Re: Small Business Server Windows Firewall

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

I am always loathe to edit the SBS default policies but this may be a case
where I would do so. My normal GP changes are items in addition to SBS
policies and if I really thought I wished to do something in conflict with a
default policy (I don't) I'd just 'override' it (and probably call the
policy 'whatever override').

It's GP. It behaves in exactly the same way as any other implementation of
GP. Policies apply to items in the OU the policy is applied to and any child
OU's. SBS may have some 'smoke and mirrors' but it doesn't break all the
rules.

"Fed Gallardo" <fed.gallardo@xxxxxxxxx> wrote in message
news:eqENeU%234GHA.3592@xxxxxxxxxxxxxxxxxxxxxxx
It most definetly does work the way you describe Super. My main question
was can I edit those policies and will those edits apply to the computers
I join to the domain. I'm not use to SBS AD structure as it is much more
different than a 2003 Server AD. Is there a recommended settings paper for
these settings while computers are on the domain and while they are away?
"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:3B9DAD26-8CB7-4526-9B68-A5EDCF130790@xxxxxxxxxxxxxxxx
I'll look at this again later today, but I don't recall that my firewall
settings changing when I carry my laptop away...

--

Cris Hanna [SBS-MVP]
--------------------------------
Please only respond in the Newsgroups, do not email me directly
--------------------------------
Sent from Windows Mail running on Windows Vista Ultimate Post RC1
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:eZPasE54GHA.3512@xxxxxxxxxxxxxxxxxxxxxxx
Cris, is my understanding then mistaken? (Group policy not being my
strongest suit)

There are two profiles in the Network Connections area of this policy.

The Domain Profile has a description 'Manages Windows Firewall when the
computer is connected to the Active Directory network'.
The Standard Profile has a description 'Manages the Windows Firewall
when the computer is not connected to the Active Directory network, such
as when a mobile computer leaves the corporate network'.

I understand this to mean when the computer is/isn't _physically_
connected to the network. I'm unsure of the status when the PC is
physically away from the network but connected via VPN (I suspect the
'Domain Profile' comes into effect upon connection of the VPN).

SO, if we discount VPN for a moment and take the most basic scenario, a
user who connects his laptop both to the SBS LAN and a router he has at
home for connection to his home broadband account. The home router does
not VPN to the office, we don't want his kid's PC coming into the office
LAN.

My understanding is that those settings specified in the 'Domain
Profile' would apply when the PC is connected to the LAN at the office
and those settings in the 'Standard Profile' would apply when he is
connected at home _even though_ he signs onto his domain based account
(cached credentials) when away from the office.

"Cris Hanna [SBS-MVP]"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:70C72642-D3AF-4E56-949A-0A90E3FBEEB8@xxxxxxxxxxxxxxxx
The changes to the firewall do not change when the laptop is "remote"
You can choose to modify any GPO

--

Cris Hanna [SBS-MVP]
--------------------------------
Please only respond in the Newsgroups, do not email me directly
--------------------------------
Sent from Windows Mail running on Windows Vista Ultimate Post RC1
"Fed" <fed.gallardo@xxxxxxxxx> wrote in message
news:u2sOeW44GHA.3960@xxxxxxxxxxxxxxxxxxxxxxx
Under my domain.local there is a GPO titled Small Business Server
Windows Firewall. Is it safe to say this GPO will apply to my clients
once I add them to the domain? Basically what I am asking is if while
the machines are connected to the domain will the traffic be
uninterrupted and when they are remote will it be more locked down for
laptops? Can I edit this GPO?

TIA

Fed









.

Relevant Pages

  • Re: Still cant connect to RWW or OWA remotely
    ... In the Services MMC, is the Windows ... Firewall/Internet Connection Sharing service 'Disabled'? ... "Windows Firewall cannot run because another ... it certainly appears to be something about the SBS configuration. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Authentication problems (unable to connect to the network using the user name and password y
    ... VPN following the below steps or manually create VPN to SBS from My Network ... Communications and Remote Desktop Connection? ... Are they using Windows XP SP2? ... For managing the Windows XP SP2 firewall under SBS network, ...
    (microsoft.public.windows.server.sbs)
  • Re: New Single NIC Problem
    ... I presume your internet connection comes into a hub or switch, ... server and client computers are connected there as well, ... Les Connor [SBS Community Member - SBS MVP] ... > Windows IP Configuration ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN connection.
    ... 331816 - VPN Client in Windows XP Disconnects After One Minute: ... workstation, RWW, VPN, mobile, needs a CAL. ... > I am troubleshooting a VPN connection from Windows XP PRO to a SBS 2003 ... My problem is that the connection is dropped with irregual ...
    (microsoft.public.windows.server.sbs)
  • Re: PPPoE
    ... The Windows driver README ... Installing the PPP over Ethernet Protocol ... Connection Sharing, ...
    (freebsd-net)