GPO installation of client (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Firewall Client


sfranks -> GPO installation of client (15.Feb.2005 3:35:00 PM)

I want to roll out ISA 2004 client using a GPO in Active Directory. I'm testing the setup prior to Assigning it to around 300 PCs.

I can get it to work just fine, but I find that the next login after installation triggers a pop-up window wanting information on the ISA server and so on. The fields are all pre-filled-in with the correct information (I've set up Autodiscovery).

My question is: how do I prevent this pop-up window? I know I could instruct all my users to press OK, but I'd prefer that it install completely silently.

The only silent installation I can find uses login scripts; but Active Directory GPOs are a much better approach in my situation.

Many thanks in advance for any advice.

Stephen Franks

tshinder -> RE: GPO installation of client (18.Feb.2005 1:41:00 AM)

Hi Stephen,

Are you assigning the Firewall client to the machines or users?

IIRC, when its assigned to PCs, the install is completely transparent and uses the default of autodetect.


Guest -> RE: GPO installation of client (21.Feb.2005 6:59:00 AM)

Hi Stephen and Tom,

I'm having the same problem you describe. I've assigned the GPO to some test WinXP computers and the Firewall Client installs perfectly as the computer starts up but the next time someone logs in to that machine, the configuration page appears. I've watched the registry and file system closely using ntregmon and ntfilemon and the only place I can see the configuration being stored is in <Documents and Settings>\<User>\Local Settings\Application Data\Microsoft\Firewall Client 2004\management.ini and common.ini.

I find it very strange that MS would release a product that uses ini files instead of the registry to store settings. It makes central management of this feature such a pain.


mnyquist -> RE: GPO installation of client (28.Feb.2005 11:52:00 PM)

I've also had this issue. Assigning the FW_FWC.MSI under Computer Configuration \ Software Settings \ Software Installation (as assigned) in group policy does indeed install the client, but it adds "Microsoft Firewall Client Management" to the startup folder, which opens upon startup, giving users an opportunity to change the settings... Anyone have a workaround for this to make it a completely silent install?



leputain -> RE: GPO installation of client (2.Mar.2005 8:17:00 AM)

hello. this is my first post [Smile]

and i'm having this problem too.

could you show your scripts? the ones you use to auto-configure client not to pop-up (and i guess, to hide when connected - i'd prefer this one too).

Mike12 -> RE: GPO installation of client (2.Mar.2005 4:28:00 PM)

I looked at this issue today and found that checking the box to hide the icon in the notifcation area seems to be what causes the pop-up when the Firewall Client Management shortcut is launched.

If you don't want users to see the management utility at all, just make a machine startup script via group policy to detect and remove the shortcut from the All Users profile...

...and remember that if your environment is properly secured, disabling the client should get your users nowhere! Of course you may just want to protect them from themselves and prevent those "My internet isn't working!" help desk calls after they fiddle with it.

Edit: After looking some more. It seems there is a bit more to this than I thought. The pop-up due to checking the 'hide' icon' box is only true if the management app is already running. It is a separate issue from the pop-up after installation. I do see this pop-up after assigning the client to computers (not users) through group policy. Still the best solution is probably to delete the shortcut...

[ March 02, 2005, 04:51 PM: Message edited by: Mike12 ]

WyldWolf -> RE: GPO installation of client (4.Mar.2005 12:19:00 AM)

You are correct the first run after assigning via GP and logging in the user is presented with the configuration screen set to auto-detect. If they click OK it will resolve and set, and never pop up again.

This is even if the wpad and autoconfiguration information is functioning properly. In our rollouts the users are just told to click ok if they get a popup and they will never see it again. It would be nice to eliminate the first run popup, I'm certain if a custom ADM were created with the registry keys populated by the first auto-config it may eliminate the problem. I just haven't had time to play with it. If I find a solution I'll post it here.

citrixman -> RE: GPO installation of client (11.Mar.2005 5:31:00 AM)

Im getting something slightly different.. On some Windows XP and Windows 2000 machines they get the pop up the first time the client is installed. However then on some other XP and 2K machines the window pops up EVERY time the user logs on which is damn annoying!

Has anyone been able to fix this yet??


citrixman -> RE: GPO installation of client (11.Mar.2005 5:51:00 AM)

ok fixed those pc's just had to be rebooted after the GPO went through now the box has gone away.. sweeeet! If only the initial box after install wouldnt pop up then it would be 100% rock solid..

Scotte -> RE: GPO installation of client (22.Mar.2005 1:57:00 AM)

I created an MST file that can be used when deploying the client. All it does is remove the shortcut from the startmenu. You can create it pretty easily with Orca or just download it here.

kcadmin -> RE: GPO installation of client (13.Apr.2005 8:14:00 PM)

I'm getting the same thing. How do you use the mst file?

JSHarris -> RE: GPO installation of client (18.May2005 11:38:00 AM)

Scotte - thanks for the link. However when using the .mst to delete the shortcut, the firewall client does not work upon restarting the computer. No icon in the taskbar and no access. I found that creating a .mst to just restart the computer upon completion of software deployment did the trick quite nicely. No pop-ups at logon or anything. Granted, this will only work if you have your autodetect setup correctly as it will run with the default settings.

I will post a link just as soon as I can get it set up (having hosting issues).

[ May 19, 2005, 11:09 AM: Message edited by: JSHarris ]

Guest -> RE: GPO installation of client (10.Aug.2005 8:25:00 AM)

JSHarris - I'm new to Orca, how do you create an MST file which reboots the client machine?

Page: [1]