Windows Firewall behavior

                                                                                               
I really like the feature of Windows Firewall (WFW) to switch between profiles… For example you can create domain profile and (more restrictive) standard profile… 

However today I found out it is not working in one of my companies – the Domain profile is always selected. So I dig in problem and I found this: resolving profile is not based on ICMP – this is quite logical, because many servers have blocked ICMP protocol. Instead it is based on DNS suffix. First it will read the value from registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History – NetworkName (REG_SZ)

This contains value of domain, from where GP was applied. Then it compares this value to current DNS suffix. If they match, Domain profile is selected. 

In my company the DNS suffix was hard coded – that is why it automatically selected Domain profile, even when computer was on absolutely different network. 

I resolve this by two-step operation. First I changed unattended installation and removed setting that was responsible for this behavior. It was present because of historical problems (nobody was able to tell me why). Second step was to generate code, that will change this setting on existing installations:

sNameSpace  = “root/CIMV2″
sTargetClass  = “Win32_NetworkAdapterConfiguration”
sClass   = “Win32_NetworkAdapter”

sComputer  = “.”
sDNSDomain = “”

sWQLQuery = “SELECT * FROM ” & sClass

Set cInstances = GetObject(“winmgmts:{impersonationLevel=impersonate}//” & _
   sComputer & “/” & sNameSpace).ExecQuery(sWQLQuery, “WQL”)

For Each oInstance In cInstances
 Set cAssociators = oInstance.Associators_(,sTargetClass)
 For Each oAssociator In cAssociators
  Set oMethod = oAssociator.Methods_(“SetDNSDomain”)
  Set oInParam = oMethod.InParameters.SpawnInstance_()
  oInParam.DNSDomain = sDNSDomain
  Set oOutParam = oAssociator.ExecMethod_(“SetDNSDomain”, oInParam)
 Next
Next