Re: Why aint my policy firing?

From: Grant (gpsnett_at_hotmail.com)
Date: 10/28/04

• Next message: Mark Moreaux: "Create ADM file"
• Previous message: Grant: "Re: Group policy console hanging..."
• In reply to: Grant: "Why aint my policy firing?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 28 Oct 2004 10:48:27 +0100

Some further investigation:

Ive just updated Windows firewall GPO with a few other settings like allow
ICMP and file and printer sharing. When I run GPRESULT /V on the local
machine I get a list starting with computer settings. Here is a snippet of
what it contains under "COMPUTER SETTINGS":

-------------------Start Snippet--------------------------------

 Administrative Templates
        ------------------------
            GPO: Enable Firewall ports
                Setting:
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
                State: Enabled

            GPO: Enable Firewall ports
                Setting:
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings
                State: Enabled

            GPO: Enable Firewall ports
                Setting:
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
                State: Enabled

-------------------End Snippet---------------------------------

The problem (I think) is that under "USER SETTINGS" I get this:

-------------------Start Snippet--------------------------------

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Enable Firewall ports
            Filtering: Not Applied (Empty)

        Local Group Policy
            Filtering: Not Applied (Empty)

-------------------End Snippet---------------------------------

I have applied this GPO at the domain level - in GPMC i can see the Enable
Firewall ports GPO listed right below the default domain GPO.

The problem is when I restart my machine and check the firewall, those ports
arent enabled?? It must have something to do with that line " Filtering:
Not Applied (Empty)" but I dont know what that means? Can anyone help me
with this?

Thanks,
Grant

"Grant" <gpsnett@hotmail.com> wrote in message
news:e1gJJbMvEHA.1564@TK2MSFTNGP09.phx.gbl...
> In GPMC under 'Computer configuration-Administrative
> Templates-Network-Network Connections-Windows Firewall-domain Profile', Im
> enabling "define port exceptionss". I need to open a port for Norton Anti
> Virus and am using the following string (Dont know if its the correct
> format):
>
> "2967:UDP:192.168.200.0/224:enabled:SymenatedAntivirusPort"
>
> I set this yesterday befor going home but when I logged in this morning I
> checked my firewall and that port wasn't open.
>
> I havent used this new GPMC much , so could anyone tell me how to get htis
> thing to fire? To create it I created a new GPO under the "Group Policy
> Object" node in GPMC and then edited it to open that port.
>
>
>
> Thanks,
>
> Grant
>
>

---

• Next message: Mark Moreaux: "Create ADM file"
• Previous message: Grant: "Re: Group policy console hanging..."
• In reply to: Grant: "Why aint my policy firing?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Group Policy Firewall Exception Problem ... the domain ends up with two sets of firewall settings. ... I have set up about a dozen or more Windows 2003, R2 servers on our AD ... and those OUs had a common GPO linked to them. ... (microsoft.public.windows.group_policy) Re: Installation of XP SP2 prevents access to SBS 2K3 Exchange? ... re-install my server (among other things I managed to delete "my company ... What I've noticed the first time, was that a lot of settings on the client's ... >> shut down the firewall. ... I think that a new GPO has been created, ... (microsoft.public.windows.server.sbs) Re: XP machine removed from domain still gets domain policy ... My test shows that when a computer is removed from a domain (that had a GPO setting the Firewall settings), the Firewall settings revert back to the default and local administrators can change the settings. ... the only Group Policy being applied is the "Local Group Policy" ... (microsoft.public.windows.group_policy) Re: Windows Firewall Domain vs. Standard profile problem / Group Policy weirdness ... I'm guessing that the exceptions are still there from previously doing what you are trying to do now or that they are in the local GPO. ... Try searching through the registry for the name of one of the executeables you are expecting to trigger the firewall that you have defined as "allowed" on the old policy. ... settings, updating the old one created by a predecessor. ... (microsoft.public.windows.group_policy) Re: Open Ports on 2003 Server (No firewall) ... If you selected to open those ports to the internet and those ... settings were applied you should be able to gain access. ... like that happened if all those servcies failed though the firewall has been ... (microsoft.public.windows.server.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.group_policy  > 2004-10