Microsoft Windows Vista Networking Discussions
 
Vista
(1)
HiWhen
(1)
HiNo
(1)
Firewall
(1)
Windows
(1)
Polices
(1)
Configures
(1)
Notebook
(1)

Firewall Service Cannot Start When Not Connected to Domain

Asked By W
21-Nov-09 12:25 AM
Reply
We have a Vista Ultimate installation with all service packs installed.
Both the local security policy and the domain policy after joining a domain
have the reserved accounts NETWORK SERVICE and LOCAL SERVICE configured to
start as a service.      If we disconnect the notebook from the domain and
restart it, the Windows Firewall service refuses to start.   All attempts to
manage the firewall fail because the service reports it has not started.
If you manually attempt to start the firewall service it fails.

As soon as we put the notebook back on the domain network and reboot it
works.

Does anyone have any insight on why this happens and how we can get the
firewall to start?    Any sequence that effectively prevents the firewall
from starting strikes me as a pretty serious misfeature.     The notebook is
often used to configure devices by cross connecting straight to the device,
so we cannot count on being on the domain network, but clearly we want a
working firewall at all times.

--
W

HiWhen it is Off the domain what are you trying to connect to?

Jack [MVP-Networking] replied to W
21-Nov-09 09:40 PM
Reply
Hi
When it is Off the domain what are you trying to connect to?
Who ever controls the Domain Polices has to configure the computer to
function in a none domain environment when needed.
Jack (MS, MVP-Networking).

What I am saying is that when the computer is off the domain, the

W replied to Jack [MVP-Networking]
23-Nov-09 07:30 PM
Reply
What I am saying is that when the computer is off the domain, the firewall
service is *refusing to startup at all*.     That cannot be a feature, can
it?


--
W

HiNo it is not a feature.

Jack [MVP-Networking] replied to W
23-Nov-09 10:14 PM
Reply
Hi
No it is not a feature. ;)
Just being of the Domain just not mean that the computer is automatically
re-configured itself for regular Peer-to-Peer network.
Who ever configures the domain has to take a look to make sure that the
right open configuration is available.
Jack (MS, MVP-Networking).
I think we may be talking different points.
W replied to Jack [MVP-Networking]
23-Nov-09 10:26 PM
Reply
I think we may be talking different points.   Distinguish two cases:

Case A:   Disconnect from the domain and start the computer.   After
firewall starts, it has a different configuration than the one in the
domain.

Case B:  Disconnect from the domain and start the computer.   Firewall
refuses to start at all.   Attempts to manually start the firewall *service*
fail.      There is no issue about the firewall's configuration because the
firewall cannot even be started.

I am describing Case B.    This is not an issue of how we configured the
firewall rules in or out of the domain.   This is a Windows service startup
issue.   The firewall service cannot even be started.

--
W
Previous Discussion:  Cannot View Computers on Network
Post Question To EggHeadCafe