Cannot change firewall settings
Joshua Wood
I've just updated this machine after being away for a year, so now
have xp pro SP2 and all upto date. I noticed however an issue with the
new firewall. All the options to turn it on/off are GREYED OUT and
disabled. At the top it reads:
For your security, some settnigs are controlled by Group Policy.
It is a stand alone machine (it is attached to a network but it's just
peer to peer, not domain), and I have never touched any policies
whatsoever.
The Windows Firewall/ICS service has this error when double clicking
it:
Configuration Manager: The Specified device instance handler does not
correspond to a present device.
It will then open the service allowing me to make alterations. It is
AUTO and STARTED. All settings are the same as an XP home machine
which functions correctly, and I have not channged anything in here
either. (ie, it should be the default settings)
After not finding much on the internet (and I've tried reregisted dlls
and running netsh firewall reset etc etc, and even netsh winsock
reset), I uninstalled SP2 and then reinstalled it. Firewall wasn't
even isntalled as seen here:
http://windowsxp.mvps.org/sharedaccess.htm
After installing the registry entry and rebooting I'm back to how I
was before.
I did have some spyware/trojans on my system before I initially
installed SP2 and the other upgrades, but that's all gone now, so a
reinstall should have fixed things.
Any help as to how I fix these issues? I don't use the windwos
firewall but I'm always concerned when there are errors.
Much thanks,
Josh
Ramesh, MS-MVP
See if this helps:
You cannot start the Windows Firewall service in Windows XP Service Pack 2:
http://support.microsoft.com/kb/892199
-and-
From Start/Run, type Gpedit.msc and navigate to:
Computer Configuration
=> Administrative Templates
=> System
=> Network
=> Network Connections
=> Windows Firewall
=> Standard Profile
Set the following options to "Not Configured" (defaults)
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Define program exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow file and printer sharing exception
Windows Firewall: Allow ICMP exceptions
Windows Firewall: Allow Remote Desktop exception
Windows Firewall: Allow UPnP framework exception
Windows Firewall: Prohibit notifications
Windows Firewall: Allow logging
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests
Windows Firewall: Define port exceptions
Windows Firewall: Allow local port exceptions
--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:bjjek1leo5m0qdrrp...@4ax.com...
Joshua Wood
However, nothing in that KB seems to relate to me, I don't get any of
the errors listed, and all the solutions listed are how my system
already is. Also, the polices listed below are already set to Not
Configured. As are the domain ones.
I'm wondering if SP2 is thinking my machine is on a domain or
something somehow, how can I check this? My network setup says my
machine is part of a workgroup, and not a domain....
Also, the firewall service is started and running ok, but I still get
that error when trying to access it's properties from the service
menu.
I've noticed this account in my local security policy settings, not
sure what it belongs to, or how to find out, or if it is having any
effect:
*S-1-5-21-1229272821-1677128483-854245398-1002 and
*S-1-5-21-1229272821-1677128483-854245398-1004 and
*S-1-5-21-1229272821-1677128483-854245398-1005
Any more ideas? I'm wondering if the spyware/trojan has someone
altered something in one of my group/local polices... and how to reset
them perhaps? Or how to debug them. I haven't touched any of this
stuff myself.
Much thanks,
Josh
Ramesh, MS-MVP
Can you check if the WindowsFirewall policy keys are present in the
registry?
Open Regedit.exe and navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
(and)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
In the right-pane, delete the "EnableFirewall" value.
Close Regedit.exe and restart.
--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:9hpek115u5mgfslff...@4ax.com...
Joshua Wood
I deleted these keys from the standard and the domian entries. Upon
reboot I can now change my firewall settings from control panel |
Firewall.
So progress!
However, it still says at the top of the firewall settings:
For your security, some settings are controlled by group policy.
I doubt that they are, and that whatever I just did was a "haclk"
around my problems.
When I double click on the firewall service I still get the:
"Configuration Manager: The specified device instance handle does not
correspond to a present device" error, same as before.
I click OK and it will then bring up the settings for the service, as
before.
Josh
On Sat, 8 Oct 2005 12:02:50 +0530, "Ramesh, MS-MVP"
<ram...@XOX.mvps.org> wrote:
>Josh,
>
>Can you check if the WindowsFirewall policy keys are present in the
>registry?
