Security Center registry key |
Permissions box | |
Advanced Permissions |
Deny SYSTEM the Set Value permission | |
After change, new "deny" permission added |
I will type a lot here, to help those needing the background info, but I DO have a potential fix for this, scan down to where I write: "
----FIX----"
Not well documented issue in which (apparently) having a Symantec products (Norton Antivirus, Internet Security) keeps resetting the XP Windows Security Center settings to notify/alert that Firewall (or other) aspect is not enabled.
After searching countless threads, so far the only option is to disable the Security Center service completely. In my case I do not want to run a software firewall, but am using Norton Antivirus 2004. After each reboot, the firewall alert settings in Security Center get wiped out, and reset to "Alert me if my computer might be at risk because of my firewall settings." There are some discussions pointing to Symantec security feature that restores the setting each time. I'm sure they'll eventually come up with a patched file, but until then this is what I have found will prevent the setting from changing. (Other, more expert users, please chime in if there is a spin on this that would be better!")
----FIX----Solution is to change the permissions for the registry key which handles Security Center Alert settings. By preventing the System account from changing the value, the choices you make "stay put". You should be doing this while logged in as a member of Administrators group, by the way.
1) Use regedit to go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security CenterThe subkeys within are what change (either "0" or "1") when you change your Alert settings within the Security Center.
AntiVirusDisableNotify
AntiVirusOverride
FirewallDisableNotify
FirewallOverride
UpdatesDisableNotify
A value of "1" engages the option, so to disable Firewall alerts, the value should be "1"
2) Now, to stop these values changing from what you WANT, you must highlight the Security Center key name, and right click on it (or use Edit menu) and choose
Permissions.
3) Click
Advanced, under the Permissions tab, Permission entries, select the SYSTEM (in the Name column) and click
Edit.
4) In the
Deny column (should start out all unchecked) click to select the
Set Value checkbox, and click OK. This way we create an exception to the normal permissions of the SYSTEM account for this subkey ONLY.
5) When you click Apply or OK next, a warning is displayed regarding settnig a "deny" permission. If you are following the above, then the only change to permissions are for this specifc subkey (Security Center) and it poses no threat. Click Yes to continue. Click OK to exit the last dialog box. You are done. (If you go go back to permissions, Advanced, you see a new permission entry has been created for SYSTEM to Deny Set Value. To reverse the registry adjustment we just made, simply highlight that new entry and click the Remove button.)
NOTE!! The effect of this permissions change means that making changes within the Security Center graphical interface for Alerts settings will have NO EFFECT on the registry after this until such time as you go back to the registry key and remove the one deny permission you created. Unless you reverse the registry change, the only way to change the alerting options is changing the above subkeys to zeros or ones using regedit.
Hope this helps people who have been as frustrated as I. I will try to add some screenshots, if possilbe.