Re: Can SP2 Firewall be configured with Login Script in AD?

From: Oli Restorick [MVP] (oli_at_mvps.org)
Date: 09/23/04 

Date: Fri, 24 Sep 2004 00:22:43 +0100

The machines will refresh their policies within hours. The gpupdate utility
ships with XP and 2003, but is used to force refresh of that machine's
policy, not in the way you're describing.

The command to refresh machine settings on a Windows 2000 machine is as
follows (not that it will help you at all)

secedit /refreshpolicy machine_policy

To test the policy, use the following command once for each state (network
lead plugged in and unplugged):

netsh firewall show state

Hope this helps

Oli

"jm" <john_20_28_2000@yahoo.com> wrote in message
news:c67e4bdd.0409200504.20d4e833@posting.google.com...
>I used my XP SP2 machine created a new GPO in AD Users and Computers
> for my OU with all the XP machines in it. The new GPO policy, under
> Computer Configuration/Adminstrative Templates/Network/Network
> Connections/Windows Firewall/Domain Profile (and Standard Profile) was
> set for what I needed.
>
> Now that I have created the GPO on XP SP2 for the OU in the domain,
> how can I force that. On my Windows 2000 Domain Controller I did a
> search and can't find gpupdate.exe anywhere. I thought that I could
> do a gpupdate /force from the DC and it would simply update all the
> policies everywhere and catch my GPO for my XP machines in the
> process.
>
> Please comment. Thank you.
>
> "Oli Restorick [MVP]" <oli@mvps.org> wrote in message
> news:<Odn8EHjnEHA.1296@TK2MSFTNGP09.phx.gbl>...
>> You could apply this using a computer startup script in AD without making
>> users admins. However, if you have AD, administering group policy from
>> an
>> XP SP2 machine is the easiest way to configure the new Windows Firewall
>> GPO
>> settings.
>>
>> Oli
>>
>>
>> "Andrew Mitchell" <amitchell@removecasey.vic.gov.au> wrote in message
>> news:Xns9569B1729F89Ecasey01@207.46.248.16...
>> > john_20_28_2000@yahoo.com (jm) said
>> >
>> >> I have started rolling out SP2. Just wondering if there is anyway to
>> >> turn ICMP (ping) back on via a login script in our domain? Thanks for
>> >> any help.
>> >>
>> >
>> > If the users are local admins you can do this using the netsh command.
>> > netsh firewall set icmpsetting type=8 mode=ENABLE
>> >
>> > I would recommend you don't make users local admins, and configure the
>> > changes through a GPO instead.
>> >
>> > --
>> > Andy

Relevant Pages

  • Re: Not refresh Group Policy in 90 minutes
    ... I miss understanding the fact of refreshing policy. ... we supposed that the GPO ... will be reapplied after 90 minutes when the policy get refresh. ... "Meinolf Weber" wrote: ...
    (microsoft.public.windows.group_policy)
  • RE: Blocking an application from running
    ... After you set the policy in the Local GPO, ... to refresh the policy settings. ... Group Policy background processing can take up to 5 minutes to be refreshed ...
    (microsoft.public.win2000.group_policy)
  • Re: Restricted Group Policy not working in timely manner
    ... > the GPO has changed. ... > cycle by modifying this policy: ... >> We have defined "Domain Admins" as a restricted group in the Default ... >> GPO Refresh Frequency has not been modified from default settings. ...
    (microsoft.public.windows.group_policy)
  • Re: Auto Update
    ... not giving the computer enough time to refresh the ... >User object are in the same container as the GPO applies ... >gpresult shows that the policy isn't applied to the ... >> where the GPO is linked. ...
    (microsoft.public.win2000.group_policy)
  • RE: GPO settings are not applied
    ... Microsoft Windows XP Operating System Group Policy Result tool v2.0 ... GPO: Automatic_Updates ... GPO: Default Domain Policy ... Secure Proxy Server: N/A ...
    (microsoft.public.windows.server.active_directory)
Loading