>
> The PCs do not have admin rights, and many a GPO is applied (I can not
> find anything in the policies that would cause this)
> Since PCs do not have admin rights, here are the two methods I have
> tried to change IP from static to DHCP (inc. DNS server assignments):
>
>
> Method 1 -- PSEXEC
> psexec \\PCNAME -s netsh interface ip set address name="Local Area
> Connection" source=dhcp
> psexec \\PCNAME -s netsh interface ip set dns name="Local Area
> Connection" source=dhcp
> --note:  a "psexec \\rad03 -s netsh firewall set opmode disable"
> issued prior to does not help
>
>
> Method 2 -- For Giggles, Remote Control & RUNAS
> Dameware to PC, then:
> runas /env /user:administrator@domain "netsh interface ip set address
> name=\"Local Area Connection\" source=dhcp"
> runas /env /user:administrator@domain "netsh interface ip set dns
> name= \"Local Area Connection\" source=dhcp"
>
>
> I've tried various VB scripts also -- to no avail.
>
>
> Summary, the DHCP command typically "takes" and the PC will get an
> assignment from DHCP -- BUT the firewall will turn on.
>
>
> This is driving me insane.  Chicken dinner to the winner.
>
>
> Thanks.

"Lanwench [MVP - Exchange]" wrote:

> Rico <ricothetunaf***@tunafishorgcom.com> wrote:
> > When trying to change corporate PCs from static assignments to DHCP, I
> > am getting all sorts of results (I inherited this situation).  The
> > oddest and most frequent one I am running into is that the firewall is
> > turning on -- not good.
>
> I must beg to differ there. You should have the firewall enabled on your
> clients. Set exceptions via group policy.
> >
> > The PCs do not have admin rights, and many a GPO is applied (I can not
> > find anything in the policies that would cause this)
> > Since PCs do not have admin rights, here are the two methods I have
> > tried to change IP from static to DHCP (inc. DNS server assignments):
> >
> >
> > Method 1 -- PSEXEC
> > psexec \\PCNAME -s netsh interface ip set address name="Local Area
> > Connection" source=dhcp
> > psexec \\PCNAME -s netsh interface ip set dns name="Local Area
> > Connection" source=dhcp
> > --note:  a "psexec \\rad03 -s netsh firewall set opmode disable"
> > issued prior to does not help
> >
> >
> > Method 2 -- For Giggles, Remote Control & RUNAS
> > Dameware to PC, then:
> > runas /env /user:administrator@domain "netsh interface ip set address
> > name=\"Local Area Connection\" source=dhcp"
> > runas /env /user:administrator@domain "netsh interface ip set dns
> > name= \"Local Area Connection\" source=dhcp"
> >
> >
> > I've tried various VB scripts also -- to no avail.
> >
> >
> > Summary, the DHCP command typically "takes" and the PC will get an
> > assignment from DHCP -- BUT the firewall will turn on.
> >
> >
> > This is driving me insane.  Chicken dinner to the winner.
> >
> >
> > Thanks.
>
> Did you try running an rsop.msc on an affected client?
>
>
>

>
> "Lanwench [MVP - Exchange]" wrote:
>
>> Rico <ricothetunaf***@tunafishorgcom.com> wrote:
>>> When trying to change corporate PCs from static assignments to
>>> DHCP, I am getting all sorts of results (I inherited this
>>> situation).  The oddest and most frequent one I am running into is
>>> that the firewall is turning on -- not good.
>>
>> I must beg to differ there. You should have the firewall enabled on
>> your clients. Set exceptions via group policy.
>>>
>>> The PCs do not have admin rights, and many a GPO is applied (I can
>>> not find anything in the policies that would cause this)
>>> Since PCs do not have admin rights, here are the two methods I have
>>> tried to change IP from static to DHCP (inc. DNS server
>>> assignments):
>>>
>>>
>>> Method 1 -- PSEXEC
>>> psexec \\PCNAME -s netsh interface ip set address name="Local Area
>>> Connection" source=dhcp
>>> psexec \\PCNAME -s netsh interface ip set dns name="Local Area
>>> Connection" source=dhcp
>>> --note:  a "psexec \\rad03 -s netsh firewall set opmode disable"
>>> issued prior to does not help
>>>
>>>
>>> Method 2 -- For Giggles, Remote Control & RUNAS
>>> Dameware to PC, then:
>>> runas /env /user:administrator@domain "netsh interface ip set
>>> address name=\"Local Area Connection\" source=dhcp"
>>> runas /env /user:administrator@domain "netsh interface ip set dns
>>> name= \"Local Area Connection\" source=dhcp"
>>>
>>>
>>> I've tried various VB scripts also -- to no avail.
>>>
>>>
>>> Summary, the DHCP command typically "takes" and the PC will get an
>>> assignment from DHCP -- BUT the firewall will turn on.
>>>
>>>
>>> This is driving me insane.  Chicken dinner to the winner.
>>>
>>>
>>> Thanks.
>>
>> Did you try running an rsop.msc on an affected client?

"Lanwench [MVP - Exchange]" wrote:

> Rico <ricothetunaf***@tunafishorgcom.com> wrote:
> > Yes.  Only thing I see relevant is that we have disabled user access
> > to network settings and firewall disabled.
>
> No user has access to that by default.
> >
> > After turning on DHCP, the firewall enables itself.  Note that by
> > doing this, GP is not updated anyway.
>
> I don't follow, sorry -
> >
> > If we rebooted (or anything that would do a GPupdate) I'm certain
> > that the firewall would turn off, as GP forces that.  Problem is, the
> > next command I want to run is setting DNS remotely,
>
> Isn't your DHCP setting doing that (as per the psexec command)?
>
>  which I can't do
> > once the FW mysteriously turns itself on.
>
> Sure you can. You can manage your firewall exceptions via group policy.
>
> > BTW, and as USUAL, I can
> > not find anything in the event log pertinent.
>
> I'm sorry I have no more suggestions. How many machines do you need to do
> this on?
>
> >
> > "Lanwench [MVP - Exchange]" wrote:
> >
> >> Rico <ricothetunaf***@tunafishorgcom.com> wrote:
> >>> When trying to change corporate PCs from static assignments to
> >>> DHCP, I am getting all sorts of results (I inherited this
> >>> situation).  The oddest and most frequent one I am running into is
> >>> that the firewall is turning on -- not good.
> >>
> >> I must beg to differ there. You should have the firewall enabled on
> >> your clients. Set exceptions via group policy.
> >>>
> >>> The PCs do not have admin rights, and many a GPO is applied (I can
> >>> not find anything in the policies that would cause this)
> >>> Since PCs do not have admin rights, here are the two methods I have
> >>> tried to change IP from static to DHCP (inc. DNS server
> >>> assignments):
> >>>
> >>>
> >>> Method 1 -- PSEXEC
> >>> psexec \\PCNAME -s netsh interface ip set address name="Local Area
> >>> Connection" source=dhcp
> >>> psexec \\PCNAME -s netsh interface ip set dns name="Local Area
> >>> Connection" source=dhcp
> >>> --note:  a "psexec \\rad03 -s netsh firewall set opmode disable"
> >>> issued prior to does not help
> >>>
> >>>
> >>> Method 2 -- For Giggles, Remote Control & RUNAS
> >>> Dameware to PC, then:
> >>> runas /env /user:administrator@domain "netsh interface ip set
> >>> address name=\"Local Area Connection\" source=dhcp"
> >>> runas /env /user:administrator@domain "netsh interface ip set dns
> >>> name= \"Local Area Connection\" source=dhcp"
> >>>
> >>>
> >>> I've tried various VB scripts also -- to no avail.
> >>>
> >>>
> >>> Summary, the DHCP command typically "takes" and the PC will get an
> >>> assignment from DHCP -- BUT the firewall will turn on.
> >>>
> >>>
> >>> This is driving me insane.  Chicken dinner to the winner.
> >>>
> >>>
> >>> Thanks.
> >>
> >> Did you try running an rsop.msc on an affected client?
>
>
>
>

