We recently ran into an issue where each network computer's personal firewall has been disabled and neither the user or administrator can restart it. I found the following article:
In Windows XP SP2, remote procedure call (RPC) runs using the NT Authority\\NetworkService account. The default security descriptor for services in Windows XP SP2 gives Read access to the Authenticated Users group, which includes the NT Authority\\NetworkService account.
******** I wrote a two line batch file that fixes the issue but if the computer is rebooted, the firewall is disabled again. The two lines are:******* SC sdset SharedAccess D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
NET START SharedAccess
*********I tried putting this batch file into the Client Default Group Policy so that it would run at machine startup ( I couldn't do user because many users don't have rights to run the script). It worked BUT.....and this could be coincidence....the two times I have made the change, our server has shown significant performance issues in the hour immediately after the change. After removing the batch file, the server, after reboot, has returned to normal.
I want to give it one more try, but does anyone know of a reason that this file might be correlated to my server issues? Thanks.