Re: Windows Firewall settings. The same policy for XP SP2 and Win 2003!?!?!
- From: "Dave" <dswanson_nospam@xxxxxxxxx>
- Date: Mon, 27 Jun 2005 16:52:16 -0400
We do this in 2 steps. First, we have a WMI filter that is only for Windows
XP SP2. The second is we have a computer group to receive this GPO. So if
a computer is in the group and is XPSP2, it gets the GPO.
"David Hahn" <david.hahn@xxxxxxxxxx> wrote in message
news:O$Y74YDeFHA.2584@xxxxxxxxxxxxxxxxxxxxxxx
> That would work, however we have many, many, many sub OU's that this
policy
> would need to be applied to. Sure it's possible, but managing the links
gets
> a little nuts. We have three main OU's that these "many" OU's are under.
> Basically it is goes like this:
>
> Domain root
> --Operational Unit 1 (let's say "Sales")
> ----City1
> ----City2
> ----City3
> ------Whatever OU's the local admins want.Could be:
> ------ Computers
> ------ Servers
> ------ Printers
> --Operational Unit 2
> ----City4
> ----City5
> ------Whatever OU's the local admins want Could be:
> ------Computers
> --------Laptops
> --------Desktops
> ------Servers
> etc...
>
> We can't link them in the City level because that would certainly
encompass
> local office servers. The local administrators in the City's have much
> control over what their structure looks like under their City. They could
> easily move a machine outside of the scope of the policy, because the
policy
> can't be linked at the City level.
>
> David.
>
>
> "Brandon Baker" <brandonb@xxxxxxxxxxxxxxxx> wrote in message
> news:efEihEDeFHA.228@xxxxxxxxxxxxxxxxxxxxxxx
> >I would do neither. I created a seperate group policy just for Windows
> >firewall and applied it to the OUs with computers in it.
> >
> >
> > "MS News" <david.hahn@xxxxxxxxxx> wrote in message
> > news:O4n5MpAeFHA.3012@xxxxxxxxxxxxxxxxxxxxxxx
> >> Hi,
> >>
> >> I have recently discovered that the policy I have that defines Windows
> >> Firewall behavior in Windows XP SP2 also configures the firewall for
> >> Windows 2003 Server SP1!
> >>
> >> We have said policy applied at a high level in our AD structure so that
> >> all our desktops are configured appropriately. But now that this policy
> >> is going to configure the firewall in servers, we need to rethink our
> >> entire structure and implementation. Either do not enforce the policy
and
> >> let the owners of sub-ou's chose to Block Inheritence (which might
> >> dynamite their local GPO implementations), or use a WMI Filter to
filter
> >> out the 2003 machines.
> >>
> >> Anyone else run into this? I don't see how MS can make these policies
the
> >> same. I mean, c'mon, a desktop's role is lightyears away from a servers
> >> role with respect to firewall configurations. Do they not expect people
> >> to apply a group policy to configure windows firewall at a high level?
> >> Why do this?
> >>
> >> David
> >>
> >
> >
>
>
.
- References:
- Prev by Date: Re: Folder Redirection GP?
- Next by Date: Re: logon/logoff scripts and runas
- Previous by thread: Re: Windows Firewall settings. The same policy for XP SP2 and Win 2003!?!?!
- Next by thread: Templates not showing correctly
- Index(es):
Relevant Pages
|
