This is in regards to working on machines before joining the machine to a domain and although I would love to rely on GPO, that isn't an option at this time.
In the environment I'm working in, the firewall policy is to use a 3rd party Firewall app from an Total Endpoint Solution, so I have to disable the default Windows Firewall top prevent conflicts. I do this using a script that I run at the end of an imagine process or manually on systems I haven't reimaged. For a while, I was able to manage this using:
netsh advfirewall set allprofiles state off
However, that stopped working for some reason. So, I found I needed to clear the local security policy (manually):
Local Security Policy MSC > Windows Firewall with Advanced Security
Right-Click Windows Firewall with Advanced Security - Local Group Policy Object
Clear Policy
This was the script I used to avoid doing it manually:
secedit /configure /db reset /cfg securityprofile
A combination of both steps was working for about a month, then, for no apparent reason, it stopped working.
I began testing a registry hack to achieve what I needed, and it is giving me mixed results. I have two sets keys with profiles I need to change; for Local Profiles:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall"=dword:00000000
For Domain Profiles:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
The problem I'm having is that the Local Profile keeps regenerating the original settings with the firewall on. I've tried:
- a) Apply Both Registry Hacks
- b) Reboot
- Result on newly imaged machine) no luck
Result on old machine used for testing) good to go
a) Apply Local Policy Registry Hack
- b) Reboot
- Result on newly imaged machine) no luck
Result on old machine used for testing) good to go
a) use secedit to clear Local Security Policy
- b) Apply Both Registry Hacks
- c) Reboot
- Result on newly imaged machine) no luck
Result on old machine used for testing) good to go
a) use secedit to clear Local Security Policy
- b) Apply Local Policy Registry Hacks
- c) Reboot
- Result on newly imaged machine) no luck
- Result on old machine used for testing) good to go
My goal is to disable the Windows Firewall via script/automation. Any thoughts?
Note: this is prior to joining the machines to the domain. If I manually clear the Local Security Policy from the MSC, then the registry hacks will work. netsh
still won't work and I don't want to have to manually clear the policy for every imaged machine.