How do I turn off the Windows Firewall when it's grayed out

Discussion in 'OT Technology' started by Gen5_EG, Aug 14, 2006.

  1. Gen5_EG

    Gen5_EG :)

    Joined:
    Oct 15, 2001
    Messages:
    468
    Likes Received:
    0
    Location:
    Hawaii
    The "Off" setting is grayed out and it says that it is controlled by a group policy. What can I do to turn this off? I need to communicate with a crossover cable and need to control an IP device, but it's not allowing me to do it because of the firewall issue. Another laptop that I used doesn't have this group policy setting and it works just fine. I would like to get it to work with my laptop, but need to resolve this.
     
  2. Coottie

    Coottie BOOMER......SOONER OT Supporter

    Joined:
    Jun 6, 2006
    Messages:
    32,407
    Likes Received:
    0
    Location:
    OKC
    Log in as the admin of the machine
     
  3. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Are you on a domain? If you are, there's nothing you can do. Domain policy > Local Administrative Policy > *
     
  4. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    Actually, if he is an admin on the local machine he can temporarily remove the GPO setting policy by editing the policy in the registry. It won't turn back on until the next policy refresh. Not sure what it is for that one off the top of my head but I'm sure it's in here (use the search in the top/left):

    http://www.winguides.com/registry/
     
  5. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    What good will that do? What if the policy refreshes every ten minutes?
     
  6. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    GPO's refresh every 90 minutes by default. Since policy refreshes are somewhat resource intensive on the domain no one with a clue is going to set it to 10 minutes.

    Also most user policies won't go back into effect until the user logs off and back on or a policy is "forced" to refresh (the policy keys are written at login to the ntuser.dat).
     
  7. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Ten minutes was just an example; my real point was, so what if he can disable the firewall for a couple of hours? It doesn't get him past the problem that the firewall will be re-enabled the next time he logs on.
     
  8. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    It depends on how he needs to use the crossover link. If it's just for a period of time this will work. If not then he needs to get a domain admin to exempt him from the GPO or modify it to allow the connection. Either way it will at least buy him a window to use it.

    There is a way to completely block it on the machine but it's too easy to screw up to go into and would affect more than just that particular policy.
     
  9. Gen5_EG

    Gen5_EG :)

    Joined:
    Oct 15, 2001
    Messages:
    468
    Likes Received:
    0
    Location:
    Hawaii
    If I'm not going to log in to the network, and just do things locally through a hub, that would be possible. But I have no idea what the admin user name and password is for the computer locally and to log in to the computer in stand-alone. I wasn't the one who set it up, so I dont know how to find this out.
     
  10. Coottie

    Coottie BOOMER......SOONER OT Supporter

    Joined:
    Jun 6, 2006
    Messages:
    32,407
    Likes Received:
    0
    Location:
    OKC
    huh??

    You are going to do things locally through a hub?? That doesn't make any sense. Either you are local (i.e. NOT connected to a network) or you are connected to a network. If you are connected to a network, then you have probably not been given admin rights. Contact your network admin.
     
  11. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    If you don't have local admin rights then you are hosed. Someone with admin rights will have to set it up for you.
     

Share This Page