Re: Troubleshoot remote administration setting in group policy?
- From: Anders <Anders@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 29 Aug 2007 02:10:21 -0700
I must say that this problem really makes me confused as I used the group
policy resultant tool for a user/computer with the result that the resulting
group policy had indeed Remote Administration exception enabled.
However, when I run the "netsh firewall show state" from the command prompt
then I get the following:
"Profile = Domain
Exception mode = Enable
Remote admin mode = Disable"
Clearly the Remote admin mode is not enabled in the firewall at all so it
seems like the group policy is not really applied despite the fact that the
resultant policy claims otherwise.
Now I am really confused or have I misunderstood something crucial here?
"Roger Abell [MVP]" wrote:
I am with G Johansson on this..
I at times see machines using unexpected firewall policy, and
have since taken to defining the remote admin exception in both
firewall policies. You can use netsh firewall context to find out
which policy is in use.
Either that or AD based group policy is not being successfully
applied to these machines at all.
"Anders" <Anders@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:861EC211-5013-4CAE-A3BD-C83F2A61ACC3@xxxxxxxxxxxxxxxx
As a matter of fact I tried the portqry and this is very peculiar since I
found in some instances that nor group policy or "netsh" command did any
help
http://technet2.microsoft.com/windowsserver/en/library/b8057a7a-a0d3-40b5-8224-ea6a4f5e17231033.mspx?mfr=true
Is it possible for users to configure the firewall to dismiss
policy-settings?
"Darren Mar-Elia" wrote:
You can also use the portqry.exe utility (MS download site) to query the
remote system to make sure you can get through on the ports used by WMI,
like 135 and 445.
Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Script Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find out more at http://www.sdmsoftware.com/products2.php
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
"G Johansson" <fantomen@xxxxxxxxxxxxxxx> wrote in message
news:eL0GEXZ5HHA.4880@xxxxxxxxxxxxxxxxxxxxxxx
In any case you would need to go to the computer but on the first page
make sure that the firewall settings is using the domain profile and
not
the standard profile (if you have only changed in one of course).
You can always open the firewall and check if your settings has been
applied or not...
Thats my best guesses how to solve it...
--
G Johansson
fantomen@xxxxxxxxxxxxxxx
"Anders" <Anders@xxxxxxxxxxxxxxxxxxxxxxxxx> skrev i meddelandet
news:8BBAE726-A8B9-4E1B-8718-462B9A9F2D84@xxxxxxxxxxxxxxxx
Hello, I have an inventory WMI scanning program and in order to enable
scanning of clients with enabled firewalls I have set the domain level
policy
to allow remote administration in the group policy for Windows
firewall.
However, I have noticed that the scanning cannot detect certain
computers
with the firewall enabled so how can I troubleshoot that this firewall
exception policy has indeed propagated to the client?
- Follow-Ups:
- Re: Troubleshoot remote administration setting in group policy?
- From: Roger Abell [MVP]
- Re: Troubleshoot remote administration setting in group policy?
- References:
- Re: Troubleshoot remote administration setting in group policy?
- From: G Johansson
- Re: Troubleshoot remote administration setting in group policy?
- From: Darren Mar-Elia
- Re: Troubleshoot remote administration setting in group policy?
- From: Roger Abell [MVP]
- Re: Troubleshoot remote administration setting in group policy?
- Prev by Date: GPO not applied
- Next by Date: Re: GPO not applied
- Previous by thread: Re: Troubleshoot remote administration setting in group policy?
- Next by thread: Re: Troubleshoot remote administration setting in group policy?
- Index(es):
Relevant Pages
|
Loading
