Re: Windows Firewall on Domain Controllers

From: "Jorge de Almeida Pinto [MVP]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
Date: Tue, 1 Aug 2006 12:09:46 +0200

the firewall on a fresh installed w2k3sp1 server is NOT on by default!

it is only on during the post-security updates section. as soon as you
update the server you need to click finish and read the message stating it
will allow inbound connections

don't use the firewall on the DC

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Ron" <rhardin@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:301A5C97-58EC-426D-B43E-4891BB4E10C0@xxxxxxxxxxxxxxxx

Need input on recommended best practices. Here's what I've figured out:

* Server 2003 defaults to Windows Firewall active.
* Domain Controller doesn't work with firewally active unless it is
manually
confgured for all the AD ports and you do some voodoo with RPC ports.
* Making a 2003 Server a Domain Controller doesn't automatically configure
the firewall
* Turning off the firewall only fixes the problem temporarily because some
Windows Updates automatically turn it back on (without telling you).

Assuming the above points are correct on my part, what is the best
practice
for administering the firewall on domain controllers (I have about 30 of
them
scattered all over the country)?

--
Ron Hardin, CHTP
Director of Technology
Davidson Hotel Company

Prev by Date: Re: "Windows 2000 server" vs "Windows 2003 Server" functional leve
Next by Date: Re: Taskpad Delegation
Previous by thread: Re: Windows Firewall on Domain Controllers
Next by thread: What is the difference between zone templates and locked-down zone templates
Index(es):
- Date
- Thread

Relevant Pages

Re: CEICW fails at firewall config
... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
(microsoft.public.windows.server.sbs)
Re: Recycler security issues on IIS server
... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
(microsoft.public.inetserver.iis.security)
Re: Setting up DHCP
... My machine has 2 NICs and is a domain controller. ... All the the "home user" Firewall device are ... But I'm having to specify a DNS server address on the ... and are not effected by by subnet that the Client is in. ...
(microsoft.public.windows.server.networking)
=?ISO-8859-15?Q?Windows_XP_-_Computereinstellungen_werde?= =?ISO-8859-15?Q?n_=FC
... DNS Server, 3 an der Zahl, sind alle richtig eingetragen ... Firewall ist über GPO ausgeschaltet ... SP3) und aktuellsten Updates. ...
(microsoft.public.de.german.windows.server.active_directory)
Re: ISA SERVER NOT STARTING
... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
(microsoft.public.windows.server.sbs)