RE: Fax console GPO

Hello Nick,

Thanks for posting here.

From your problem description, I understand your issue to be: you want to
configure the clients' firewall by SBS GPO to allow Fax Console traffic. If
I am off base, please do not hesitate to let me know.

First, please try to directly disable Windows Firewall on one workstation,
and then monitor the fax console traffic.

If it still cannot work, that means the issue is not related with windows
firewall, please do troubleshooting on fax console.

If it work fine, that means the issue is related with windows firewall, you
can go through the following steps.

Generally, you could try to edit the GPO ''Small Business Server Windows
Firewall'' on SBS to configure the firewall on client. However, before the
operation, you need to confirm the following things first.

After you install the Windows XP SP2 in your SBS 2k3 network, you may need
to install the Update for SBS 2k3 server first, please refer to the
following article.

872769 You cannot configure Windows Firewall settings or Security Center
http://support.microsoft.com/?id=872769

If you want to modify the Group Policy setting that is configured when you
installed the Windows Small Business Server 2003 Update for Windows XP SP2,
install the hotfix that is described in the following Microsoft Knowledge
Base article:

842933 "The following entry in the [strings] section is too long and has
been truncated" error message when you edit or view Group Policy in Windows
Server 2003, in Windows XP, or in Windows 2000
http://support.microsoft.com/default.aspx?kbid=842933

Install both the Windows Small Business Server 2003 Update for Windows XP
SP2 (872769) and the hotfix that is described in the article 842933 only if
you want to modify the Group Policy setting that is configured when you
installed the Windows Small Business Server 2003 Update for Windows XP SP2.
If you do not install the hotfix that is described in article 842933 after
you install the Windows Small Business Server 2003 Update for Windows XP
SP2, you receive the following error message when you try to manage Group
Policy settings:

If you have Windows Vista clients in your network, please apply the
following hotfix:
926505 Windows Small Business Server 2003: Windows Vista and Outlook 2007
compatibility update
http://support.microsoft.com/default.aspx?kbid=926505

After installing the above hotfixes, you can perform the following steps to
add the exceptions ports for clients firewall via GPO:

Please use the following steps to add exceptions ports for clients:

1. Start -> Administrative Tools -> Group Policy Management
2. Expand Domains -> Your Domain
3. Right click the Small Business Server Windows Firewall and click Edit
4. Computer configuration>Administrative templates>Network>Network
connections> Windows Firewall> Domain Profile;
5. Double click "Windows Firewall: Define port exceptions", select Enabled
6. Click Show button, then add the except ports in the box. Click OK twice
time.
7. Run Gpupdate /force on your XP2 client
8. Logon and logoff your client and test your issue again.

If add these exceptions ports do not resolve the issue, please try to
disable all clients firewall via GPO

Please use the following steps to disable client XP sp2 ICF:

1. Start -> Administrative Tools -> Group Policy Management
2. Expand Domains -> Your Domain
3. Right click the Small Business Server Windows Firewall and click Edit
4. Computer configuration>Administrative templates>Network>Network
connections> Windows Firewall> Domain Profile;
5. In "Windows Firewall: Protect all network connections" should be set to
''Disable''
6. Run Gpupdate /force on your XP2 client
7. Logon and logoff your client and test your issue again.

The following image may help you to configure it.

http://www.sbslinks.com/XPsp2.htm

==============================
Warning: This response contains a reference to a third party World Wide Web
site. Microsoft is providing this information as aconvenience to you.
Microsoft does not control these sites and has not tested any software or
information found on these sites; therefore, Microsoft cannot make any
representations regarding the quality, safety, or suitability of any
software or information found there. There are inherent dangers in the use
of any software found on the Internet, and Microsoft cautions you to make
sure that you completely understand the risk before retrieving any software
from the Internet.
==============================

Additional info:
HOW TO: Delegate Authority for Editing a Group Policy Object (GPO)
http://support.microsoft.com/?id=221577

Administering Group Policy with the GPMC
http://www.microsoft.com/windowsserver2003/gpmc/gpmcwp.mspx

Frequently Asked Questions About the Group Policy Management Console
http://www.microsoft.com/windowsserver2003/gpmc/gpmcfaq.mspx

Enterprise Management with the Group Policy Management Console
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Nick" <NotMe@xxxxxxxxxxx>
| Subject: Fax console GPO
| Date: Wed, 4 Jul 2007 17:27:43 +0100
| Lines: 7
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| Message-ID: <eqyAztlvHHA.4992@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: mail.stkittsnevisregistry.net 194.164.85.19
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:48191
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Can anyone tell me how to create a GPO to make a windows Firewall
exception
| to allow traffic to Fax Console on each workstation?
|
| Thx,
| Nick
|
|
|

.

Loading