Re: firewall

thank you

I was able to disable server control over my workstations firewall.

when my network is larger I'll consider using that policy

thanks

jon
"Steve Foster [SBS MVP]" <steve.foster@xxxxxxxxxxxxx> wrote in message
news:xn0eiscyj000007y@xxxxxxxxxxxxxxxxxxxxxxx
news.microsoft.com wrote:

when I upgraded to sp1 of sbs the firewall setting on my xp pro
workstations became controlled by server. but the server firewall is not
installed because I don't have two nic cards. how do I give the control
back to the workstations.

The presence or not of a firewall on the SBS is irrelevant to managing the
clients' Windows Firewall.

Configuration of the desktop Windows Firewall is managed via Group Policy.
Look under Administrative Tools > Group Policy Management, or under
Advanced Management > Group Policy Management in the SBS Server Management
console, and drill down to the "SBS Windows Firewall" policy. Edit this to
manipulate the Windows Firewall for all client machines.

I'd strongly recommend leaving it on - it's a secondary line of defence
against an infected workstation spewing crap all over your network.

Adding exceptions for specific applications ("Program Exceptions") via the
GPO "SBS Windows Firewall" is pretty easy. Here are some example entries
(watch out for line wrap):

Sophos AV:

%ProgramFiles%\Sophos\Remote Management
System\RouterNT.EXE:LocalSubnet:Enabled:Sophos Remote Management

Grisoft AVG:

%Windir%\AVGAgent.EXE:LocalSubnet:Enabled:Grisoft AVG Agent
%ProgramFiles%\Grisoft\AVG7\AVGCC.EXE:LocalSubnet:Enabled:Grisoft AVG
Control Centre

VNC:

%ProgramFiles%\ORL\VNC\WinVNC.exe:LocalSubnet:Enabled:VNC


Add the exceptions before installing the relevant application, and
remember to allow time for the updated GPO to be picked up by the clients,
or manually force individual machines with "GPUPDATE /force" from a
command prompt.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.


.

Relevant Pages

  • Re: Locking down workstation
    ... Mada Dulate wrote: ... Pick the primary OS that your workstations use. ... includes a client for some kind of patch management system. ... network and equipment usage policy. ...
    (Security-Basics)
  • Re: Firewall
    ... the firewall, ... workstations the setting stays; the firewall is off. ... security barrier even if you also have a perimeter firewall. ... I use the security policy to handle most of our needs but the firewall ...
    (microsoft.public.windows.server.sbs)
  • Re: Slow Exchange/Outlook
    ... > You can add the exceptions to the default domain firewall policy. ... > the Server Management Console. ... Expand Advanced Management, Group Policy ...
    (microsoft.public.windows.server.sbs)
  • Re: SP1 enables Windows XP firewall how to turn it off?
    ... Guys ..the moat is not at the firewall... ... I can tell you numerous stories of how policy is set and how people go around policy. ... Sorry, but with PDA's and such, there is nothing a firewall will do, as those devices connect via USB, and the Windows firewall does nothing to block a USB device. ... In a properly configured domain, "Users" have little access across the network to others systems, only the management has the type of access you suggest, and that's the way it should be. ...
    (microsoft.public.windows.server.sbs)
  • Continuos error appearing when deploying a certain application! HELP!
    ... constant errors on the workstations the policy is being ... The Group Policy client-side extension Application ... Source: Application Management ... I have also enabled "Windows Installer Logging" ...
    (microsoft.public.win2000.group_policy)
Loading