From: Leeds, UK
I want to roll out ISA 2004 client using a GPO in Active Directory. I'm testing the setup prior to Assigning it to around 300 PCs.
I can get it to work just fine, but I find that the next login after installation triggers a pop-up window wanting information on the ISA server and so on. The fields are all pre-filled-in with the correct information (I've set up Autodiscovery).
My question is: how do I prevent this pop-up window? I know I could instruct all my users to press OK, but I'd prefer that it install completely silently.
The only silent installation I can find uses login scripts; but Active Directory GPOs are a much better approach in my situation.
RE: GPO installation of client - 21.Feb.2005 6:59:00 AM
Hi Stephen and Tom,
I'm having the same problem you describe. I've assigned the GPO to some test WinXP computers and the Firewall Client installs perfectly as the computer starts up but the next time someone logs in to that machine, the configuration page appears. I've watched the registry and file system closely using ntregmon and ntfilemon and the only place I can see the configuration being stored is in <Documents and Settings>\<User>\Local Settings\Application Data\Microsoft\Firewall Client 2004\management.ini and common.ini.
I find it very strange that MS would release a product that uses ini files instead of the registry to store settings. It makes central management of this feature such a pain.
I've also had this issue. Assigning the FW_FWC.MSI under Computer Configuration \ Software Settings \ Software Installation (as assigned) in group policy does indeed install the client, but it adds "Microsoft Firewall Client Management" to the startup folder, which opens upon startup, giving users an opportunity to change the settings... Anyone have a workaround for this to make it a completely silent install?
I looked at this issue today and found that checking the box to hide the icon in the notifcation area seems to be what causes the pop-up when the Firewall Client Management shortcut is launched.
If you don't want users to see the management utility at all, just make a machine startup script via group policy to detect and remove the shortcut from the All Users profile...
...and remember that if your environment is properly secured, disabling the client should get your users nowhere! Of course you may just want to protect them from themselves and prevent those "My internet isn't working!" help desk calls after they fiddle with it.
Edit: After looking some more. It seems there is a bit more to this than I thought. The pop-up due to checking the 'hide' icon' box is only true if the management app is already running. It is a separate issue from the pop-up after installation. I do see this pop-up after assigning the client to computers (not users) through group policy. Still the best solution is probably to delete the shortcut...
You are correct the first run after assigning via GP and logging in the user is presented with the configuration screen set to auto-detect. If they click OK it will resolve and set, and never pop up again.
This is even if the wpad and autoconfiguration information is functioning properly. In our rollouts the users are just told to click ok if they get a popup and they will never see it again. It would be nice to eliminate the first run popup, I'm certain if a custom ADM were created with the registry keys populated by the first auto-config it may eliminate the problem. I just haven't had time to play with it. If I find a solution I'll post it here.
Im getting something slightly different.. On some Windows XP and Windows 2000 machines they get the pop up the first time the client is installed. However then on some other XP and 2K machines the window pops up EVERY time the user logs on which is damn annoying!
Scotte - thanks for the link. However when using the .mst to delete the shortcut, the firewall client does not work upon restarting the computer. No icon in the taskbar and no access. I found that creating a .mst to just restart the computer upon completion of software deployment did the trick quite nicely. No pop-ups at logon or anything. Granted, this will only work if you have your autodetect setup correctly as it will run with the default settings.
I will post a link just as soon as I can get it set up (having hosting issues).