RE: group policy
- From: Marcus K <MarcusK@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 25 Apr 2006 21:58:01 -0700
Steven,
Ok! thank you for the response. It wasnt exactly the solution, but it did
point me in the right direction.
Based on what you said about the settings having to be under the domain
profile section, i re did a RSOP to see which policy was winning for the two
particular settings. Turns out the domain policy was winning for 'enable file
and printer sharing' and Server 2003 windows firewall was winning for 'remote
desktop' exception. When i went into the detail settings they were set as
enabled and exception set to 'Localsubnet' for the file and printer sharing
and 'subnet' for the remote desktop. So i disabled the settings under the
domain and server firewall policies which allowed the windows firewall policy
to take precedence and it worked.!
cheers.
Guess i wont be changing any settings on the default server gpo's after
this. I am going to ensure they are set to default and i can change the
settings on any new policies i implement.
--
Thanks
Marcus K
Bus Mgr
Alcohol & Drug Foundation
"helping U choose a better life"
"Steven Zhu [MSFT]" wrote:
Hi Marcus,.
Thanks for taking time to respond.
Actually, after a Group Policy object has been updated, it can be
configured for Windows Firewall settings that are appropriate for Windows
Firewall and the use of management, server, listener, or peer applications
and services that are being run on your computers running Windows XP with
SP2.
Based on my knowledge, the issue is somewhat wired because usually the
"Windows Firewall" settings should work properly in Group Policy. So before
we go any further, I'd like you to double-check whether you have correct
configuration in Group Policy:
1. Open Group Policy Object Editor -> Computer Configuration ->
Administrative Template -> Network -> Network Connections -> Windows
Firewall -> Domain Profile.
- The domain profile settings that are used by the computers when they are
connected to a network that contains domain controllers for the domain of
which the computer is a member.
- The standard profile settings that are used by the computers when they
are connected to a network that does not contain domain controllers for the
domain of which the computer is a member.
2. Windows Firewall: Allow file and print sharing exception --- Enable, and
type "*" in "Allow unsolicited incoming message from" box.
3. Windows Firewall: Allow Remote Desktop exception --- Enable, and type
"*" in "Allow unsolicited incoming message from" box.
4. Run gpupdate.exe /force command on Domain Controller.
Please let me know whether the issue persists after you finished the above
steps. I am looking forward to your reply.
Have a good day.
Best Regards,
Steven Zhu
MCSE
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
updated on February 14, 2006.? Please complete a re-registration process
by entering the secure code mmpng06 when prompted. Once you have
entered the secure code mmpng06, you will be able to update your profile
and access the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================
- Follow-Ups:
- RE: group policy
- From: Steven Zhu [MSFT]
- RE: group policy
- References:
- RE: group policy
- From: Steven Zhu [MSFT]
- RE: group policy
- From: Marcus K
- RE: group policy
- From: Steven Zhu [MSFT]
- RE: group policy
- Prev by Date: RE: Remote connectivity problems
- Next by Date: RE: problems modifying company web
- Previous by thread: Re: group policy
- Next by thread: RE: group policy
- Index(es):
Relevant Pages
|
