Re: Group Policy Firewall Exception Problem
- From: Charlie <baboon@xxxxxxxxxxxxxx>
- Date: Thu, 26 Apr 2007 18:24:03 -0700
Thanks.
I can understand consideration of the domain/standard feature possibly
causing the problem. If the standard one was set differently, then the
machines suddenly "thought" they were off the domain due to a DNS problem,
then maybe that could happen.
Interestingly, there is no place in the Firewall GUI to make that
distinction. It can only be done in the .inf file or through a GPO as far as
I know. Because I set the exceptions using the GUI, I have to think they
would be the same for both domain and standard. For that reason, such an
anomoly should have no affect.
"harrykrishna.nospam@xxxxxxxxx" wrote:
Thie is a very long shot but is there the possibility that the.
firewall was suddenly using its non-domain settings as opposed to the
domain ones? I don't know about server 2003 but an XP box joined to
the domain ends up with two sets of firewall settings.
If you had logging turned on you might want to peek at the domain and
non-domain logs and see if droipped packets are in there where you
weren't expecting them to be dropped.
Like I said, a very long shot....
HTH
Charlie <baboon@xxxxxxxxxxxxxx> wrote:
Hopefully this is the best NG for this issue:
I have set up about a dozen or more Windows 2003, R2 servers on our AD
domain of about 8000 computers. On each of these I have set up the Windows
Firewall with exceptions for things such as File Sharing and Remote Desktop,
limiting the scope to the Class B network represents our corporate network.
A few days ago, users suddenly and temporarily lost access to file sharing
on some of these servers. At that time the Firewalls on the servers showed
the File and Print exception as being applied through Group Policy. Later,
when the problem was gone, it showed up as not applied through Group Policy.
(Unfortunately I wasn't around, as I would have had the server admins run
RSOP and check the scope of the exception immediately.)
It was clear that the problem only affected those servers that were in a
couple of OUs, and those OUs had a common GPO linked to them. That GPO
includes nothing but a setting that limits Remote Administration to allow it
only from a small number of machines. I have to suspect that as the culprit,
since it includes port 445.
Looking at the GPMC and at the Sysvol folder itself, none of the GPOs that
apply to either of the OUs was modified within days of the occurence. Until
I realized that, I figured someone had applied a bad setting, but apparently
not, assuming the Modified attribute is reliable for that purpose. Also,
it's possible someone could have created a new GPO, applied it to these same
2 OUs, then deleted it, but it's unlikely. If you could see the structure of
the domain tree, you would see why it would be unlikely.
My fix to keep this from happening again will be to apply a GPO to the child
OUs that the servers are in, which will include a File Sharing exception with
a scope of the corporate network, (as well as exceptions for the other
services that are needed). Because I don't work at the domain admin level, I
will have to deal with politics in order to get this done, however.
Does anyone have another theory as to what would have caused this?
Has anyone seen anything similar to this?
If I am correct about the reason it happened, it's kind of scary since it
would involve a bug that acts as a denial of service.
Thanks for any answers or suggestions.
Ha®®y
HarryKrishna.nospam@xxxxxxxxx
- References:
- Re: Group Policy Firewall Exception Problem
- From: harrykrishna . nospam
- Re: Group Policy Firewall Exception Problem
- Prev by Date: Re: localgroup administrators
- Next by Date: Re: localgroup administrators
- Previous by thread: Re: Group Policy Firewall Exception Problem
- Next by thread: Re: Admin Template to force users of on a particular computer.
- Index(es):
Relevant Pages
|
