[gptalk] Re: Stopping Vista Firewall Service not working
- From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Wed, 23 Jul 2008 09:04:27 -0700
Not sure, frankly, unless the service's ACL precludes it from being managed.
But since the GP extension should be running as localSystem, that doesn't
seem to likely.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Kopenski, Jack
Sent: Wednesday, July 23, 2008 7:40 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Stopping Vista Firewall Service not working
Darren,
Any clue why the Vista service will not stop?
Jack
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Tuesday, July 22, 2008 3:13 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Stopping Vista Firewall Service not working
Well, if your goal is to ensure that when they are on the corporate network,
no ports are blocked, then that is exactly what the GP-based firewall
profiles are meant to do. The domain profile can be configured to
essentially turn off the firewall when on the corporate LAN and then other
profiles can handle public and private networks (e.g. in a coffee shop or at
home).
Frankly, I'm sure you have business requirements for it, but as a local
administrator, GP is relatively useless. As admin I can circumvent any GP
controls put in place. Given that you work at a software company, I'm sure
you have a lot of smart engineers that would be only too happy to help you
out there J.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Kopenski, Jack
Sent: Tuesday, July 22, 2008 11:49 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Stopping Vista Firewall Service not working
Darren,
They do have admin access, and I am willing to concede that some people will
turn it back on.
There are really two things I am trying to accomplish. I want the firewall
off, AND the service stopped when they are in the office. With the service
on we are not able to perform some security sweeps or reads from the client
machines. So just turning the firewall off is only half my need.
Jack
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Tuesday, July 22, 2008 2:36 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Stopping Vista Firewall Service not working
Jack-
I think you'd be better off using the Windows Firewall with Advanced
Security feature in Vista GP to control the firewall on Vista. Have you used
that area before?
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Kopenski, Jack
Sent: Tuesday, July 22, 2008 11:31 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Stopping Vista Firewall Service not working
I have created a simple GPO using group policy preferences to stop the
Windows XP firewall service (SharedAccess) and to stop the Vista firewall
service (MpsSvc). I configured: Computer Configuration > Preferences >
Control Panel Settings > Services.
I created an entry for service "MpsSvc" with the Action to stop the service,
Startup as No Change, and Account Logon as No Change.
I created a second entry for service "SharedAcess" with the same settings.
The GPO works fine for XP machines, but I see no change for Vista. The RSOP
shows the GPO was applied as does the Group Policy event log. I have tried
to run this with an Account Logon of Local System, but that made no
difference. I suspect it is a Vista UAC issue, so does anyone see
anything I missed?
Jack
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.
Other related posts:
