Well, if your goal is to ensure that when they are on the corporate network, no ports are blocked, then that is exactly what the GP-based firewall profiles are meant to do. The domain profile can be configured to essentially turn off the firewall when on the corporate LAN and then other profiles can handle public and private networks (e.g. in a coffee shop or at home). Frankly, I'm sure you have business requirements for it, but as a local administrator, GP is relatively useless. As admin I can circumvent any GP controls put in place. Given that you work at a software company, I'm sure you have a lot of smart engineers that would be only too happy to help you out there J. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Kopenski, Jack Sent: Tuesday, July 22, 2008 11:49 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Stopping Vista Firewall Service not working Darren, They do have admin access, and I am willing to concede that some people will turn it back on. There are really two things I am trying to accomplish. I want the firewall off, AND the service stopped when they are in the office. With the service on we are not able to perform some security sweeps or reads from the client machines. So just turning the firewall off is only half my need. Jack _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Tuesday, July 22, 2008 2:36 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Stopping Vista Firewall Service not working Jack- I think you'd be better off using the Windows Firewall with Advanced Security feature in Vista GP to control the firewall on Vista. Have you used that area before? Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Kopenski, Jack Sent: Tuesday, July 22, 2008 11:31 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Stopping Vista Firewall Service not working I have created a simple GPO using group policy preferences to stop the Windows XP firewall service (SharedAccess) and to stop the Vista firewall service (MpsSvc). I configured: Computer Configuration > Preferences > Control Panel Settings > Services. I created an entry for service "MpsSvc" with the Action to stop the service, Startup as No Change, and Account Logon as No Change. I created a second entry for service "SharedAcess" with the same settings. The GPO works fine for XP machines, but I see no change for Vista. The RSOP shows the GPO was applied as does the Group Policy event log. I have tried to run this with an Account Logon of Local System, but that made no difference. I suspect it is a Vista UAC issue, so does anyone see anything I missed? Jack The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.