# Can't enable Windows Firewall



## LostinJungle (Jun 17, 2006)

I usually use McAfee Personal Firewall but was advised to revert to Windows Firewall if I want to successfully scan for updates at www.updates.microsoft.com. When I go to control panel and click the firewall icon I get the usual windows firewall dialog box but there's a message in a blue box saying "For your security, some settings are controlled by group policy" and the On/ff radio buttins are greyed out. i.e. I can't change from Off to On.

If I look at Group policy via run gpedit.msc, I can see that all the firewall options under Local Computer Policy, Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall, Standard Profile are all set to 'Not configured'. In fact all items under Administrative Templates are all 'Not configured'. If I play around with these settings I can change the windows dialog box to show that the firewall is enabled (On) but the option to change from On to Off is still greyed out.

Secondly, as Windows Firewall is linked in with Internet Connection Sharing I looked at the Windows Firewall/Internet Connection Sharing (ICS) service by running services.msc. When I double click on this service I get a Service dialog box stating 'Configuration Manager: The specified device instance handle does not correspond to a present device'. When I click OK the service properties box appears and all is OK (i.e. started, automatically etc.).

Next port of call Regedit: The values under the following keys are as follows:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile

DisableNotifications REG_DWORD 0x00000000 (0)
EnableFirewall REG_DWORD 0x00000001 (1)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum

Default REG_SZ (Value not set)
0 REG_SZ Root\LEGACY_SHAREDACCESS\0000
Count REG_DWORD 0x00000001 (1)
NextInstance REG_DWORD 0x00000001 (1)

Now if I go to 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\

there is no LEGACY_SHAREDACCESS\000. it goes from LEGACY_SENS to LEGACY_SHELLHWDETECTION as follows:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SENS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHELLHWDETECTION

My laptop has this key but this desktop doesn't! How do I add the missing key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHAREDACCESS
using the system rather than just hacking it?!

Here's hoping somebody out there can help coz i'm
LostinJungle


----------



## Guest (Jun 18, 2006)

delete 2 registry keys and restart windows: http://windowsxp.mvps.org/resetfwpol.htm


----------



## LostinJungle (Jun 17, 2006)

Baris, I'm an XP Pro user and all my firewall settings under GPedit.msc are already set to 'Not configured' ???


----------