>
> "Lanwench [MVP - Exchange]" wrote:
>
>> Rico <ricothetunaf***@tunafishorgcom.com> wrote:
>>> Yes.  Only thing I see relevant is that we have disabled user access
>>> to network settings and firewall disabled.
>>
>> No user has access to that by default.
>>>
>>> After turning on DHCP, the firewall enables itself.  Note that by
>>> doing this, GP is not updated anyway.
>>
>> I don't follow, sorry -
>>>
>>> If we rebooted (or anything that would do a GPupdate) I'm certain
>>> that the firewall would turn off, as GP forces that.  Problem is,
>>> the next command I want to run is setting DNS remotely,
>>
>> Isn't your DHCP setting doing that (as per the psexec command)?
>>
>>  which I can't do
>>> once the FW mysteriously turns itself on.
>>
>> Sure you can. You can manage your firewall exceptions via group
>> policy.
>>
>>> BTW, and as USUAL, I can
>>> not find anything in the event log pertinent.
>>
>> I'm sorry I have no more suggestions. How many machines do you need
>> to do this on?
>>
>>>
>>> "Lanwench [MVP - Exchange]" wrote:
>>>
>>>> Rico <ricothetunaf***@tunafishorgcom.com> wrote:
>>>>> When trying to change corporate PCs from static assignments to
>>>>> DHCP, I am getting all sorts of results (I inherited this
>>>>> situation).  The oddest and most frequent one I am running into is
>>>>> that the firewall is turning on -- not good.
>>>>
>>>> I must beg to differ there. You should have the firewall enabled on
>>>> your clients. Set exceptions via group policy.
>>>>>
>>>>> The PCs do not have admin rights, and many a GPO is applied (I can
>>>>> not find anything in the policies that would cause this)
>>>>> Since PCs do not have admin rights, here are the two methods I
>>>>> have tried to change IP from static to DHCP (inc. DNS server
>>>>> assignments):
>>>>>
>>>>>
>>>>> Method 1 -- PSEXEC
>>>>> psexec \\PCNAME -s netsh interface ip set address name="Local Area
>>>>> Connection" source=dhcp
>>>>> psexec \\PCNAME -s netsh interface ip set dns name="Local Area
>>>>> Connection" source=dhcp
>>>>> --note:  a "psexec \\rad03 -s netsh firewall set opmode disable"
>>>>> issued prior to does not help
>>>>>
>>>>>
>>>>> Method 2 -- For Giggles, Remote Control & RUNAS
>>>>> Dameware to PC, then:
>>>>> runas /env /user:administrator@domain "netsh interface ip set
>>>>> address name=\"Local Area Connection\" source=dhcp"
>>>>> runas /env /user:administrator@domain "netsh interface ip set dns
>>>>> name= \"Local Area Connection\" source=dhcp"
>>>>>
>>>>>
>>>>> I've tried various VB scripts also -- to no avail.
>>>>>
>>>>>
>>>>> Summary, the DHCP command typically "takes" and the PC will get an
>>>>> assignment from DHCP -- BUT the firewall will turn on.
>>>>>
>>>>>
>>>>> This is driving me insane.  Chicken dinner to the winner.
>>>>>
>>>>>
>>>>> Thanks.
>>>>
>>>> Did you try running an rsop.msc on an affected client?

"Lanwench [MVP - Exchange]" wrote:

> Rico <ricothetunaf***@tunafishorgcom.com> wrote:
> > Really don't expect much with questions being asked/answered.
> > (Especially since I'm trying to avoid re-writing War And Peace.
> > Nobody wants to see the level of detail I've spent on this.)  Was
> > hoping that somebody ran into this themselves -- and corrected it.
> >
> > Thanks for your stab at it.
>
> Sure. Sorry I wasn't more help. I leave the firewall enabled in all my
> networks, and I always set up the clients to use DHCP, so I haven't run into
> this personally. Good luck.
> >
> > "Lanwench [MVP - Exchange]" wrote:
> >
> >> Rico <ricothetunaf***@tunafishorgcom.com> wrote:
> >>> Yes.  Only thing I see relevant is that we have disabled user access
> >>> to network settings and firewall disabled.
> >>
> >> No user has access to that by default.
> >>>
> >>> After turning on DHCP, the firewall enables itself.  Note that by
> >>> doing this, GP is not updated anyway.
> >>
> >> I don't follow, sorry -
> >>>
> >>> If we rebooted (or anything that would do a GPupdate) I'm certain
> >>> that the firewall would turn off, as GP forces that.  Problem is,
> >>> the next command I want to run is setting DNS remotely,
> >>
> >> Isn't your DHCP setting doing that (as per the psexec command)?
> >>
> >>  which I can't do
> >>> once the FW mysteriously turns itself on.
> >>
> >> Sure you can. You can manage your firewall exceptions via group
> >> policy.
> >>
> >>> BTW, and as USUAL, I can
> >>> not find anything in the event log pertinent.
> >>
> >> I'm sorry I have no more suggestions. How many machines do you need
> >> to do this on?
> >>
> >>>
> >>> "Lanwench [MVP - Exchange]" wrote:
> >>>
> >>>> Rico <ricothetunaf***@tunafishorgcom.com> wrote:
> >>>>> When trying to change corporate PCs from static assignments to
> >>>>> DHCP, I am getting all sorts of results (I inherited this
> >>>>> situation).  The oddest and most frequent one I am running into is
> >>>>> that the firewall is turning on -- not good.
> >>>>
> >>>> I must beg to differ there. You should have the firewall enabled on
> >>>> your clients. Set exceptions via group policy.
> >>>>>
> >>>>> The PCs do not have admin rights, and many a GPO is applied (I can
> >>>>> not find anything in the policies that would cause this)
> >>>>> Since PCs do not have admin rights, here are the two methods I
> >>>>> have tried to change IP from static to DHCP (inc. DNS server
> >>>>> assignments):
> >>>>>
> >>>>>
> >>>>> Method 1 -- PSEXEC
> >>>>> psexec \\PCNAME -s netsh interface ip set address name="Local Area
> >>>>> Connection" source=dhcp
> >>>>> psexec \\PCNAME -s netsh interface ip set dns name="Local Area
> >>>>> Connection" source=dhcp
> >>>>> --note:  a "psexec \\rad03 -s netsh firewall set opmode disable"
> >>>>> issued prior to does not help
> >>>>>
> >>>>>
> >>>>> Method 2 -- For Giggles, Remote Control & RUNAS
> >>>>> Dameware to PC, then:
> >>>>> runas /env /user:administrator@domain "netsh interface ip set
> >>>>> address name=\"Local Area Connection\" source=dhcp"
> >>>>> runas /env /user:administrator@domain "netsh interface ip set dns
> >>>>> name= \"Local Area Connection\" source=dhcp"
> >>>>>
> >>>>>
> >>>>> I've tried various VB scripts also -- to no avail.
> >>>>>
> >>>>>
> >>>>> Summary, the DHCP command typically "takes" and the PC will get an
> >>>>> assignment from DHCP -- BUT the firewall will turn on.
> >>>>>
> >>>>>
> >>>>> This is driving me insane.  Chicken dinner to the winner.
> >>>>>
> >>>>>
> >>>>> Thanks.
> >>>>
> >>>> Did you try running an rsop.msc on an affected client?
>
>
>
>