Re: Active Directory and Firewall
From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 09/27/04
- Next message: Ace Fekay [MVP]: "Re: Forest Trusts are backwards?"
- Previous message: Ace Fekay [MVP]: "Re: help this newbie connect"
- In reply to: Viviene: "Active Directory and Firewall"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 26 Sep 2004 22:46:08 -0400
In news:15150C56-F775-4BCF-9E28-954541871E7F@microsoft.com,
Viviene <Viviene@discussions.microsoft.com> made a post then I commented
below
> How can I configure my firewall(Outpost) so I can install server
> roles(Active Directory) without stoping the firewall.
>
> After i'm installing Windows Server 2003 I activate the firewall and
> connect to the Internet and network. if i'm trying to install server
> roles(Active Dir) after some interaction with the firewall(which i
> permited), the PC is restarted. After restart Windows won't start...
> I red an article from TechNEt(Active Directory Replication over
> Firewalls) but there is specified only after Active Directory is
> instaled. How can I use it if my computer won't start !
I'm not familiar with Outpost, but after reading up on it at:
http://www.outpostfirewall.com/guide/
It tells me its a personal firewall that installs on each and every machine.
Not the best thing to have on a DC. Apparently you've locked something out
to make your machine unbootable. Can you go into Safemode and undo your
rules or remove/uninstall the firewall? Does this tool also stop certain
apps and services if it thinks its spyware or such? Maybe it stopped a
required service preventing bootup.
Keep in mind, as far as personal firewalls and AD goes, it is difficult to
manage and can cause problems (as you've seen). The better bet is to not use
a personal firewall on your AD machines (clients and DCs) and incorporate an
entry level firewall to protect your subnet. I've seen many problems
associated with personal firewalls, especially including Zone Alarm,
BlackIce, and a few others. If you are adamant about using these sort of
firewalls, read up on them completely prior to installation and understand
how to open them wide open for internal communication between your DC and
clients. If it's ICF, that applies as well. You'll need to open the rules up
for communication.
btw- there are over 30 ports that are required for AD communication.
-- Regards, Ace Please direct all replies ONLY to the Microsoft public newsgroups so all can benefit. This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft Windows MVP - Windows Server - Directory Services Security Is Like An Onion, It Has Layers HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a pig. -- =================================
- Next message: Ace Fekay [MVP]: "Re: Forest Trusts are backwards?"
- Previous message: Ace Fekay [MVP]: "Re: help this newbie connect"
- In reply to: Viviene: "Active Directory and Firewall"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
