Windows XP firewall service is enabled after installing XP SP3 – even if it was previously disabled

If Windows XP SP2 firewall service is set to manual or disabled when Windows XP SP3 is applied, the Windows Firewall/Internet Connection Sharing (ICS) service and Security Cetner service will be changed to automatic startup.  This behavior is by design, for the purpose of increasing the security of Windows XP.

This setting will remain in effect for computers that had the service startup manually altered.  
According to the Microsoft Enterprise Networking Team:
If the service is administratively disabled via domain Group Policy, it will again be disabled after subsequent application of Group Policy. The automatic service startup should only be seen on the first reboot after applying Service Pack 3. To cause GPO settings to be updated immediately on a client, run gpupdate /force from a command prompt.

One Response to “Windows XP firewall service is enabled after installing XP SP3 – even if it was previously disabled”

  1. Dale t. Says:

    I noticed this summer when I started deploying xp machines with sp3 installed that MS had changed something. Even though I had GP set to disable the firewall it just didn’t seem to “take” on SP3 machines. After some testing in vmware, I finally found this setting in GP that worked to turn off the firewall in SP3;

    Computer configuration / Administrative Templates / Network / Network Connections /
    Prohibit use of Internet Connection Firewall on your DNS domain network = enabled

    Hope this helps someone out!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: