Re: Null NetworkName registry value and XP SP2
From: Bruce Sanderson (bsanders_at_junk.junk)
Date: 12/18/04
- Next message: Bruce Sanderson: "Re: Custom ADM and group polcies."
- Previous message: Steven L Umbach: "Re: IPSEC Policy question"
- In reply to: Tom: "Null NetworkName registry value and XP SP2"
- Next in thread: Tom: "RE: Null NetworkName registry value and XP SP2"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 18 Dec 2004 14:55:05 -0800
We have this problem also, and I have not been able to get a definitive
solution, but here's a few things that seemed to help:
1. while network connected, restart the XP workstation at least three times
after the GPO is assigned (e.g. after the computer is joined to the domain)
2. with XP running and a user logged in, unplug the network cable; wait
until you get the notification that the network cable is unplugged, then
plug in the network cable again.
The command:
netsh firewall show state
will report whether the Domain or Standard firewall profile is in use.
For us, this was an intermittent problem, but 2 above usually corrected it,
at least for a while.
It is definitly not a problem with the GPO per se, but something about how
XP SP2 determines which firewall profile to use at any given point in time.
I suspected, but have not been able to prove, that this issue is caused by
having the connection specific DNS suffix different from the Windows Domain
name. Is the connection specific DNS suffix on the problematic computers
(as reported by ipconfig /all) the same as the Windows Domain name or
different?
Unfortunately, my management specifically directed me to disable the XP SP2
firewall on all of our XP SP2 computers (about 100) because of this and an
issue with a very old (soon to be retired) application that they were not
willing to put any effort into, so I can't really pursue this problem at
this time.
-- Bruce Sanderson MVP It is perfectly useless to know the right answer to the wrong question. "Tom" <tbloom@gmail.com> wrote in message news:1103141122.718649.319440@z14g2000cwz.googlegroups.com... >I have several test Windows XP SP2 computers in a Windows 2000 domain. > I'm not able to correctly apply my Windows Firewall group policy object > to these computers. Even when logged onto my domain, the Standard > Policy settings are configured, not the Domain Policy settings. Running > GPResult in verbose mode shows that the Firewall GPO is being applied, > but the Windows Firewall control panel says that it's using my > non-domain settings. All other GPOs appear to apply just fine. > > In researching this problem, I came across two interesting articles. > Both point to the > > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group > Policy\History\NetworkName > > registry value as being the culprit. On my test computers, this value > is null. According to the Cable Guy > (http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx), > this would cause the computer to "believe" it wasn't in the domain and > to not apply the domain policy. But why is this value null? MSKB 839551 > discusses this but only applies to XP SP1; my version of userenv.dll is > higher than the patched version listed there. Just in case, though, I > went ahead and explicitly set the Group Policy Slow Link Detection > value to the default (500 kb/sec). > > I manually typed a value in this registry key, but it reverted to null > after the next restart. > > I can find no information on why this value would be null, especially > in a domain where other GPOs are working. The DNS domain name (from > IPCONFIG) is set correctly (through DHCP). Any ideas would be greatly > appreciated! Thanks. >
- Next message: Bruce Sanderson: "Re: Custom ADM and group polcies."
- Previous message: Steven L Umbach: "Re: IPSEC Policy question"
- In reply to: Tom: "Null NetworkName registry value and XP SP2"
- Next in thread: Tom: "RE: Null NetworkName registry value and XP SP2"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
