decoy5657 Posted August 17, 2004 Posted August 17, 2004 The main network admin at my office seems to be in this mindset that we need to be using the service pack 2 built in firewall to block things like AOL Instant messenger, ICQ, and so on.I know that the firewall may be managed via GPOs but we do not have domain admin rights at this sight ( we are part of a huge AD domain ) so getting anything like this done is a tedious, time consuming task.His idea for this is to use VB scripts in our login scripts to update the settings for the firewall. ( something we DO have control over! )Let me explain that desktop users cannot use the registry editor to merge entries into the registry hive. (which means they can’t run any .reg files) however, they CAN use the regwrite feature of VBS to modify the registry. I have not seen any VBS files to configure the windows firewall, just reg files…. So he’s not going to have a good time trying to figure this one out.The most interesting thing is that we have redundant Nokia Checkpoint firewalls at our facility. They just don’t know how, or refuse to research the information to block programs like AIM, ICQ, MSN, etc…. (its easy to block AIM.exe with the winxp firewall, whereas on the checkpoints you’d have to block ips, hostnames, whatever.)If any of you are firewall admins… and have some exciting tips….. Please…. Do share them. It only seems like the right way to do things; I think that having 350 firewalls running is a bit ridiculous when there only needs to be one…. In terms of the future, I see each desktop that has an improperly managed firewall running on it a nightmare for me to take care of later.
jcarle Posted August 17, 2004 Posted August 17, 2004 Perhaps this can help you.Using an INF file to configure Windows FirewallYou could find somesort of way of running the inf file through either the logon scripts or a VBScript file.
CBay Posted August 20, 2004 Posted August 20, 2004 I am going out on a limb and assuming that you guys are running top shelf hardware i.e. cisco routers/switches in addition to your software firewalls (CheckPoint and such)... haven't your guys figured out how to block the port being used by the IM clients at least on the router/switch (hardware layer) then move to the "advanced" layer of the software configs... via your firewalls?Yes you are correct 350 individual firewalls is overkill and pointless especially since you cannot manage that ever.Cbay... MCSE, MCSA, CCSA, MCP, A+
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now