Re: Roaming Profiles and ICF

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance



In news:24396720-BFA5-4458-BDA2-5C8E4A64EDD5@xxxxxxxxxxxxx,
jilltre <jilltre@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
okay,, more information... it appears its not the server that I need
to disable the ICF but the computer where the original profile is
located... in this case, mine.

Hmm. No, the Windows firewall protects inbound traffic only. Do you even
have the Windows firewall on your server? I don't....and wouldn't. If you
do, disable it - either use ISA or an Internet-facing firewall or both.

When I try to disable the ICF, it is grayed out.. so, there is a group
policy enforcing the ICF to be turned on... where in the group policy
mgmt list do I disable this?

The workstations don't need to have the firewall disabled for this purpose.



Thanks for the info... i'm going by what this article states:

KB832850

it shows the error message I am receiving, and the resolution is
disable the ICF...

I am using SBS, so maybe it's slightly different from winServ2k3...

--
jilltre


"Lanwench [MVP - Exchange]" wrote:



In news:CA752041-859A-41EF-AF35-BB9A5940FEA0@xxxxxxxxxxxxx,
jilltre <jilltre@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
I know this is a loaded question. I've got some users (vice
president of company) who would like to have roaming profiles...
but, the known issue is that if the ICF is turned on, the profiles
cannot be saved to the server...

If I have a firewall at the ISP level, and we also have our own
firewall (SonicWall),,is ICF needed? I know that Microsoft has to
not recommend turning it off, but what are the opinions out there?
Is it really too risky to turn it off for this one function?


I'm not sure what's going on on your network, but I use roaming
profiles, and I have the Windows firewall enabled on all
workstations, and it works fine.


.

Relevant Pages

  • Re: ZoneAlarm Pro, Sygate Personal Firewall, or built in xp firewall?
    ... ICF monitors outbound ports to know what inbound ports to block/open. ... blocks unsolicited connection attempts. ... connect to the Internet but would not normally purchase a firewall from the ... baseline intrusion prevention mechanism in Windows XP. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Roaming Profiles and ICF
    ... jilltre typed: ... computers that have the ICF enabled via a group policy. ... I would leave the firewall enabled. ... especially if they want roaming profiles. ...
    (microsoft.public.windows.server.sbs)
  • Re: Proposed Internet Connection Firewall change in WinXP SP2
    ... Of course a firewall is totally ineffectual against unintelligent ... I would advise you to look at alternatives to DCOM based ... Microsoft MVP ... >> available for management for ICF from group policy. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Baseline script (disable services etc.)
    ... > If anyone could give me any tips (as to turning on the ICF and disabling ... Disabling of services: ... Connection Firewall on a connection, ... Note that when using the EnableInternetFirewall/DisableInternetFirewall ...
    (microsoft.public.scripting.vbscript)
  • SBS 2003 security policy...
    ... I just discovered an amazing new feature of SBS 2003 security policy: ... computers without at least a simple firewall like the one from Microsoft ... they simply disable ICF altogether *while* its connected to the domain. ...
    (NT-Bugtraq)