Windows 7: How to enable firewall disabled by global policy on a computer joined to a domain?

windows-7 firewall
27,583

Solution 1

The registry key you want to target is 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\

Make the DWord = 0.

That's funny that you have access to that registry key. That just means any Group policy updates that get pushed down are ineffective since you can just overwrite it. While I sympathize with other IT workers, this is not really excusable. . .

It means you have all sorts of hacks available to you, including disabling Group Policy updates from the domain controller. But that would raise suspicions. But if you want, Microsoft's Technet actually tells you how to disable the updates.

I would go with changing the update interval. That is more subtle.

I feel your pain though.

Software developers get no love. IT folks don't get any love either. I have a hard time explaining to people that I don't make the rules. We gotta make painful decisions because of laws, regulations, and cost inefficiencies. It sucks. Just like developers, we are asked to do everything fast, perfect and for cheap.

At the same time, IT has a job to do and you are only making it harder on others, which they in turn increase the control on your computers, which forces you to be more clever. . . You are smart enough to see where this is going.

Really, this is just a short term solution to a long term problem. You aren't going to gain any trust by braggin about number of processes or calling people bots.

BTW, you should know as a developer that # of process != performance.

Edit

I don't sympathize with IT departments that make make users admins, simply cause it is easier. It really isn't that hard to create a power user group with install priviledges, etc etc.

Solution 2

Sorry, you can't in the long run. If you are a local admin, you could probably change it in the registry, but the default update interval on group policy is 90 minutes, meaning it would change it back then every 90 munites...a real pain in the butt.

If you really want it enabled, and you are on a network where you can talk to your admin, ask them to do this:

Create a new OU and move your computer to it. They can then make a copy of the current GP renamed, and then make the change you requested. They would then link the changed GP to the new OU.

Whether they will do this or not it is hard to say. For me, it would mostly depend on it you left the ports open I needed to manage your computer (this might negate your reason for doing it though), otherwise I have no problem with a user wanting to be a bit more secure.

Share:
27,583

Related videos on Youtube

Dean Kuga
Author by

Dean Kuga

Updated on September 18, 2022

Comments

  • Dean Kuga
    Dean Kuga almost 2 years

    On a Windows 7 Enterprise 64-bit laptop joined to a corporate domain, the Windows Firewall is disabled by a global policy.

    Is there any way to enable the Windows Firewall in this scenario?

    The gpedit.msc setting Windows Firewall: Protect all network connections is inaccessible.

    EDIT: It appears that changing HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Start value to 4 will disable the GPO and allow you to start the firewall and stop the bots from pushing cr*p to your computer... will check on Monday and if it works I'll confirm here in case someone else in my situation wonders upon this question...

    EDIT: It's probably better if I write a mock windows service not doing anything and name it according to what is expected to be on my box and than crete mock McCrappy executable and mock McCrappy folder structure and remove all the actual stuff... That would take a little time but would most certainly make my box completely stealthy...

  • hicklypups
    hicklypups almost 13 years
    P.S. It is kind of against informal policy here to help anyone get around settings enforced by administrators.
  • Dean Kuga
    Dean Kuga almost 13 years
    Even if administrators are corporate bots who were told to push the virus named McAfee, which renders a computer pretty much useless, to every workstation on the domain even if they already have Security Essentials installed? Reasoning with corporate bots is useless so when you start typig in your Visual Studio and nothing appears on the screen for 10 seconds workarounds are all you have left unfortunatelly...
  • Dean Kuga
    Dean Kuga almost 13 years
    Anyway, do you know what key needs to be changed in the registry? I can schedule a job that will change the registry every 90 minutes if you do... my goal is to prevent the bots from pushing the McAfee virus to my workstation...
  • Ƭᴇcʜιᴇ007
    Ƭᴇcʜιᴇ007 almost 13 years
    @kzen - the 'bots' are probably responsible for the network-wide security and MS Security Essentials doesn't provide the centralized management that McAfee offers. Just remember, you're not using your computer. PS: using MS Security Essentials in a business with more than 10 users is against the license. If you installed it you may be risking trouble for installing illegal applications on your company's system.
  • Ravindra Bawane
    Ravindra Bawane almost 13 years
    If you are waiting that long for text to show up, you have different problems besides McCrappee. You should start complaining about system slowness and showing how slow your computer is to anyone who'll listen, IT or not. It could be you have loads of software running that you don't need (how many icons are there next to your clock that you have no idea what they are?), or you may just need a little more computer memory (this is pretty cheap and in all likelihood IT has spare chips lying around you could use).
  • Dean Kuga
    Dean Kuga almost 13 years
    @music2myear Who is we? You are a moderator or a StackExchange spokesperson? FYI I'm a software developer with over 20 years of experience with computers and most certainly do not have "loads of software running that I don't need". I also most certainly have no icons in my tray that I "have no idea what they are". As a matter a fact when my laptop boots I have less than 20 processes running and I personally upraded my laptop to 8 GB of RAM so RAM is not an issue. My problem is McCrapy they are trying to push wich grinds my laptop to a halt.
  • Dean Kuga
    Dean Kuga almost 13 years
    Finally, to anyone else who is about to warn me that this is not my computer and that those poor sods are just doing they job just live me the F alone and please do not comment here unless you know how to enable the freaking firewall disabled by GPOL... that is unless you write code every day for a living and know exactly how frustrating it can get in a corporate environment with all the red tape and layers upon layers of admin leeches who are "just doing their job" even if that means making your job as a software developer harder and harder with every new admin "idea" they come up with...
  • Dean Kuga
    Dean Kuga almost 13 years
    Thanks for that registry key, I understand your point of view but just as I don't understand the specifics of your situation, no one understand the specifics of mine. So when I get condesending comments about not knowing what runs on my computer and the number of icons next to my clock assuming I'm a noob or just out of school or something I get a little annoyed and fire off. I was an admin myself before becoming a developer and had to deal with hacks othes tried to pull off and hated that job more than having to deal with ppl who blindly follow rules and just push McCrappy to developer boxes.
  • Dean Kuga
    Dean Kuga almost 13 years
    However, my problem is not with IT admins, after all they just implement policies "well thought out" by others but with the layers of administration built on top of IT that doesn't really do anything useful but constantly try to "invent", impose and enforce new garbage on developers AND other IT people in order to simply justify their existance and their days filled with productive meetings.
  • Dean Kuga
    Dean Kuga almost 13 years
    When we get to the point that it takes more time for us to go through layers upon layers of red tape they invented to justify their existence in order to get something done, than to actually write the code and create something useful and it still doesn't dawn on them that they must be doing something wrong we are entering the area where, at least in my opinion, anything is allowed to protect yourself from these aparatchiks...
  • ta.speot.is
    ta.speot.is almost 13 years
    I don't understand the start of your rant, you can only edit that registry key if you're an admin on the box. If you're an admin on the box, all bets are off.
  • Dean Kuga
    Dean Kuga almost 13 years
    @todda Writing good software is difficult enough without having to deal with people who are constantly making your life harder instead of helping which ought to be their job, so when you experience that you can call my venting a rant... and yes I am an admin on the box...
  • surfasb
    surfasb almost 13 years
    @kzen: I totally agree. Rumors are Bill Gates decided to retire cause he was tired of dealing with all the layers of management. Reading stories of early Gates makes this believable. He was a bit high strung, but an admirable passion. I'd just recursively modify the GPupdate interval and the relevant firewall keys and you should be good. I totally agree though. Writing good code is hard enough as is, no matter what language.
  • surfasb
    surfasb almost 13 years
    Reminds me of this conversation going on... programmers.stackexchange.com/questions/92862/…
  • hicklypups
    hicklypups almost 13 years
    @kzen I don't know why you insulted me. I just told you nicely how it works around here. Now as far as you being an ass, if you don't want to be here, so be it...leave. You are wrong about one thing: I may not write programs like you do (although you pro ably write crap that is so esoteric, no one has ever heard of it), but I do create networks that just work for my clients. I have been in charge of 52,000 e-mail users for a Fortune 50 company. I doubt you have ever had that kind of responsibility, or were good enough to. Now grow up: If you need something fixed, go to your IT dept.
  • Ravindra Bawane
    Ravindra Bawane almost 13 years
    @kzen: I have written code, but yes, you have at least got my current job correct. As a support person, judging the average questioner on this site, and in my extensive experience supporting both average and high-end users such as yourself, I was simply addressing common causes I have observed. In a forum like this, unless something is spelled out explicitly, assumptions are necessary. I'm sorry I assume incorrectly in your case and am glad you've done what you can to get your systems working the way you want. Regarding my wanting to pull people down: I don't appreciate your insinuation.
  • Ravindra Bawane
    Ravindra Bawane almost 13 years
    @kzen: Regarding GP and circumventing functioning policy, this is possible but essentially futile. Possible because you can always change the registry keys, start the service, and it will generally run. Futile because the GP is usually set to poll and enforce at regular intervals and will simply reset the desired system state at that point unless you've removed the cached GP and isolated yourself from the domain.
  • ta.speot.is
    ta.speot.is almost 13 years
    @kzen the comment was directed at surfasb

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to cut off Steam from the internet in windows?
Port forwarding - ports STILL not open with W7 firewall disabled, and router configured correctly
Does disabling the 'Windows Firewall' service actually work?
tracert command is not working but able to access the same site through browsers
Windows Firewall blocking broadcast messages, can't get it to allow
How to connect to Windows 7 via VPN?
Find out what Windows 7 Firewall is blocking to prevent Client / Server communication
Why Windows Firewall does not block outgoing traffic?
Windows firewall - block all incoming connections enable/disable - CREATE SCRIPT
How to block all websites but a few with Windows 7 Firewall