Group Policy for Internet Protocol version 6 (IPv6) Internet Connection Firewall

  • Article

The Prohibit use of Internet Connection Firewall on your DNS domain network Group Policy setting at Computer Configuration\Administrative Templates\Network\Network Connections in the Group Policy snap-in is designed to prevent computer users in a managed network environment from enabling Internet Connection Firewall (ICF) or IPv6 ICF and possibly impairing network connectivity.

If this Group Policy setting is set to Enabled, computer users with administrative privileges cannot enable or configure both ICF and IPv6 ICF when the computer is attached to a managed network. If this Group Policy setting is set to Disabled or Not Configured, computer users with administrative privileges can enable and configure both ICF and IPv6 ICF when the computer is attached to another network, such as the Internet or a home network. Computer users without administrative privileges cannot enable or configure ICF or IPv6 ICF, regardless of the Prohibit use of Internet Connection Firewall on your DNS domain network setting.

The networking components of Windows XP use a network determination method to determine if the computer is attached to a managed network. When a computer running Windows XP receives a Group Policy update, it records the connection-specific DNS suffix of the connection over which the Group Policy update was received in the registry. If the last-received Group Policy update DNS name stored in the registry matches any of the connection-specific DNS suffixes of the currently connected LAN connections on the computer, then the computer is attached to a managed network. Otherwise, the computer is attached to another network.

Group Policy settings define various components of the user's desktop environment that a system administrator needs to manage. For more information about Group Policy, see the topic titled "Group Policy overview" in Windows XP Help and Support Center.

Note By default, IPv6 ICF is enabled on network connections.

Note

IPv6 Internet Connection Firewall is only provided with the Advanced Networking Pack for Windows XP, a free download for computers running Windows XP with Service Pack 1. For computers running Windows XP with Service Pack 2, IPv6 Internet Connection Firewall has been replaced with the new Windows Firewall. For more information about Windows Firewall, see Manually Configuring Windows Firewall in Windows XP Service Pack 2. For information about Group Policy settings for Windows Firewall, see Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2.