wrote:

> Hi to All,
>
> I am very curious if there is any easy way how to solve the following:
> There is a need to switch of the firewall function in Windows XP for some
> students/workstations. They are developing some applications that
> communicate among various ports.
> Is there any way how to achieve it without giving the admin rights?
> PC are members of Active Directory.
>
> Regards,
> Milos
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Even easier, just create a separate GP and OU for those users in AD, where
the firewall is off - when they logon, the firewall will be off, when anyone
else logs on the firewall is on. If you have AD and the domain setup
correctly, AD will apply the GP based on the user's GP policy in the OU they
belong.

--
Star Fleet Admiral Q @ your service!


"Desmond Lee" <mcp@donotspamplease.mars> wrote in message
news:8C0943D3-E54E-48EB-B7ED-643732860190@microsoft.com...
> Put the machines in their own OU and configure GPO to disable XP's Windows
> Firewall when they are in the AD domain.
>
> Run GPMC from a Win XP SP2 machine or copy System.adm template to a DC
> (typically the PDC - Win 200x).
>
> Set GPO at:
>
> Computer Configuration > Administrative Templates > Network > Network
> Connections > Windows Firewall > Domain Profile > Windows Firewall:
Protect
> all network connections = Disabled.
>
> Alternatively, disable the Windows Firewall Service altogether via GPO.
>
> Do let us know if this helps. Thanks!
>
>
> "Milos Puchta" wrote:
>
> > Hi to All,
> >
> > I am very curious if there is any easy way how to solve the following:
> > There is a need to switch of the firewall function in Windows XP for
some
> > students/workstations. They are developing some applications that
> > communicate among various ports.
> > Is there any way how to achieve it without giving the admin rights?
> > PC are members of Active Directory.
> >
> > Regards,
> > Milos
> >
> >
> >

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Why not instead create port rules or application exceptions so that the student
applications run while the firewall is enabled? I would think that's better
than switching off the firewall completely.

Steve Riley
steriley@microsoft.com



> Even easier, just create a separate GP and OU for those users in AD,
> where the firewall is off - when they logon, the firewall will be off,
> when anyone else logs on the firewall is on. If you have AD and the
> domain setup correctly, AD will apply the GP based on the user's GP
> policy in the OU they belong.
>
> "Desmond Lee" <mcp@donotspamplease.mars> wrote in message
> news:8C0943D3-E54E-48EB-B7ED-643732860190@microsoft.com...
>
>> Put the machines in their own OU and configure GPO to disable XP's
>> Windows Firewall when they are in the AD domain.
>>
>> Run GPMC from a Win XP SP2 machine or copy System.adm template to a
>> DC (typically the PDC - Win 200x).
>>
>> Set GPO at:
>>
>> Computer Configuration > Administrative Templates > Network > Network
>> Connections > Windows Firewall > Domain Profile > Windows Firewall:
>>
> Protect
>
>> all network connections = Disabled.
>>
>> Alternatively, disable the Windows Firewall Service altogether via
>> GPO.
>>
>> Do let us know if this helps. Thanks!
>>
>> "Milos Puchta" wrote:
>>
>>> Hi to All,
>>>
>>> I am very curious if there is any easy way how to solve the
>>> following: There is a need to switch of the firewall function in
>>> Windows XP for
>>>
> some
>
>>> students/workstations. They are developing some applications that
>>> communicate among various ports.
>>> Is there any way how to achieve it without giving the admin rights?
>>> PC are members of Active Directory.
>>> Regards,
>>> Milos

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Absolutely, but only if the set of ports are known and can be predefined /
fixed. The original post was unclear "... developing some applications that
communicate among various ports." for some students.

Hey Steve

"Steve Riley [MSFT]" wrote:

> Why not instead create port rules or application exceptions so that the student
> applications run while the firewall is enabled? I would think that's better
> than switching off the firewall completely.
>
> Steve Riley
> steriley@microsoft.com
>
>
>
> > Even easier, just create a separate GP and OU for those users in AD,
> > where the firewall is off - when they logon, the firewall will be off,
> > when anyone else logs on the firewall is on. If you have AD and the
> > domain setup correctly, AD will apply the GP based on the user's GP
> > policy in the OU they belong.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

So rather than defining static port openings, create an exception for the
application. That's a feature of the firewall. You grant an application permission
to listen, and then the firewall watches when the application binds to a
socket and allows inbound connections on whatever port number the application
grabbed. When the application terminates, the firewall's opening is closed.

Steve Riley
steriley@microsoft.com



> Absolutely, but only if the set of ports are known and can be
> predefined / fixed. The original post was unclear "... developing some
> applications that communicate among various ports." for some students.
>
> Hey Steve
>
> "Steve Riley [MSFT]" wrote:
>
>> Why not instead create port rules or application exceptions so that
>> the student applications run while the firewall is enabled? I would
>> think that's better than switching off the firewall completely.
>>
>> Steve Riley
>> steriley@microsoft.com
>>> Even easier, just create a separate GP and OU for those users in AD,
>>> where the firewall is off - when they logon, the firewall will be
>>> off, when anyone else logs on the firewall is on. If you have AD
>>> and the domain setup correctly, AD will apply the GP based on the
>>> user's GP policy in the OU they belong.
>>>