Re: Firewall policy - Need a little clarification?

The section titled "How Network Determination Works" in
http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx
explains how the Windows XP SP2 firewall determines whether to use the
Domain Profile or the Standard Profile.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



<-> wrote in message news:OA0sWOrRFHA.3628@xxxxxxxxxxxxxxxxxxxxxxx
> Yes, now you're getting at it. My main thing is we have a number of
> different VLAN's that pass the DNS IP's of other domain DC's, though we
> are in the same forest and authentication is no problem.
>
> But, from reading on the link that Judith sent, on page 2, I could just
> disable it in both profiles and not worry about it.
> Of course we do have some people with docking stations that do take them
> home, hmmmm...
>
> Anyway, thanks for your help, everyone.
>
>
> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
> news:%23JllMsqRFHA.3928@xxxxxxxxxxxxxxxxxxxxxxx
>> OK. I see the setting you are talking about. From what I can tell it
>> means that particular setting will be enabled only when the computer
>> detects that it is connected to your Active Directory domain for which
>> the computer has a domain account and can authenticate with a domain
>> controller and that the setting will be "undefined" otherwise allowing a
>> user to enable the firewall. I may be wrong but that is what I read into
>> it. --- Steve
>>
>>
>> <-> wrote in message news:OCq6kOoRFHA.3076@xxxxxxxxxxxxxxxxxxxxxxx
>>>I agree that it may be useful even behind our corporate firewall; only my
>>>intention is to start open and close gradually. Normally the secure
>>>methodology is to do the opposite, but since we are already behind a
>>>corporate firewall, I have selected this approach. The setting itself is
>>>
>>> "Prohibits use of Internet Connection Firewall on your DNS domain
>>> network"
>>>
>>> That was the one I'm planning to implement to turn off the firewall. I
>>> was assuming this was "the one" for this. I have tested it in our lab
>>> and it works perfectly. I'm just confused about the terms "Domain
>>> profile" and "DNS domain network" I know what a domain and what domain
>>> policies are, and I know what user profiles and a user policies are, but
>>> these two terms are new to me, insofar as how they relate to
>>> computers/computer objects.
>>>
>>> Could shed some light on the terminology?
>>>
>>> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
>>> news:O4GvjlhRFHA.3496@xxxxxxxxxxxxxxxxxxxxxxx
>>>> What setting does that text relate to?? Anyhow if you want to disable
>>>> while on the domain network it use the option for protect all network
>>>> connections and disable it for at least the domain profile. Many are
>>>> finding that the XP Windows Firewall is useful even if you are behind a
>>>> firewall to manage traffic between computers, particularly for XP
>>>> --- Steve
>>>>
>>>>
>>>> <-> wrote in message news:%23PitkQgRFHA.2964@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Hello All,
>>>>>
>>>>> I was just wondering if someone can clarify what the XP-firewall
>>>>> policy explanation means when it says:
>>>>>
>>>>> "If a computer is connected to a DNS domain network other than the one
>>>>> it was connected to when the setting was refreshed, this setting does
>>>>> not apply."
>>>>>
>>>>> Does this mean "if it's disjoined from the domain" or "if it connects
>>>>> to a new DHCP server that passses different DNS server IP's"
>>>>>
>>>>> If it does mean "if it's disjoined from the domain" I don't know why
>>>>> they even bother to mention it because the same could be said for any
>>>>> domain-based policy. Leave the domain, no policies apply. What's the
>>>>> difference with this one?
>>>>>
>>>>> Anwyay, basically, I want to disable the firewall in my organization
>>>>> because we have a firewall already. We have multiple DHCP servers
>>>>> which do pass different DNS IP's. Does this mean the policy won't
>>>>> apply if the DNS settings change?
>>>>>
>>>>> What are they trying to say via that phrase "DNS domain network" ?
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


.

Relevant Pages