Re: Re: Questions About Windows Firewall and Domain Policy Enfor
From: lforbes (UseLinkToEmail_at_WindowsForumz.com)
Date: 01/22/05
- Next message: lforbes: "Re: Re: POwer options in group policy"
- Previous message: lforbes: "Re: Grant Application Access with a GPO"
- In reply to: Benjamin Gay [MSFT]: "Re: Questions About Windows Firewall and Domain Policy Enforcement"
- Messages sorted by: [ date ] [ thread ]
Date: 22 Jan 2005 01:30:50 -0500
"bengay" wrote:
> Hi Leo,
> Can you please provide me with more detail with what you mean
> by connecting
> to the domain? Are you saying that the machines are always
> joined to your
> domain (i.e. the computer belongs to your domain) but happen
> to connect to
> other networks? Also can you provide me with a bit more
> information on how
> they connect to your domain (i.e. are they wired, wireless,
> VPN etc)?
>
> As I'm sure you are aware there are several ways that your
> users can
> configure the firewall, namely group policy, net shell
> scripts, manual
> configuration and through an application using the relevant
> firewall
> configuration API's.
>
> Let me see if I can answer your questions now:
>
> 1. You should enable the firewall on all your machines. Create
> exemptions
> based on your applications requirements. For example file and
> print etc.
>
> 2. You can do this through group policy or a login script.
> Group policy
> would probably be the better way to go. You can force policy
> by performing a
> gpupdate /force
>
> 3. I'm not quite sure what you are saying here. Can you please
> explain in
> more detail.
>
> 4. What do you mean by disable the firewall locally? Are you
> stopping the
> sharedaccess service or setting the operation mode of the
> firewall? Please
> provide me with some more information on how this machine is
> configured.
>
> Q1. Group policy overrides local policy. Please explain what
> you mean by
> activating locally.
>
> Q2. This should be happening. If you can give me some more
> information on
> this I can help diagnose what is happening.
>
> Regards
>
> --
>
> Benjamin Gay
> Microsoft Corporation
> --------------------------------------------------------------
> --------------
> This posting is provided "AS IS", with NO warranties and
> confers NO rights
> --------------------------------------------------------------
> --------------
>
> "Leo Alls" <Leo_Alls@ncauditor.net> wrote in message
> news:OG77cpj$EHA.2032@tk2msftngp13.phx.gbl...
> >I have a Windows 2000 domain that has 200 workstations most
> of which are
> >still only running XP w/SP1. We haven't been able to move
> everyone to SP2
> >because of the problems that have arisen.
> >
> > Problem 1: 90% of the workstations need to have the
> firewalls activated
> > because of the way they travel around and the networks that
> they are
> > subject to attach to.
> >
> > Problem 2: The workstations need to be able to be managed on
> all the
> > workstations when they are connected to the domain.
> >
> > Problem 3: If we enable the firewall locally on the
> workstations then the
> > domain policies do not over ride the local setting.
> >
> > Problem 4: If we disable the firewall settings locally then
> the domain
> > policy Domain Profile settings takes over and functions
> properly as long
> > as there is no Standard Profile configured. If you created a
> Standard
> > Profile in the policy then it applies that setting over the
> Domain
> > Profile. This problem doesn't matter whether you are on the
> domain network
> > or not.
> >
> > Question 1: Is there a way to enforce the domain policy
> firewall settings
> > even if the firewall was activated locally?
> >
> > Question 2: Is there a way to enforce the Domain Profile to
> work over the
> > Standard Profile when connected to the domain and the
> Standard to be the
> > default when not connected to the domain?
> >
> > TIA,
> > Leo
> >
Hi,
There are new .adm files with Windows XP SP2. Copy them from the
windows\inf folder on your xp SP2 machine to the windows\inf folders
on your servers. Now when you run group policy under the Computer
Configuration Admin - Networks you will see a Windows Firewall group
policy. You can set a lot of settings here. I don’t use the firewall
but someone posted here recently about how to set it up. Look back at
the previous posts. It wasn’t that long ago.
Cheers,
Lara
-- Posted using the http://www.windowsforumz.com interface, at author's request Articles individually checked for conformance to usenet standards Topic URL: http://www.windowsforumz.com/Group-Policy-Windows-Firewall-Domain-Enforcement-ftopict253011.html Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=783190
- Next message: lforbes: "Re: Re: POwer options in group policy"
- Previous message: lforbes: "Re: Grant Application Access with a GPO"
- In reply to: Benjamin Gay [MSFT]: "Re: Questions About Windows Firewall and Domain Policy Enforcement"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
