Re: Firewall
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 20 Mar 2008 14:58:11 -0400
hood <hood4u@xxxxxxxxx> wrote:
On Mar 20, 12:58 pm, "Lanwench [MVP - Exchange]"
<lanwe...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
hood <hoo...@xxxxxxxxx> wrote:
I have over 30 computers that have no problem whatsoever with the
windows firewall. A newly bought Dell is giving me problems.
What's different about it?
When I
log onto the workstation as the local administrator I can shut off
the firewall, as we don't need it. If I log onto the network as the
user that will be using the computer I don't have rights to change
the firewall settings, which is fine that is what I want. On all
the other workstations I can log in as local admin and shut off the
firewall and when the users log onto the network from those
workstations the setting stays; the firewall is off. When I log
onto the local admin of the new Dell computer I can turn off the
firewall and the setting stays. But, when I log in as the user the
firewall is on and i am having problems running other programs. Is
there a way that I can log in as the user and then use one of my
admin passwords to change the settings??
Back up a bit - if you want to manage your windows firewall on al
the workstations, you really should use group policy to do it. Don't
manually set up stuff like this piecemeal on workstations - you're
defeating some of the main benefits of having a domain in the first
place, which is centralized management and control.
And veering a bit off topic, I strongly recommend you leave it
running & enabled, and set exceptions for it. It's a valuable
security barrier even if you also have a perimeter firewall. You
will find this out if you ever get into the situation of malware,
etc., running amok on your network.
That all said, run rsop.msc as the user on this workstation to find
out what the effective policies are, and also check the event logs.
I don't know if it is a firewall setting but i am also disallowed,
while logged in as the user of the workstation, from creating files
or changing them/saving them. I cannot save anywhere but my
documents. All other workstations do not have this limitation.
Where is there a setting for allowing these permissions. My server
policies do not include these restrictions I don't know where the
pc is getting then even though it says it is using the domain
security policies which is what everyone else is using with no
problems.
See above, re rsop.msc and your event logs.
What's different about it?Nothing. Same operating system, same user logging onto workstation,
same software as all other pc's, same domain controller and server.
I use the security policy to handle most of our needs but the firewall
is so restrictictive it becomes cumbersome to add all the exceptions.
For what? How many apps do you have that require unsolicited *inbound*
access to your desktops? I'd sure hope it isn't many.
And remember, you set the exceptions via.....group policy. :-)
I will probably turn on the firewall on one of the workstations and
see what needs to be allowed before I put it in the global policy.
Good point.
Yep - try it as a test.
I ran the rsop.msc but can't figure out where the file access rights
are.
They aren't in there. That's NTFS. It will help you isolate the problem if
you have policy errors. but check your NTFS security and event logs.
.
- References:
- Firewall
- From: hood
- Re: Firewall
- From: Lanwench [MVP - Exchange]
- Re: Firewall
- From: hood
- Firewall
- Prev by Date: Re: OWA and REmote Workplace fails to load page
- Next by Date: Re: Server Frozen
- Previous by thread: Re: Firewall
- Next by thread: Moving Exchange Databases and Logs in SBS2003 Premium
- Index(es):
Relevant Pages
|
