XP SP2 Windows Firewall Local Administration

[pat]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Active Directory environment, 1000 clients.
We manage XP SP2 Windows Firewall settings with domain Group Policy and it
works just fine.
But, occasionally we really need a local administrator (typically a domain
account that was delegeted with complete FULL CONTROL of the entire OU and is
also in the local Administrators group in the client computer) to be able to
log on locally to the client computer and toggle on and off Windows Firewall
for debugging purposes.
I find it hard to believe that once GPO is applied we cannot grant the local
administrator of our choosing the power to toggle Windows Firewall on and off.
Any suggestion is very much appreciated.
Thanks
Pat

 

[Juan]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Not sure if any of this will help, give it a try if interested...
Star\Run\gpedit.msc\right click on Local Machine Directives\Properties\check
on; Disable Machine Configuration parameters.
Or Start\Run\Services.msc\ and disable the Firewall service

Try any of these alternatives with the network line removed if necessary.

----------------------------------------------
"Pat" <Pat@discussions.microsoft.com> escribió en el mensaje
news:76D05D4A-A2B3-4527-B747-895D7BA3CD97@microsoft.com...
> Active Directory environment, 1000 clients.
> We manage XP SP2 Windows Firewall settings with domain Group Policy and it
> works just fine.
> But, occasionally we really need a local administrator (typically a domain
> account that was delegeted with complete FULL CONTROL of the entire OU and
is
> also in the local Administrators group in the client computer) to be able
to
> log on locally to the client computer and toggle on and off Windows
Firewall
> for debugging purposes.
> I find it hard to believe that once GPO is applied we cannot grant the
local
> administrator of our choosing the power to toggle Windows Firewall on and
off.
> Any suggestion is very much appreciated.
> Thanks
> Pat
>

 

[pat]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Juan,

Thank you. The second solution works.
The first did not work because OU policies override local policies.
The local administrator can stop/start the Firewall service form the
services.msc and that solves my problem.

Thanks.
Pat


"Juan" wrote:

> Not sure if any of this will help, give it a try if interested...
> Star\Run\gpedit.msc\right click on Local Machine Directives\Properties\check
> on; Disable Machine Configuration parameters.
> Or Start\Run\Services.msc\ and disable the Firewall service
>
> Try any of these alternatives with the network line removed if necessary.
>
> ----------------------------------------------
> "Pat" <Pat@discussions.microsoft.com> escribió en el mensaje
> news:76D05D4A-A2B3-4527-B747-895D7BA3CD97@microsoft.com...
> > Active Directory environment, 1000 clients.
> > We manage XP SP2 Windows Firewall settings with domain Group Policy and it
> > works just fine.
> > But, occasionally we really need a local administrator (typically a domain
> > account that was delegeted with complete FULL CONTROL of the entire OU and
> is
> > also in the local Administrators group in the client computer) to be able
> to
> > log on locally to the client computer and toggle on and off Windows
> Firewall
> > for debugging purposes.
> > I find it hard to believe that once GPO is applied we cannot grant the
> local
> > administrator of our choosing the power to toggle Windows Firewall on and
> off.
> > Any suggestion is very much appreciated.
> > Thanks
> > Pat
> >
>
>
>