Only local administrators can successfully execute scripts or custom configuration programs for firewall settings from an email message, a file share, a Web page or the logon script.
Using Group Policy
• Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile
• Windows Firewall: Protect all network connections
Disable
• Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Standard profile
• Windows Firewall: Protect all network connections
Disable
When Group Policy cannot be used or is not used, you have the following options to configure Windows Firewall settings for computers running Windows XP with SP2. Because of the requirement of the user being the local administrator of the workstation, you will have to employ RUNAS or a RUNAS wrapper to push these changes. A nice RUNAS wrapper by Forum Member Greg Palmer:
Method #1: Push registry changes through the logon script or otherwise
The registry keys to add to disable Windows Firewall for both the domain and standard profiles are the following:
• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
\DomainProfile \EnableFirewall=0
(DWORD data type)
• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
\StandardProfile \EnableFirewall=0
(DWORD data type)
Method #2: Use Netsh.exe Scripting
NETSH FIREWALL set opmode mode = DISABLE profile = ALL
For Unattended installation and other options, see:
