On a Windows 7 Enterprise 64-bit laptop joined to a corporate domain, the Windows Firewall is disabled by a global policy.
Is there any way to enable the Windows Firewall in this scenario?
The gpedit.msc setting Windows Firewall: Protect all network connections is inaccessible.
EDIT: It appears that changing HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Start value to 4 will disable the GPO and allow you to start the firewall and stop the bots from pushing cr*p to your computer… will check on Monday and if it works I'll confirm here in case someone else in my situation wonders upon this question…
EDIT: It's probably better if I write a mock windows service not doing anything and name it according to what is expected to be on my box and than crete mock McCrappy executable and mock McCrappy folder structure and remove all the actual stuff… That would take a little time but would most certainly make my box completely stealthy…
Best Answer
The registry key you want to target is
Make the DWord = 0.
That's funny that you have access to that registry key. That just means any Group policy updates that get pushed down are ineffective since you can just overwrite it. While I sympathize with other IT workers, this is not really excusable. . .
It means you have all sorts of hacks available to you, including disabling Group Policy updates from the domain controller. But that would raise suspicions. But if you want, Microsoft's Technet actually tells you how to disable the updates.
I would go with changing the update interval. That is more subtle.
I feel your pain though.
Software developers get no love. IT folks don't get any love either. I have a hard time explaining to people that I don't make the rules. We gotta make painful decisions because of laws, regulations, and cost inefficiencies. It sucks. Just like developers, we are asked to do everything fast, perfect and for cheap.
At the same time, IT has a job to do and you are only making it harder on others, which they in turn increase the control on your computers, which forces you to be more clever. . . You are smart enough to see where this is going.
Really, this is just a short term solution to a long term problem. You aren't going to gain any trust by braggin about number of processes or calling people bots.
BTW, you should know as a developer that # of process != performance.
Edit
I don't sympathize with IT departments that make make users admins, simply cause it is easier. It really isn't that hard to create a power user group with install priviledges, etc etc.