By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,395 Members | 1,396 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,395 IT Pros & Developers. It's quick & easy.

Internet access behind win xp sp2

P: n/a
Hi

I am using ms internet control in my app. It works fine form all machines
except from a new one which has win xp sp2 installed. All machines are part
of a small business server 2003 domain so have the isa server firewall
client as well. Unfortunately I can't find a way to disable xp firewall once
it is connected to the domain. How do I get past the xp firewall for
internet control to work?

Thanks

Regards
Nov 13 '05 #1
Share this Question
Share on Google+
10 Replies


P: n/a
John wrote:
Hi

I am using ms internet control in my app. It works fine form all machines
except from a new one which has win xp sp2 installed. All machines are part
of a small business server 2003 domain so have the isa server firewall
client as well. Unfortunately I can't find a way to disable xp firewall once
it is connected to the domain. How do I get past the xp firewall for
internet control to work?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You can disconnect the MS Windows XP firewall:

Start > Settings > Control Panel

Double click on the Windows Firewall icon.
Under the General tab click the Off (Not Recommended) option button.
--
MGFoster:::mgf00 <at> earthlink <decimal-point> net
Oakland, CA (USA)

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBQlcbboechKqOuFEgEQJkcQCffFszSlohgB3vJpBjMivk/gsmGs4AniKs
lUJrq1XxddP1dV69IpN5fiIH
=EfWx
-----END PGP SIGNATURE-----
Nov 13 '05 #2

P: n/a
MGFoster <me@privacy.com> wrote in
news:LX*****************@newsread1.news.pas.earthl ink.net:
John wrote:

I am using ms internet control in my app. It works fine form all
machines except from a new one which has win xp sp2 installed.
All machines are part of a small business server 2003 domain so
have the isa server firewall client as well. Unfortunately I
can't find a way to disable xp firewall once it is connected to
the domain. How do I get past the xp firewall for internet
control to work?


You can disconnect the MS Windows XP firewall:

Start > Settings > Control Panel

Double click on the Windows Firewall icon.
Under the General tab click the Off (Not Recommended) option
button.


Doesn't the WinXP firewall allow you to run in a mode that will
prompt you to allow certain running processes through it? Wouldn't
it be better to authorize the particular component to get through
the firewall, rather than to run naked, with no firewall at all?

Remember: a firewall protects you in *both* directions. Yes, the
dedicated LAN firewall protects your WinXP box with the firewall OFF
from outside connections, but it does nothing to prevent the machine
from connecting outward if it's infected with something nefarious.
While the outgoing connections may or may not be blocked by the
LAN's firewall (depends on how they are implemented), it isn't going
to protect other computers on the LAN *inside the hardware
firewall*.

So, it's better to have the WinXP firewall ON if you can get it to
allow your particular control to connect through it.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc
Nov 13 '05 #3

P: n/a
win xp is part of a sb2003 domain so turning off firewall is not available
in the control panel.

Regards

"MGFoster" <me@privacy.com> wrote in message
news:LX*****************@newsread1.news.pas.earthl ink.net...
John wrote:
Hi

I am using ms internet control in my app. It works fine form all machines except from a new one which has win xp sp2 installed. All machines are part of a small business server 2003 domain so have the isa server firewall
client as well. Unfortunately I can't find a way to disable xp firewall once it is connected to the domain. How do I get past the xp firewall for
internet control to work?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You can disconnect the MS Windows XP firewall:

Start > Settings > Control Panel

Double click on the Windows Firewall icon.
Under the General tab click the Off (Not Recommended) option button.
--
MGFoster:::mgf00 <at> earthlink <decimal-point> net
Oakland, CA (USA)

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBQlcbboechKqOuFEgEQJkcQCffFszSlohgB3vJpBjMivk/gsmGs4AniKs
lUJrq1XxddP1dV69IpN5fiIH
=EfWx
-----END PGP SIGNATURE-----

Nov 13 '05 #4

P: n/a
Not sure how to do this when xp is part of sbs2003 domain.

Thanks

Regards

"David W. Fenton" <dX********@bway.net.invalid> wrote in message
news:Xn**********************************@24.168.1 28.86...
MGFoster <me@privacy.com> wrote in
news:LX*****************@newsread1.news.pas.earthl ink.net:
John wrote:

I am using ms internet control in my app. It works fine form all
machines except from a new one which has win xp sp2 installed.
All machines are part of a small business server 2003 domain so
have the isa server firewall client as well. Unfortunately I
can't find a way to disable xp firewall once it is connected to
the domain. How do I get past the xp firewall for internet
control to work?


You can disconnect the MS Windows XP firewall:

Start > Settings > Control Panel

Double click on the Windows Firewall icon.
Under the General tab click the Off (Not Recommended) option
button.


Doesn't the WinXP firewall allow you to run in a mode that will
prompt you to allow certain running processes through it? Wouldn't
it be better to authorize the particular component to get through
the firewall, rather than to run naked, with no firewall at all?

