Re: Troubleshoot remote administration setting in group policy?

---

• From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
• Date: Fri, 31 Aug 2007 00:59:08 -0700

---

"Anders" <Anders@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2A4E9431-102D-4B7A-9B8C-1B875A2F3EE8@xxxxxxxxxxxxxxxx

I must say that this problem really makes me confused as I used the group
policy resultant tool for a user/computer with the result that the
resulting
group policy had indeed Remote Administration exception enabled.

However, when I run the "netsh firewall show state" from the command
prompt
then I get the following:

"Profile = Domain
Exception mode = Enable
Remote admin mode = Disable"

Clearly the Remote admin mode is not enabled in the firewall at all so it
seems like the group policy is not really applied despite the fact that
the
resultant policy claims otherwise.

Now I am really confused or have I misunderstood something crucial here?

Hi Anders

That is bizarre, at least not what was expected.
I do not know if/what you may have misunderstood.
There is a discrepancy each way I try to view this too,
except as you suggest, that that gp extension's processing
is not happening.

Roger

"Roger Abell [MVP]" wrote:

I am with G Johansson on this.
I at times see machines using unexpected firewall policy, and
have since taken to defining the remote admin exception in both
firewall policies. You can use netsh firewall context to find out
which policy is in use.
Either that or AD based group policy is not being successfully
applied to these machines at all.

"Anders" <Anders@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:861EC211-5013-4CAE-A3BD-C83F2A61ACC3@xxxxxxxxxxxxxxxx

As a matter of fact I tried the portqry and this is very peculiar since
I
found in some instances that nor group policy or "netsh" command did
any
help
http://technet2.microsoft.com/windowsserver/en/library/b8057a7a-a0d3-40b5-8224-ea6a4f5e17231033.mspx?mfr=true

Is it possible for users to configure the firewall to dismiss
policy-settings?


"Darren Mar-Elia" wrote:

You can also use the portqry.exe utility (MS download site) to query
the
remote system to make sure you can get through on the ports used by
WMI,
like 135 and 445.

Darren

--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy

Script Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find out more at http://www.sdmsoftware.com/products2.php

Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related

"G Johansson" <fantomen@xxxxxxxxxxxxxxx> wrote in message
news:eL0GEXZ5HHA.4880@xxxxxxxxxxxxxxxxxxxxxxx

In any case you would need to go to the computer but on the first
page
make sure that the firewall settings is using the domain profile and
not
the standard profile (if you have only changed in one of course).
You can always open the firewall and check if your settings has been
applied or not...

Thats my best guesses how to solve it...
--
G Johansson
fantomen@xxxxxxxxxxxxxxx

"Anders" <Anders@xxxxxxxxxxxxxxxxxxxxxxxxx> skrev i meddelandet
news:8BBAE726-A8B9-4E1B-8718-462B9A9F2D84@xxxxxxxxxxxxxxxx

Hello, I have an inventory WMI scanning program and in order to
enable
scanning of clients with enabled firewalls I have set the domain
level
policy
to allow remote administration in the group policy for Windows
firewall.
However, I have noticed that the scanning cannot detect certain
computers
with the firewall enabled so how can I troubleshoot that this
firewall
exception policy has indeed propagated to the client?

.

---

• References:
  • Re: Troubleshoot remote administration setting in group policy?
    • From: G Johansson
  • Re: Troubleshoot remote administration setting in group policy?
    • From: Darren Mar-Elia
  • Re: Troubleshoot remote administration setting in group policy?
    • From: Roger Abell [MVP]
  • Re: Troubleshoot remote administration setting in group policy?
    • From: Anders

• Prev by Date: Re: loop back processing?
• Next by Date: Re: Computer config Software install error
• Previous by thread: Re: Troubleshoot remote administration setting in group policy?
• Next by thread: Re: Word 2007 save as doc
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [fw-wiz] httport 3snf ... > Having worked in the Firewall support role at several companies, ... I had my CIO approve my security policy. ... time educating him about Internet risk. ... There's also a very good "at what point is the firewall now useless" ... (Firewall-Wizards) Re: Group Policy Results Wizard and XP SP2 ... The first and easiest is to simply enable the following policy on the target ... Profile|Windows Firewall: Allow Remote Administration ... level ports>1023, which are also used by RPC. ... (microsoft.public.windows.group_policy) RE: Sandboxing ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ... (Focus-IDS) Re: Group Policy Delegation ... Where the GPO link to. ... Administering Group Policy with the GPMC ... | the Domain controller firewall. ... (microsoft.public.windows.server.sbs) Re: Local Group Policy mistake. ... What about GPExtensions under Winlogon folder? ... Policy problem lets remove the Group Policy Registry hives ... I am assuming that you have remote admin rights over the machine ... (microsoft.public.windows.group_policy)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.group_policy  > 2007-08