>
>Open Regedit.exe and navigate to:
>
>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil苟
>(and)
>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf虹le
Ramesh, MS-MVP
The entire "WindowsFirewall" can be deleted (backup to a REG file first). I
have no idea about the "Configuration Manager" error, but will look into
that.
--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:gl0fk110jl9ubm808...@4ax.com...
> Both keys are present, with a value of 0.
> I deleted these keys from the standard and the domian entries. Upon
> reboot I can now change my firewall settings from control panel |
> Firewall.
> So progress!
>
> However, it still says at the top of the firewall settings:
> For your security, some settings are controlled by group policy.
>
> I doubt that they are, and that whatever I just did was a "haclk"
> around my problems.
>
> When I double click on the firewall service I still get the:
> "Configuration Manager: The specified device instance handle does not
> correspond to a present device" error, same as before.
>
> I click OK and it will then bring up the settings for the service, as
> before.
>
> Josh
>
> On Sat, 8 Oct 2005 12:02:50 +0530, "Ramesh, MS-MVP"
> <ram...@XOX.mvps.org> wrote:
>
>>Josh,
>>
>>Can you check if the WindowsFirewall policy keys are present in the
>>registry?
>>
>>Open Regedit.exe and navigate to:
>>
>>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
>>(and)
>>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
Joshua Wood
mentioned.... since that still implies to me that something has been
changed on my system (which might have been done via the trojans). So
if you can find anything more about resetting/fixing that, that would
be much apprecaited also.
Thanks for the help so far.
Josh
On Sat, 8 Oct 2005 17:45:05 +0530, "Ramesh, MS-MVP"
<ram...@XOX.mvps.org> wrote:
>Josh,
>
Joshua Wood
Josh
Ramesh, MS-MVP
Does deleting the WindowsFirewall entry help?
From my previous post:
<quote>
The entire "WindowsFirewall" can be deleted (backup to a REG file first).
</quote>
Still no clue about the "Configuration Manager..." error. In case you want
to apply SP2 again, use the walkthrough here:
http://support.microsoft.com/default.aspx?kbid=875364&product=windowsxpsp2
--
Ramesh, Microsoft MVP
Windows XP Shell/User
Windows XP Troubleshooting
http://www.winhelponline.com
"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:r5fuk19kncj2gdfdr...@4ax.com...
Joshua Wood
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil苟
(and)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf虹le
as you suggested, makes the firewall (appear) to work. Already I could
turn it on/off from the "Enabled" key deletion, but now it says either
"Your PC is not protected" or "It is..." and no longer mentions
anything about group policy settings, which is great.
I still get the configuration manager error with the service though.
How come the firewall service wasn't even installed when I reinstalled
SP2 though? That's strange to me, the whole firewall section was
missing. Should I try to reinstall SP2 over the top of itself? I'm not
keen on removing and then reinstalling SP2 if I can help it.
I'm also interested to know why the firewall works correctly WITHOUT
any registry entries, and did not work WITH them... perhaps this might
give you some clues to the service error?
Much thanks again,
Josh
On Fri, 14 Oct 2005 10:37:06 +0530, "Ramesh, MS-MVP"
<ram...@XOX.mvps.org> wrote:
>Josh,
>
Ramesh, MS-MVP
>> I'm also interested to know why the firewall works correctly WITHOUT
any registry entries, and did not work WITH them... perhaps this might
give you some clues to the service error?
The entries that you deleted are Policy related entries, and they are not
required. Whereas the HKEY_LOCAL_MACHINE\...Service.....Sharedaccess key is
necessary for the service to be listed.
>> Should I try to reinstall SP2 over the top of itself?
Yes. I think that'll help.
--
Ramesh, Microsoft MVP
Windows XP Shell/User
Windows XP Troubleshooting
http://www.winhelponline.com
"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:k6k6l19pag63i7gv9...@4ax.com...
> Funnily enough, removing the whole firewall setting here:
> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
> (and)
> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
Joshua Wood
Josh
On Mon, 17 Oct 2005 13:03:58 +0530, "Ramesh, MS-MVP"
<ram...@XOX.mvps.org> wrote:
>Josh,
>
Joshua Wood
sort of repair/file check on it? (sfc /scannow does nothing to help)
On Mon, 17 Oct 2005 13:03:58 +0530, "Ramesh, MS-MVP"
<ram...@XOX.mvps.org> wrote:
>Josh,
>
Ramesh, MS-MVP
that'll help.
http://windowsxp.mvps.org/sharedaccess.htm
If not, the only option that I can think of, is a repair using the
slipstreamed CD.
Windows XP Service Pack 2
Slipstreaming Windows XP with Service Pack 2 (SP2):
http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp
[Automated slipstreaming] AutoStreamer 1.0.30:
http://www.majorgeeks.com/download4444.html
--
Ramesh, Microsoft MVP
Windows XP Shell/User
Windows XP Troubleshooting
http://www.winhelponline.com
"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:bmepl1l2fjqtlhqrm...@4ax.com...
Joshua Wood
>One method is here, using the rundll32 command-line, but I'm not sure
>that'll help.
>http://windowsxp.mvps.org/sharedaccess.htm
Running as suggested:
rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132
%windir%\inf\netrass.inf
I get "installation failed" as the only error msg. Does this point to
anything? The file netrass.inf exists.
Thanks,
Josh
Ramesh, MS-MVP
Reboot once and try again. No further idea apart from that.
--
Ramesh, Microsoft MVP
Windows XP Shell/User
Windows XP Troubleshooting
http://www.winhelponline.com
"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:l7erl1t99vbf1boot...@4ax.com...
Kelly
--
All the Best,
Kelly (MS-MVP/DTS&XP)
Troubleshooting Windows XP
http://www.kellys-korner-xp.com
In memory of those lost during Katrina &
Prayers and Hope for the remaining displaced.
"Joshua Wood" <t_h_e_king@h_o_t_m_a_i_l.c_o_m> wrote in message
news:bmepl1l2fjqtlhqrm...@4ax.com...
Joshua Wood
Here is the original:
Ok,
http://windowsxp.mvps.org/sharedaccess.htm
Much thanks,
Josh
Then I got the reply:
Can you check if the WindowsFirewall policy keys are present in the
registry?
Open Regedit.exe and navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil苟
(and)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf虹le
In the right-pane, delete the "EnableFirewall" value.
Then I said:
Both keys are present, with a value of 0.
I deleted these keys from the standard and the domian entries. Upon
reboot I can now change my firewall settings from control panel |
Firewall.
So progress!
However, it still says at the top of the firewall settings:
For your security, some settings are controlled by group policy.
I doubt that they are, and that whatever I just did was a "haclk"
around my problems.
When I double click on the firewall service I still get the:
"Configuration Manager: The specified device instance handle does not
correspond to a present device" error, same as before.
I click OK and it will then bring up the settings for the service, as
before.
Then I did as suggested and removed the firewall from the registry:
Funnily enough, removing the whole firewall setting here:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil苟
(and)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf虹le
as you suggested, makes the firewall (appear) to work. Already I could
turn it on/off from the "Enabled" key deletion, but now it says either
"Your PC is not protected" or "It is..." and no longer mentions
anything about group policy settings, which is great.
I still get the configuration manager error with the service though.
How come the firewall service wasn't even installed when I reinstalled
SP2 though? That's strange to me, the whole firewall section was
missing. Should I try to reinstall SP2 over the top of itself? I'm not
keen on removing and then reinstalling SP2 if I can help it. (Altready
tried it once with no luck)
Is there any way to reinstall the firewall service, or perform some
sort of repair/file check on it? (sfc /scannow does nothing to help)
Then the reply:
One method is here, using the rundll32 command-line, but I'm not sure
that'll help.
http://windowsxp.mvps.org/sharedaccess.htm
Then my response:
Running as suggested:
rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132
%windir%\inf\netrass.inf
I get "installation failed" as the only error msg. Does this point to
anything? The file netrass.inf exists.
Hope this helps, it's pretty much all our conversation. I've basically
resolved everything except:
The Windows Firewall/ICS service has this error when double clicking
it:
Configuration Manager: The Specified device instance handler does not
correspond to a present device.
It will then open the service allowing me to make alterations. It is
AUTO and STARTED. All settings are the same as an XP home machine
which functions correctly, and I have not channged anything in here
either. (ie, it should be the default settings)
Thanks,
Josh