Re: Help with using GPO to configure XP Firewall
From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 11/02/04
- Next message: Mark Renoden [MSFT]: "Re: Help with using GPO to configure XP Firewall"
- Previous message: Mark Renoden [MSFT]: "Re: Help with using GPO to configure XP Firewall"
- In reply to: Michael B: "Re: Help with using GPO to configure XP Firewall"
- Next in thread: Mark Renoden [MSFT]: "Re: Help with using GPO to configure XP Firewall"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 3 Nov 2004 08:28:53 +1100
Hi Michael
I guess my first question is what objects are in the OU to which the policy
is linked? You seem to be saying that you created a group which contains
the computer accounts for the XP SP2 client and the 2000 client. If it's
the case that you've only put the group in the OU instead of the computer
objects, this explains it. Policy will only apply to the actual computer
(or user) objects that exist in an OU.
Secondly, the Windows Firewall comes with some default exceptions. You can
view these in the Exceptions tab of the Windows Firewall applet in Control
Panel. This might explain why your tests for connectivity have been
successful.
Lastly, running a gpresult /z (Win XP) or a gpresult /v (Win 2000) will show
you which policies have applied to the computer and currently logged in
user. If you pipe this to a text file, it makes for easier reading.
HTH
-- Mark Renoden [MSFT] Windows Platform Support Team Email: markreno@online.microsoft.com Please note you'll need to strip ".online" from my email address to email me; I'll post a response back to the group. This posting is provided "AS IS" with no warranties, and confers no rights. "Michael B" <MichaelB@discussions.microsoft.com> wrote in message news:F7AEA9F6-1B11-4D28-B0C5-320BE090983E@microsoft.com... > That did help somewhat, thanks. I did have to apply the hotfix in your > second > link but that is ok. I still cannot get the GPO to work though. > I have read almost every white paper I can find and it doesn't seem like I > am doing anything wrong, I think I am missing something small. I have > installed Server 2003 Administration Pack on my Windows XP SP2 PC. I am a > domain adminstrator in AD and have set up a test group with a XP SP2 and a > 2000 machine. > I have enabled "Protect all network connections" and "Do not allow > exceptions" with the Admin Pack and have confirmed that this has > replicated > to the DC's. On the test XP machine I have turned off the firewall because > I > want AD to control it. I have rebooted the client several times. I am > running > a constant PING to the PC and it is PINGing, nothing is being blocked, I > even > RDC into it. > It almost seems like even though the policies are showing up on the DC > they > don't know what to do or how to enforce it. Does anyone know what I need > to > do to make this GPO work properly? > Thanks and I am truely thankful for those of you who share your knowledge > with those who are less knowledgable. As my expierence increases I do hope > to > give back to the community. > > "Mark Renoden [MSFT]" wrote: > >> Hi Michael >> >> The update that your refer to may simply be the XP SP2 .adm package >> available from: >> >> >> http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&displaylang=en >> >> Also be aware of: >> >> http://support.microsoft.com/default.aspx?kbid=842933 >> >> Kind regards >> -- >> Mark Renoden [MSFT] >> Windows Platform Support Team >> Email: markreno@online.microsoft.com >> >> Please note you'll need to strip ".online" from my email address to email >> me; I'll post a response back to the group. >> >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> "Michael B" <MichaelB@discussions.microsoft.com> wrote in message >> news:0EA093FF-53F7-4D6C-8815-8E10E032B350@microsoft.com... >> >I have just installed SUS and am looking to deploy XP SP2. Our network >> >is >> > mixed with XP and 2000 clients with the servers being 2000. I want to >> > be >> > able >> > to use GPO to control the firewall. From my understanding, once I do >> > this >> > from a XP SP2 client then I have to use XP everytime I need to >> > configure >> > my >> > GPO but this isn't really an option in my case because the other admins >> > use >> > Windows 2000 and they need to have access to the GPO as well. >> > The MS whitepaper on using GPO to configure the firewall says: >> > "Once you update your Group Policy objects, you can only modify them >> > from >> > a >> > computer running Windows XP with SP2. An update is available through >> > Microsoft Product Support Services (PSS) to allow you to modify Group >> > Policy >> > settings from computers running Windows 2000" >> > >> > Where can I find this update? I have looked for a couple hours now and >> > I >> > can't find it. Or is there a better way to do this? I really need to >> > use >> > the >> > GPO and be able to configure it with a 2000 Server. >> > Any help is greatly appreciated, I am hoping to get this into a test >> > environment by Monday morning. >> > Thanks >> > >> > PS, I hope this makes sense, it is 5:30 am and I am at the end of a 13 >> > hour >> > graveyard shift, if I said something stupid I am sorry- I will clarify >> > any >> > confusion when I check back later. Thanks >> >> >>
- Next message: Mark Renoden [MSFT]: "Re: Help with using GPO to configure XP Firewall"
- Previous message: Mark Renoden [MSFT]: "Re: Help with using GPO to configure XP Firewall"
- In reply to: Michael B: "Re: Help with using GPO to configure XP Firewall"
- Next in thread: Mark Renoden [MSFT]: "Re: Help with using GPO to configure XP Firewall"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
