How to monitor the SP2 Firewall exceptions made by the users? [Archive]

View Full Version : How to monitor the SP2 Firewall exceptions made by the users?

Berni

October 6th 04, 10:00 PM

Hi Guys,

We are testing XP SP2 in our environment and due that we don't know all
applications that are installed on all systems, we will allow program
exceptions on the test systems.
Is there any way to monitor the exceptions made by the users?
We want to document the exceptions made by the users in order to later apply
a GPO with that exceptions.
At the same time I have a question about ICMP traffic, I have run "netsh
firewall show icmpsetting" but it didn't show anything. ICMP is blocked on
the standard profile over GPO and is not blocked in the domain profile that
is also applied by GPO.
How can I verify (if I don't know the GPO settings) if ICMP traffic is
allowed or not? Or is this a bug of the netsh command?

Thanks in advance for any infos.

Cheers,

Berni

gary

October 6th 04, 10:50 PM

you sure don't know much about security of your network if
you are relying on the xp firewall.

>-----Original Message-----
>Hi Guys,
>
>We are testing XP SP2 in our environment and due that we
don't know all
>applications that are installed on all systems, we will
allow program
>exceptions on the test systems.
>Is there any way to monitor the exceptions made by the users?
>We want to document the exceptions made by the users in
order to later apply
>a GPO with that exceptions.
>At the same time I have a question about ICMP traffic, I
have run "netsh
>firewall show icmpsetting" but it didn't show anything.
ICMP is blocked on
>the standard profile over GPO and is not blocked in the
domain profile that
>is also applied by GPO.
>How can I verify (if I don't know the GPO settings) if
ICMP traffic is
>allowed or not? Or is this a bug of the netsh command?
>
>Thanks in advance for any infos.
>
>Cheers,
>
>Berni
>
>
>.
>

Torgeir Bakken \(MVP\)

October 7th 04, 06:46 PM

Berni wrote:

> We are testing XP SP2 in our environment and due that we don't know all
> applications that are installed on all systems, we will allow program
> exceptions on the test systems.
> Is there any way to monitor the exceptions made by the users?
Hi

This command will list the allowed program exceptions:

netsh.exe firewall show allowedprogram

In registry, the exceptions will be listed here (note that the entries
that are enabled there have :Enabled: in the entry data):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess
\Parameters\FirewallPolicy\DomainProfile\Authorize dApplications\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess
\Parameters\FirewallPolicy\StandardProfile\Authori zedApplications\List

--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx