If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
When trying to change corporate PCs from static assignments to DHCP, I
am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. |
Ads |
#2
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Rico wrote:
When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#3
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Rico wrote:
When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#4
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Yes. Only thing I see relevant is that we have disabled user access to
network settings and firewall disabled. After turning on DHCP, the firewall enables itself. Note that by doing this, GP is not updated anyway. If we rebooted (or anything that would do a GPupdate) I'm certain that the firewall would turn off, as GP forces that. Problem is, the next command I want to run is setting DNS remotely, which I can't do once the FW mysteriously turns itself on. BTW, and as USUAL, I can not find anything in the event log pertinent. "Lanwench [MVP - Exchange]" wrote: Rico wrote: When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#5
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Yes. Only thing I see relevant is that we have disabled user access to
network settings and firewall disabled. After turning on DHCP, the firewall enables itself. Note that by doing this, GP is not updated anyway. If we rebooted (or anything that would do a GPupdate) I'm certain that the firewall would turn off, as GP forces that. Problem is, the next command I want to run is setting DNS remotely, which I can't do once the FW mysteriously turns itself on. BTW, and as USUAL, I can not find anything in the event log pertinent. "Lanwench [MVP - Exchange]" wrote: Rico wrote: When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#6
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Rico wrote:
Yes. Only thing I see relevant is that we have disabled user access to network settings and firewall disabled. No user has access to that by default. After turning on DHCP, the firewall enables itself. Note that by doing this, GP is not updated anyway. I don't follow, sorry - If we rebooted (or anything that would do a GPupdate) I'm certain that the firewall would turn off, as GP forces that. Problem is, the next command I want to run is setting DNS remotely, Isn't your DHCP setting doing that (as per the psexec command)? which I can't do once the FW mysteriously turns itself on. Sure you can. You can manage your firewall exceptions via group policy. BTW, and as USUAL, I can not find anything in the event log pertinent. I'm sorry I have no more suggestions. How many machines do you need to do this on? "Lanwench [MVP - Exchange]" wrote: Rico wrote: When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#7
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Rico wrote:
Yes. Only thing I see relevant is that we have disabled user access to network settings and firewall disabled. No user has access to that by default. After turning on DHCP, the firewall enables itself. Note that by doing this, GP is not updated anyway. I don't follow, sorry - If we rebooted (or anything that would do a GPupdate) I'm certain that the firewall would turn off, as GP forces that. Problem is, the next command I want to run is setting DNS remotely, Isn't your DHCP setting doing that (as per the psexec command)? which I can't do once the FW mysteriously turns itself on. Sure you can. You can manage your firewall exceptions via group policy. BTW, and as USUAL, I can not find anything in the event log pertinent. I'm sorry I have no more suggestions. How many machines do you need to do this on? "Lanwench [MVP - Exchange]" wrote: Rico wrote: When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#8
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Really don't expect much with questions being asked/answered. (Especially
since I'm trying to avoid re-writing War And Peace. Nobody wants to see the level of detail I've spent on this.) Was hoping that somebody ran into this themselves -- and corrected it. Thanks for your stab at it. "Lanwench [MVP - Exchange]" wrote: Rico wrote: Yes. Only thing I see relevant is that we have disabled user access to network settings and firewall disabled. No user has access to that by default. After turning on DHCP, the firewall enables itself. Note that by doing this, GP is not updated anyway. I don't follow, sorry - If we rebooted (or anything that would do a GPupdate) I'm certain that the firewall would turn off, as GP forces that. Problem is, the next command I want to run is setting DNS remotely, Isn't your DHCP setting doing that (as per the psexec command)? which I can't do once the FW mysteriously turns itself on. Sure you can. You can manage your firewall exceptions via group policy. BTW, and as USUAL, I can not find anything in the event log pertinent. I'm sorry I have no more suggestions. How many machines do you need to do this on? "Lanwench [MVP - Exchange]" wrote: Rico wrote: When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#9
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Really don't expect much with questions being asked/answered. (Especially
since I'm trying to avoid re-writing War And Peace. Nobody wants to see the level of detail I've spent on this.) Was hoping that somebody ran into this themselves -- and corrected it. Thanks for your stab at it. "Lanwench [MVP - Exchange]" wrote: Rico wrote: Yes. Only thing I see relevant is that we have disabled user access to network settings and firewall disabled. No user has access to that by default. After turning on DHCP, the firewall enables itself. Note that by doing this, GP is not updated anyway. I don't follow, sorry - If we rebooted (or anything that would do a GPupdate) I'm certain that the firewall would turn off, as GP forces that. Problem is, the next command I want to run is setting DNS remotely, Isn't your DHCP setting doing that (as per the psexec command)? which I can't do once the FW mysteriously turns itself on. Sure you can. You can manage your firewall exceptions via group policy. BTW, and as USUAL, I can not find anything in the event log pertinent. I'm sorry I have no more suggestions. How many machines do you need to do this on? "Lanwench [MVP - Exchange]" wrote: Rico wrote: When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#10
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Rico wrote:
Really don't expect much with questions being asked/answered. (Especially since I'm trying to avoid re-writing War And Peace. Nobody wants to see the level of detail I've spent on this.) Was hoping that somebody ran into this themselves -- and corrected it. Thanks for your stab at it. Sure. Sorry I wasn't more help. I leave the firewall enabled in all my networks, and I always set up the clients to use DHCP, so I haven't run into this personally. Good luck. "Lanwench [MVP - Exchange]" wrote: Rico wrote: Yes. Only thing I see relevant is that we have disabled user access to network settings and firewall disabled. No user has access to that by default. After turning on DHCP, the firewall enables itself. Note that by doing this, GP is not updated anyway. I don't follow, sorry - If we rebooted (or anything that would do a GPupdate) I'm certain that the firewall would turn off, as GP forces that. Problem is, the next command I want to run is setting DNS remotely, Isn't your DHCP setting doing that (as per the psexec command)? which I can't do once the FW mysteriously turns itself on. Sure you can. You can manage your firewall exceptions via group policy. BTW, and as USUAL, I can not find anything in the event log pertinent. I'm sorry I have no more suggestions. How many machines do you need to do this on? "Lanwench [MVP - Exchange]" wrote: Rico wrote: When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#11
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Rico wrote:
Really don't expect much with questions being asked/answered. (Especially since I'm trying to avoid re-writing War And Peace. Nobody wants to see the level of detail I've spent on this.) Was hoping that somebody ran into this themselves -- and corrected it. Thanks for your stab at it. Sure. Sorry I wasn't more help. I leave the firewall enabled in all my networks, and I always set up the clients to use DHCP, so I haven't run into this personally. Good luck. "Lanwench [MVP - Exchange]" wrote: Rico wrote: Yes. Only thing I see relevant is that we have disabled user access to network settings and firewall disabled. No user has access to that by default. After turning on DHCP, the firewall enables itself. Note that by doing this, GP is not updated anyway. I don't follow, sorry - If we rebooted (or anything that would do a GPupdate) I'm certain that the firewall would turn off, as GP forces that. Problem is, the next command I want to run is setting DNS remotely, Isn't your DHCP setting doing that (as per the psexec command)? which I can't do once the FW mysteriously turns itself on. Sure you can. You can manage your firewall exceptions via group policy. BTW, and as USUAL, I can not find anything in the event log pertinent. I'm sorry I have no more suggestions. How many machines do you need to do this on? "Lanwench [MVP - Exchange]" wrote: Rico wrote: When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#12
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Remember that I inherited this ... trying to get best - or better -
practice implemented. "Lanwench [MVP - Exchange]" wrote: Rico wrote: Really don't expect much with questions being asked/answered. (Especially since I'm trying to avoid re-writing War And Peace. Nobody wants to see the level of detail I've spent on this.) Was hoping that somebody ran into this themselves -- and corrected it. Thanks for your stab at it. Sure. Sorry I wasn't more help. I leave the firewall enabled in all my networks, and I always set up the clients to use DHCP, so I haven't run into this personally. Good luck. "Lanwench [MVP - Exchange]" wrote: Rico wrote: Yes. Only thing I see relevant is that we have disabled user access to network settings and firewall disabled. No user has access to that by default. After turning on DHCP, the firewall enables itself. Note that by doing this, GP is not updated anyway. I don't follow, sorry - If we rebooted (or anything that would do a GPupdate) I'm certain that the firewall would turn off, as GP forces that. Problem is, the next command I want to run is setting DNS remotely, Isn't your DHCP setting doing that (as per the psexec command)? which I can't do once the FW mysteriously turns itself on. Sure you can. You can manage your firewall exceptions via group policy. BTW, and as USUAL, I can not find anything in the event log pertinent. I'm sorry I have no more suggestions. How many machines do you need to do this on? "Lanwench [MVP - Exchange]" wrote: Rico wrote: When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
#13
|
|||
|
|||
Firewall Mysteriously Turning On After Enabling DHCP - XP SP3
Remember that I inherited this ... trying to get best - or better -
practice implemented. "Lanwench [MVP - Exchange]" wrote: Rico wrote: Really don't expect much with questions being asked/answered. (Especially since I'm trying to avoid re-writing War And Peace. Nobody wants to see the level of detail I've spent on this.) Was hoping that somebody ran into this themselves -- and corrected it. Thanks for your stab at it. Sure. Sorry I wasn't more help. I leave the firewall enabled in all my networks, and I always set up the clients to use DHCP, so I haven't run into this personally. Good luck. "Lanwench [MVP - Exchange]" wrote: Rico wrote: Yes. Only thing I see relevant is that we have disabled user access to network settings and firewall disabled. No user has access to that by default. After turning on DHCP, the firewall enables itself. Note that by doing this, GP is not updated anyway. I don't follow, sorry - If we rebooted (or anything that would do a GPupdate) I'm certain that the firewall would turn off, as GP forces that. Problem is, the next command I want to run is setting DNS remotely, Isn't your DHCP setting doing that (as per the psexec command)? which I can't do once the FW mysteriously turns itself on. Sure you can. You can manage your firewall exceptions via group policy. BTW, and as USUAL, I can not find anything in the event log pertinent. I'm sorry I have no more suggestions. How many machines do you need to do this on? "Lanwench [MVP - Exchange]" wrote: Rico wrote: When trying to change corporate PCs from static assignments to DHCP, I am getting all sorts of results (I inherited this situation). The oddest and most frequent one I am running into is that the firewall is turning on -- not good. I must beg to differ there. You should have the firewall enabled on your clients. Set exceptions via group policy. The PCs do not have admin rights, and many a GPO is applied (I can not find anything in the policies that would cause this) Since PCs do not have admin rights, here are the two methods I have tried to change IP from static to DHCP (inc. DNS server assignments): Method 1 -- PSEXEC psexec \\PCNAME -s netsh interface ip set address name="Local Area Connection" source=dhcp psexec \\PCNAME -s netsh interface ip set dns name="Local Area Connection" source=dhcp --note: a "psexec \\rad03 -s netsh firewall set opmode disable" issued prior to does not help Method 2 -- For Giggles, Remote Control & RUNAS Dameware to PC, then: runas /env /user:administrator@domain "netsh interface ip set address name=\"Local Area Connection\" source=dhcp" runas /env /user:administrator@domain "netsh interface ip set dns name= \"Local Area Connection\" source=dhcp" I've tried various VB scripts also -- to no avail. Summary, the DHCP command typically "takes" and the PC will get an assignment from DHCP -- BUT the firewall will turn on. This is driving me insane. Chicken dinner to the winner. Thanks. Did you try running an rsop.msc on an affected client? |
Thread Tools | |
Display Modes | |
|
|