Re: How to Allow Local Control of Windows Firewall on a Particular PC

Hi Stephen,

Thanks for your responses. I still cannot get this to work. Please see my
comments embedded in your post below:

Cheers,
Bill

"Steven Zhu [MSFT]" <v-stezhu@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:FuIYxP5kGHA.764@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Bill,

Thanks for taking time to respond.

Sure, the Windows Firewall GPO can configured in Computer Configuration,
but you can add the computer account to deny one specific computer read
the
Windows Firewall GPO. To do so:

1. Open "Group Policy Management" in the Administrative Tools.

2. Go to the OU you link the Windows Firewall GPO to it. I assume you put
the users into this OU since the specific policy is user based only.

All the GPO links on this SBS 2003, including the "Small Business Server
Windows Firewall", are directly below the domain container. The user in
question is in a folder called Users also directly below the domain
container together with all the other standard SBS users and groups . This
user is an administrator.


3. Choose the GPO name, on the right pane, you can find four tabs, please
click on the last tab, namely Delegation tab, please add the specific user
you want to EXEMPT him applying the GPO.

There are only three tabs, but the last one is Delegation. OK.


4. After adding him, please choose this entry, and click Advanced button,
add the specific computer account and deny the read permission.

OK.

5. Next, please run "Gpupdate /force" on the SBS 2003 Server and reboot
your Windows XP/2000 workstation, the specific user should NOT get the
"Windows Firewall" policy applied.

gpupdate /force takes a long time to complete and generates the following
message:

"User Policy Refresh has completed.
Computer Policy Refresh has completed.

To check for errors in policy processing, review the event log."

There are no error in the Event Logs.

When I restart the PC and check the Windows Firewall, it is still greyed out
and still cannot be turned off or on. When I run rsop.msc I see a red
circle with a white cross over the Computer Configuration icon and get the
following error:

"Group Policy Infrastructure failed due to the error listed below.
The specified domain either does not exist or could not be contacted.

Note: Due to the GP Core failure, none of the other Group Policy components
processed their policy. Consequently, status information for the other
components is not available."

What am I doing wrong :-(


Have a great day.

Best Regards,

Steven Zhu
MCSE
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
updated on February 14, 2006.? Please complete a re-registration process
by entering the secure code mmpng06 when prompted. Once you have
entered the secure code mmpng06, you will be able to update your profile
and access the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
======================================================










.