Re: XP SP2 GPO's missing???

From: Bruce Sanderson (Bruce.Sanderson_at_junk.junk)
Date: 12/03/04 

Date: Thu, 2 Dec 2004 17:24:12 -0800

See http://support.microsoft.com/kb/873449. In particular, see the "Warning"
in the "Issues" section under "The Additive keyword section". This section
is relevant to the "Windows Firewall: Define Program exceptions (Computer
Policy)" and "Windows Firewall: Define Port Exceptions (Computer Policy)"
and says:

"The settings that use LISTBOX ADDITIVE are not visible when you modify a
GPO in Windows 2000. This behavior occurs because all instances of the
LISTBOX ADDITIVE setting have been enclosed by an IF VERSION >= 5 / END IF
conditional element. This behavior is intentional.

Architectural changes made it impractical to correct the LISTBOX ADDITIVE
setting behavior in Windows 2000. Therefore, we decided to prevent those
settings from being modified on a Windows 2000-based client computer.

Warning Do not try to modify the IF VERSION / END IF conditional statements
to make these settings editable. You will be able to view and modify the
settings, but the expected behavior of the resulting policy will depend on
the operating system version of the last client to modify the policy.
Because the operating system version is impossible to control or monitor,
the policy results would be unpredictable." 

-- 
Bruce Sanderson MVP
It's perfectly useless to know the right answer to the wrong question.
"William Stokes" <will@operamail.com> wrote in message 
news:ONnbtGE2EHA.3576@TK2MSFTNGP12.phx.gbl...
> Hello,
> I updated my admin workstation with XP SP2. The service pack automatically 
> updated our domain group policy template with SP2 firewall options. I had 
> to install a patc from Microsoft to get the group policy editor to work in 
> W2K server. Now when I look the XP SP2 firewall settings in our servers 
> group policy editor there are 2 config settings missing.
> -Windows Firewall: Define program exeptions
> -Windows Firewall: Define port exeptions
>
> When I open the Policy from my XP workstation I can see all the settings. 
> All 14 of them.
>
> Why why why? And how to correct this?
>
> Thanks
> -Will
>
>

Relevant Pages

  • Re: scripted logon
    ... Why can't you launch all the scripts from a Group Policy based Logon script. ... Here's the policy settings (I sure hope word wrap doesn't mess it up too ... Windows Components/Windows Installer ...
    (microsoft.public.windows.terminal_services)
  • Re: GPO vs. LGPO settings in Security Options
    ... the names of the settings have evolved with the operating system. ... Windows Platform Support Team ... > 'Security Options', these settings are do not come from an ADM-template ... > By starting Local Security Policy on an XP workstation, ...
    (microsoft.public.win2000.group_policy)
  • Group Policy Case Solved
    ... I began with the "Security Options" under the Computer ... I modified the group policy from my Windows XP Pro workstation using ... many more settings than Windows 2000 does; ...
    (microsoft.public.win2000.security)
  • Re: how can I stop user deleting important files
    ... Just tried this at home on an XP Pro PC (no Windows Server in the mix) ... In Server Manager, Advanced Management, Group Policy Management, Your ... Forest, Your Domain, Your Domain.local, Default Domain Policy (right click ... and select Edit), Computer Settings, Windows Settings, Security Settings, ...
    (microsoft.public.windows.server.sbs)
  • Re: XP SP2 GPOs missing???
    ... Windows Platform Support Team ... > This section is relevant to the "Windows Firewall: ... > exceptions (Computer Policy)" and "Windows Firewall: ... > settings from being modified on a Windows 2000-based client computer. ...
    (microsoft.public.windows.group_policy)