Re: WXP SP2 Woes
From: Steve Kemp (SPAM_kempsl1154_SPAM_at_hotmail.com)
Date: 08/19/04
- Next message: RTF: "Cannot Access Company Web"
- Previous message: John Bay: "RE: Outbound SMTP config for exchange"
- In reply to: Stuart Mackie [MCP, MSP]: "Re: WXP SP2 Woes"
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: WXP SP2 Woes"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: WXP SP2 Woes"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 19 Aug 2004 19:10:22 -0400
OK, it seems that I am not being clear enough.... :-)
I can find the appropriate GP key to define the firewall settings, most of
the setting are there (allow exceptions etc), however the specific ones you
you mention below "Windows Firewall: Define Program Exceptions" and "Windows
Firewall: Define Port Exceptions" are missing!
So my original question remains, is this due to the GPEDIT.MSC bug (strings
too long, therefore I must have the "not ready for release" hotfix to
resolve it), or is it another issue? I can deal with the strings being too
long (as it is only an annoyance) and would rather wait for this hotfix to
become official and tested before installing it. However if applying it is
the only way to repair my missing GP settings, then I will call to recieve
this hotfix before it's official release.
This was my original question, I always knew how to add the program and port
exceptions through GP (or at least I read how), the mechanism in the GP tool
is what has been missing. How do I repair this? Is the problem repaired by
the numerously mentioned, but not ready for official release, hotfix?
Maybe you are both trying to tell me that the hotfix will repair my missing
settings, but that isn't very clear :-)
Cheers,
Steve K.
"Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com>
wrote in message news:uBzeKzjhEHA.3992@TK2MSFTNGP11.phx.gbl...
> Hi Steve. As Susan has mentioned call MS Support and ask them for the
> Hotfix to resolve your error regarding the strings section being too long.
> The patch is available for free but not publicly, only if you call.
>
> In terms of the Symantec AV Exceptions as you know you will have to add
> the exceptions. This is possible by GP, and you should be able to see the
> GP settings to do this. They are located in
>
> Computer Configuration
> Administrator Templates
> Network
> Network Connections
> Windows Firewall
> Domain Profile
>
>
> Just in case you haven't worked through the Symantec Documents yet, the
> entries you will need to allow remote client deployment, remote
> configuration of clients using Symantec System Centre, and the ability for
> updates to be pushed to the clients are listed below (I run Symantec Corp
> Edtn 9.0):
>
>
> Windows Firewall: Define Program Exceptions -
>
> %Program Files%\Symantec AntiVirus\Rtvscan.exe:[serverIP]:enabled:Symantec
> Client Security Rtvscan
>
> %Program
> Files%\Symantec\LiveUpdate\LuComServer.exe:[serverIP]:enabled:Symantec
> Client Security LuComServer
>
>
> Windows Firewall: Define Port Exceptions
>
> 2967:UDP:[serverIP]:enabled:Symatec System Centre Control
> (The symantec documets have an error and actually state TCP which is
> wrong.)
>
>
> The only thing which I find irritating with the new GP options is that it
> isn't possible to edit any of the above once you create them. If you make
> a typo it has to be deleted and recreated. I'm not sure whether the
> Strings Section too long patch is related to this, forgot to call and get
> it this morning :)
>
> --
> Hth,
> Stuart Mackie [MCP, MSP]
> www.stu.uk.com
>
>
>
> "Steve Kemp" <SPAM_kempsl1154_SPAM@hotmail.com> wrote in message
> news:eu2ny1ihEHA.2620@TK2MSFTNGP10.phx.gbl...
>> See below
>>
>> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
>> wrote in message news:uQ2MzbihEHA.4092@TK2MSFTNGP10.phx.gbl...
>>> 1. Get the hotfix and that will do the trick
>>>
>>> 842933 - "The following entry in the [strings] section is too long and
>>> has been truncated" error message when you try to modify or to view GPOs
>>> in Windows Server 2003, Windows XP Professional, or Windows 2000:
>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;842933
>>>
>>> It will be out on the download site pretty soon and yes, it's been
>>> tested.
>>
>> I can wait for the final hot fix if this is not related to my #2 issue...
>>
>>> 2. This is expected firewall behavior. If you have a console based A/V
>>> that has to have listen ports you will need to do this. They can't
>>> write a comprehensive all covering all knowing white paper.. this is why
>>> we're here.
>>>
>>> You have to either add the strings. They aren't going to do this for
>>> you. It's not going to be build into the group policy as Symantec uses
>>> one set, trend uses another listening port, Etrust another and so on.
>>> They'd have so many blasted holes poked it would be swiss cheese.
>>>
>>> Don't wait until this is "resolved", you have to resolve it.
>>
>> Add the strings? The GP tool does not have an entries for "Windows
>> Firewall: Define program exceptions" or Windows Firewall: Define port
>> exceptions". I could define these for the AV client if these were
>> present, but they are missing for some reason. OR do you mean there is
>> some way to add these missing settings (they are fully described in the
>> white paper and they also exist on the WinXPSP2 local GP tool... but
>> missing on my server)?
>>
>> I'd love to resolve it, and I have the documentation to resolve it, but
>> it would seem that I have a malfunctioning GPEDIT.MSC or system.adm
>> template file on my SBS2003.
>>
>>
>>>
>>>
>>> Steve Kemp wrote:
>>>
>>>> I am testing WXP SP2 on my SBS2003 network... I have also installed the
>>>> SBS2K3 hotfix for WinXPSP2 clients (KB 872769), this hotfix essentially
>>>> adds GP settings for the WXP client firewall. I have also read the
>>>> Deployment whitepaper for XP SP2 (KB 872769).
>>>>
>>>> Problems:
>>>>
>>>> 1. The GPEDIT.MSC complains about numerous strings being too long (a
>>>> result of the SBS hotfix).
>>>> 2. The Windows Firewall GP settings is missing a number of entries
>>>> described in the above whitepaper. Specifically I want to enable
>>>> Symantec AntiVirus Corporate Edition clients (through GP settings) to
>>>> communicate properly with my Symantec Antivirus server, which pushes
>>>> settings, virus definition updates etc. to the clients - Done through
>>>> the "Windows Firewall: Define program exceptions" setting.
>>>>
>>>> The MS knowledge base acknowledges the 1st problem (did they test the
>>>> hotfix? KB 842933), but not the second. Does anyone know if the two are
>>>> related? Has anyone else experience #2? Or is MS have their
>>>> documentation writers ahead of their developers? Is their a place I can
>>>> download a "system.adm" file that has the missing settting? I don't
>>>> relish the idea of having to run around manually setting firewall
>>>> settings, then also trying to remember to do the same everytime we add
>>>> a new system to the network. I will not roll out SP2 until issue #2 is
>>>> resolved.
>>>>
>>>> Cheers,
>>>>
>>>> Steve K.
>>>
>>> --
>>> http://www.sbslinks.com/really.htm
>>>
>>
>>
>
>
- Next message: RTF: "Cannot Access Company Web"
- Previous message: John Bay: "RE: Outbound SMTP config for exchange"
- In reply to: Stuart Mackie [MCP, MSP]: "Re: WXP SP2 Woes"
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: WXP SP2 Woes"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: WXP SP2 Woes"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
