• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Any recent automatic updates enable Windows Firewall?

R

Robor

Elite Member
We've got a WSUS server on the domain to push updates out to the clients. One of the guys here said one of the recent updates enabled the Windows Firewall. I looked at the recent updates and all I can see that could've caused this is an update dated 4/25/06 called Service Pack 2. I can't find anything that would've done this. I know SP2 enabled the firewall by default but he said SP2 was already applied and he turned Windows Firewall off.

I know Service Pack 2 has been out for a while now and I thought SP2 is SP2 in that it doesn't change or get updated. Am I incorrect here? Is the 4/25/06 SP2 update a new version of SP2? If SP2 was already applied on the machine would this 4/25/06 release be applied?
 
I'm not sure about updates enabling the firewall, but you can control the firewall with Group Policy.
 
Originally posted by: Brazen
I'm not sure about updates enabling the firewall, but you can control the firewall with Group Policy.
Click to expand...

I thought about that but didn't want to blanket disable it on the entire domain and I'm not sure who (if any) would want it. The only problem I could see is if the QA dept would be testing with it on versus off and they reload machines so often it would be a pain to manage them on an individual basis. I think I'll check with QA and see if they have a problem with it.
 
I kinda skimmed the thread so forgive me if I'm way off here.

I'm in the Networking team over here at MS and if an update got released that inadvertently flipped on the firewall my phone (in particular) would be ringing off the hook.

I would guess you have something else happening.
 
Originally posted by: Smilin
I kinda skimmed the thread so forgive me if I'm way off here.

I'm in the Networking team over here at MS and if an update got released that inadvertently flipped on the firewall my phone (in particular) would be ringing off the hook.

I would guess you have something else happening.
Click to expand...

Why? Are you using a lot of WinXP machines for servers?
 
Originally posted by: Robor
Originally posted by: Brazen
I'm not sure about updates enabling the firewall, but you can control the firewall with Group Policy.
Click to expand...

I thought about that but didn't want to blanket disable it on the entire domain and I'm not sure who (if any) would want it. The only problem I could see is if the QA dept would be testing with it on versus off and they reload machines so often it would be a pain to manage them on an individual basis. I think I'll check with QA and see if they have a problem with it.
Click to expand...

You could leave the On/Off unmanaged, but set policies so that if it is on, then certain ports are always left open. You could for instance, set a policy to always have the vnc port open, and that way at least you could access a machine to turn off or edit it's firewall if a problem arises.... just a thought.
 
Originally posted by: Smilin
I kinda skimmed the thread so forgive me if I'm way off here.

I'm in the Networking team over here at MS and if an update got released that inadvertently flipped on the firewall my phone (in particular) would be ringing off the hook.

I would guess you have something else happening.
Click to expand...

I've had 3 users (all highly technical security engineers) tell me this happened to them now.
 
Before you single out an update for the problem, have you ruled out that there isn't a GPO pushing this setting down? Run remote RSOP from GPMC against the machines in question to be sure.
 
As soon as you push out SP2, it defaults with the firewall on. You must have just approved SP2 on WUS/SUS server. You can put a blanket policy in place that disables the firewall or use GP to configure the firewall the way your company needs it configured. If you have decent hardware firewalls, you should be fine with a policy that disables it. There are 3 of us that do almost all of the group policy for my company and our default policy disables the firewall (10,000+ machines).

Edit: You can always put the machines that need it disabled in there own OU and just setup the policy on that OU. Or just filter it to a certain group and put the machines that need it disabled in that group, although this makes it tougher to keep track of your GPs.
 
Originally posted by: Robor
Originally posted by: Smilin
I kinda skimmed the thread so forgive me if I'm way off here.

I'm in the Networking team over here at MS and if an update got released that inadvertently flipped on the firewall my phone (in particular) would be ringing off the hook.

I would guess you have something else happening.
Click to expand...

I've had 3 users (all highly technical security engineers) tell me this happened to them now.
Click to expand...

An update flipping on the firewall would result in a tech support call coming directly into my team. Given the number of people applying updates I would have had a call on this by now.

All problems resulting from the application of an update or service pack are supported free of charge. I suggest you get a case open with MS and troubleshoot this down to root cause. I'm betting it is not an update causing this.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top