Since the start of term I've had some odd happensings on my network but no time to investigate. Antivirus updates failing on some machines. Some machines refusing connections from VNC and netsupport school etc. I finally got to investigate properly today and have discovered that the Windows XP firewall has been turned on on every XP SP2 machine on my entire network. According to the GPO controlling it it is turned off but the evidence is irrifutable.
Machines refuse to reply to ping until you go into GPO and add the exception for ICMP.
They refuse to accept VNC connections till I added an exception for that in the GPO.
I changed the GPO setting for windows firewall in GPO to "not defined" and then back to off restarting some sample machines in between. The goldpadlock is gone from the network connections but unless an exception is defined they are still rejecting connectiosn unless an exception is defined. If I define an additional exception and update group policy on them the connection is made imediately.
Alot of hotfixes from MS installed from WSUS after the summer break so my assumption is they did something. Has anyone else come across this?
Its home time but research via google will start on this first thing tomorrow.
What you have experienced is really interesting - I haven't seen this on my PCs at work but I have on PCs that I have been working on privately. I too was wondering if there was something in the last round of updates from MS but have so far been unable to confirm it.
I've seen a number of XP clients that seemingly have had the firewall activated without any user input.
I've ruled out Malware with a clean machine build in the testing Vlan. Firewall was on after install from the windows CD then it was off by GPO Properly after its first restart.
WSUS kicked in and restarted after the first round of updates. Firewall still off
2nd round of updates machine restarted and its back to its not showing firewall icon on the network connection but behaving very much like a firewalled machine.
Sadly that 2nd round of updates is 120+ updates depending on the machine. I'm gonna try some internet searches first cos I don't really want to get into a game of install one update at a time.
I'm wondering if there was an update to the firewall which was supposed to be acompanied by an update to the GPO that some how missed on my DCs?
On an affected machine, does the firewall say it is working in domain mode (its a line down the bottom below the off option for the firewall). Mine say "windows firewall is using your domain settings". There is also a combination of GPO options that breaks domain detection for firewall and other services as a reg key gets lost, I'll try and remember what it was.