Remember: a firewall protects you in *both* directions. Yes, the
dedicated LAN firewall protects your WinXP box with the firewall OFF
from outside connections, but it does nothing to prevent the machine
from connecting outward if it's infected with something nefarious.
While the outgoing connections may or may not be blocked by the
LAN's firewall (depends on how they are implemented), it isn't going
to protect other computers on the LAN *inside the hardware
firewall*.

So, it's better to have the WinXP firewall ON if you can get it to
allow your particular control to connect through it.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc

Nov 13 '05 #5

P: n/a
"John" <Jo**@nospam.infovis.co.uk> wrote in
news:42*********************@news-text.dial.pipex.com:
"David W. Fenton" <dX********@bway.net.invalid> wrote in message
news:Xn**********************************@24.168.1 28.86...
MGFoster <me@privacy.com> wrote in
news:LX*****************@newsread1.news.pas.earthl ink.net:
> John wrote:

>> I am using ms internet control in my app. It works fine form
>> all machines except from a new one which has win xp sp2
>> installed. All machines are part of a small business server
>> 2003 domain so have the isa server firewall client as well.
>> Unfortunately I can't find a way to disable xp firewall once
>> it is connected to the domain. How do I get past the xp
>> firewall for internet control to work?
>
> You can disconnect the MS Windows XP firewall:
>
> Start > Settings > Control Panel
>
> Double click on the Windows Firewall icon.
> Under the General tab click the Off (Not Recommended) option
> button.


Doesn't the WinXP firewall allow you to run in a mode that will
prompt you to allow certain running processes through it?
Wouldn't it be better to authorize the particular component to
get through the firewall, rather than to run naked, with no
firewall at all?

Remember: a firewall protects you in *both* directions. Yes, the
dedicated LAN firewall protects your WinXP box with the firewall
OFF from outside connections, but it does nothing to prevent the
machine from connecting outward if it's infected with something
nefarious. While the outgoing connections may or may not be
blocked by the LAN's firewall (depends on how they are
implemented), it isn't going to protect other computers on the
LAN *inside the hardware firewall*.

So, it's better to have the WinXP firewall ON if you can get it
to allow your particular control to connect through it.


Not sure how to do this when xp is part of sbs2003 domain.


Irrelevant, unless your domain server has a group policy that
disables the full functionality of the WinXP firewall.

Of course, I'm assuming the WinXP firewall is designed properly, and
allows authorization by process and not just by port (i.e., you can
tell it to let the FireFox executable access port 80, but not any
other port, and all other excecutables prohibited from using port
80).

If it doesn't allow that, then it's a miserable piece of trash that
you might as well completely disable.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc
Nov 13 '05 #6

P: n/a
"John" <Jo**@nospam.infovis.co.uk> wrote in
news:42*********************@news-text.dial.pipex.com:
win xp is part of a sb2003 domain so turning off firewall is not
available in the control panel.


Are you logged on as an administrator when you check this?

If so, then your sysadmin needs to adjust policies on your domain
controller to allow you configure the firewall.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc
Nov 13 '05 #7

P: n/a
Br
MGFoster wrote:
John wrote:
Hi

I am using ms internet control in my app. It works fine form all
machines except from a new one which has win xp sp2 installed. All
machines are part of a small business server 2003 domain so have the
isa server firewall client as well. Unfortunately I can't find a way
to disable xp firewall once it is connected to the domain. How do I
get past the xp firewall for internet control to work?
You can disconnect the MS Windows XP firewall:

Start > Settings > Control Panel

Double click on the Windows Firewall icon.
Under the General tab click the Off (Not Recommended) option button.


You can't do this if Windows security policy is dictated by the domain
you are connected to.

Br@dley
Nov 13 '05 #8

P: n/a
Br
David W. Fenton wrote:
"John" <Jo**@nospam.infovis.co.uk> wrote in
news:42*********************@news-text.dial.pipex.com:
"David W. Fenton" <dX********@bway.net.invalid> wrote in message
news:Xn**********************************@24.168.1 28.86...
MGFoster <me@privacy.com> wrote in
news:LX*****************@newsread1.news.pas.earthl ink.net:

John wrote:

> I am using ms internet control in my app. It works fine form
> all machines except from a new one which has win xp sp2
> installed. All machines are part of a small business server
> 2003 domain so have the isa server firewall client as well.
> Unfortunately I can't find a way to disable xp firewall once
> it is connected to the domain. How do I get past the xp
> firewall for internet control to work?

You can disconnect the MS Windows XP firewall:

Start > Settings > Control Panel

Double click on the Windows Firewall icon.
Under the General tab click the Off (Not Recommended) option
button.

Doesn't the WinXP firewall allow you to run in a mode that will
prompt you to allow certain running processes through it?
Wouldn't it be better to authorize the particular component to
get through the firewall, rather than to run naked, with no
firewall at all?

Remember: a firewall protects you in *both* directions. Yes, the
dedicated LAN firewall protects your WinXP box with the firewall
OFF from outside connections, but it does nothing to prevent the
machine from connecting outward if it's infected with something
nefarious. While the outgoing connections may or may not be
blocked by the LAN's firewall (depends on how they are
implemented), it isn't going to protect other computers on the
LAN *inside the hardware firewall*.

So, it's better to have the WinXP firewall ON if you can get it
to allow your particular control to connect through it.


Not sure how to do this when xp is part of sbs2003 domain.


Irrelevant, unless your domain server has a group policy that
disables the full functionality of the WinXP firewall.

Of course, I'm assuming the WinXP firewall is designed properly, and
allows authorization by process and not just by port (i.e., you can
tell it to let the FireFox executable access port 80, but not any
other port, and all other excecutables prohibited from using port
80).

If it doesn't allow that, then it's a miserable piece of trash that
you might as well completely disable.


I think SBS2003 has a default group policy that enables Windows firewall
but locks users from modifying any settings.

My problem with it is I can't ENABLE windows firewall for other netwrork
connections (for when I'm not on the domain at work).

Br@dley
Nov 13 '05 #9

P: n/a
"Br@dley" <no*****@4u.com> wrote in
news:k8*****************@news-server.bigpond.net.au:
MGFoster wrote:
John wrote:
I am using ms internet control in my app. It works fine form all
machines except from a new one which has win xp sp2 installed.
All machines are part of a small business server 2003 domain so
have the isa server firewall client as well. Unfortunately I
can't find a way to disable xp firewall once it is connected to
the domain. How do I get past the xp firewall for internet
control to work?

You can disconnect the MS Windows XP firewall:

Start > Settings > Control Panel

Double click on the Windows Firewall icon.
Under the General tab click the Off (Not Recommended) option
button.


You can't do this if Windows security policy is dictated by the
domain you are connected to.


I don't quite understand how this could be a default policy for
SBS2003, which was released before the new WinXP SP2 firewall even
existed.

Is it that you don't have access to the admin tools in Control
Panel? If so, then perhaps you need to log in as a domain
administrator to get access to these controls. It would make little
sense at all to disallow any control of the workstation firewall by
any user, no matter what their level of permissions.

Indeed, none of it makes any sense to me at all as a default
security policy, as disabling all user control of the firewall
settings rather defeats the purpose of a software firewall running
on a workstation. That is, if you can't decide which processes to
grant permission to a port, then it's going to get in the way far
more often than it's going to help.

Of course, that might be another one of Microsoft's "sour grapes"
strategies, as with the Draconian Outlook security patch, which in
its original version made Outlook basically unusable, but allowed MS
to say "see, we told you that you could have either security or ease
of use, but not both." MS was wrong in that case, and if they are
doing the same thing with the WinXP SP2 firewall, they are
completely wrong yet again.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc
Nov 13 '05 #10

P: n/a
Br
David W. Fenton wrote:
"Br@dley" <no*****@4u.com> wrote in
news:k8*****************@news-server.bigpond.net.au:
MGFoster wrote:
John wrote:
I am using ms internet control in my app. It works fine form all
machines except from a new one which has win xp sp2 installed.
All machines are part of a small business server 2003 domain so
have the isa server firewall client as well. Unfortunately I
can't find a way to disable xp firewall once it is connected to
the domain. How do I get past the xp firewall for internet
control to work?
You can disconnect the MS Windows XP firewall:

Start > Settings > Control Panel

Double click on the Windows Firewall icon.
Under the General tab click the Off (Not Recommended) option
button.


You can't do this if Windows security policy is dictated by the
domain you are connected to.

I don't quite understand how this could be a default policy for
SBS2003, which was released before the new WinXP SP2 firewall even
existed.
Didn't windows still have a firewall before SP2?

Perhaps it's because most people have updated SBS2003 to SP1 and have
run the security wizards as suggested by MS? :)
Is it that you don't have access to the admin tools in Control
Panel? If so, then perhaps you need to log in as a domain
administrator to get access to these controls. It would make little
sense at all to disallow any control of the workstation firewall by
any user, no matter what their level of permissions.

Indeed, none of it makes any sense to me at all as a default
security policy, as disabling all user control of the firewall
settings rather defeats the purpose of a software firewall running
on a workstation. That is, if you can't decide which processes to
grant permission to a port, then it's going to get in the way far
more often than it's going to help.
I think you still have permission to add new programs to the "allow"
list but you can't turn the firewall off (or on for other connections
which is rather dumb).
Of course, that might be another one of Microsoft's "sour grapes"
strategies, as with the Draconian Outlook security patch, which in
its original version made Outlook basically unusable, but allowed MS
to say "see, we told you that you could have either security or ease
of use, but not both." MS was wrong in that case, and if they are
doing the same thing with the WinXP SP2 firewall, they are
completely wrong yet again.


Br@dley
Nov 13 '05 #11

This discussion thread is closed

Replies have been disabled for this discussion.