A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Windows Service Pack 2
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

SP2 firewall Domain & Standard GPO settings?



 
 
Thread Tools Display Modes
  #1  
Old August 12th 05, 11:17 PM
David Levine
external usenet poster
 
Posts: n/a
Default SP2 firewall Domain & Standard GPO settings?

All,

I have been searching around for a bit, and am looking to understand exactly
how I can take advantage of the SP2 firewall GPO settings - specifically the
Domain and Standard Profile settings.

If I have a bunch of salespeople with laptops, and I set a GPO as follows:

DOMAIN PROFILE
WF: Protect all network connections: Enabled
WF: Allow remote admin exception: Enabled
STANDARD PROFILE
WF: Protect all network connections: Enabled

Is this saying that when the Salespeople are at our office & plugged into
our network that the firewall will be enabled and will allow remote admin
connections - but when they are offsite (at home, at a client, etc.) the
firewall will be on with no exceptions?

Thanks in advance...

David

Ads
  #2  
Old August 13th 05, 06:41 PM
Torgeir Bakken \(MVP\)
external usenet poster
 
Posts: n/a
Default

David Levine wrote:

I have been searching around for a bit, and am looking to understand exactly
how I can take advantage of the SP2 firewall GPO settings - specifically the
Domain and Standard Profile settings.

If I have a bunch of salespeople with laptops, and I set a GPO as follows:

DOMAIN PROFILE
WF: Protect all network connections: Enabled
WF: Allow remote admin exception: Enabled
STANDARD PROFILE
WF: Protect all network connections: Enabled

Is this saying that when the Salespeople are at our office & plugged into
our network that the firewall will be enabled and will allow remote admin
connections - but when they are offsite (at home, at a client, etc.) the
firewall will be on with no exceptions?

Hi,

Yes, that is correct.

Note that is some cases the Standard Profile will be used even
if the computers are connected to the domain. This will happen
if last-received Group Policy update DNS name does not match any
of the connection-specific DNS suffixes of the currently connected
connections on the computer. In this case, the non-domain settings
will be used.

From
The Cable Guy - May 2004
Network Determination Behavior for Network-Related Group Policy Settings
http://www.microsoft.com/technet/com...uy/cg0504.mspx

quote
To apply this behavior to Windows Firewall settings:

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based (such as
an Ethernet or 802.11 wireless network adapter) matches the value
of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the domain profile.

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based does not
match the value of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the standard profile.


You can determine the connection-specific DNS suffixes of the
currently connected connections on the computer from the display
of the ipconfig command issued from a command prompt.

/quote

Read the Cable Guy article for more about this.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scr...r/default.mspx
  #3  
Old August 16th 05, 07:25 PM
David Levine
external usenet poster
 
Posts: n/a
Default

I appreciate the response!

I am sure I will find out for myself, but once I apply these settings to the
GPO, will my SMS 2.0 client software blow up, or will the admin exception
handle that as well?

Thanks much...

-D

"Torgeir Bakken (MVP)" wrote:

David Levine wrote:

I have been searching around for a bit, and am looking to understand exactly
how I can take advantage of the SP2 firewall GPO settings - specifically the
Domain and Standard Profile settings.

If I have a bunch of salespeople with laptops, and I set a GPO as follows:

DOMAIN PROFILE
WF: Protect all network connections: Enabled
WF: Allow remote admin exception: Enabled
STANDARD PROFILE
WF: Protect all network connections: Enabled

Is this saying that when the Salespeople are at our office & plugged into
our network that the firewall will be enabled and will allow remote admin
connections - but when they are offsite (at home, at a client, etc.) the
firewall will be on with no exceptions?

Hi,

Yes, that is correct.

Note that is some cases the Standard Profile will be used even
if the computers are connected to the domain. This will happen
if last-received Group Policy update DNS name does not match any
of the connection-specific DNS suffixes of the currently connected
connections on the computer. In this case, the non-domain settings
will be used.

From
The Cable Guy - May 2004
Network Determination Behavior for Network-Related Group Policy Settings
http://www.microsoft.com/technet/com...uy/cg0504.mspx

quote
To apply this behavior to Windows Firewall settings:

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based (such as
an Ethernet or 802.11 wireless network adapter) matches the value
of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the domain profile.

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based does not
match the value of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the standard profile.


You can determine the connection-specific DNS suffixes of the
currently connected connections on the computer from the display
of the ipconfig command issued from a command prompt.

/quote

Read the Cable Guy article for more about this.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scr...r/default.mspx

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Offer Remote Assistance - "Permission denied" - Windows XP SP2 Research Services Windows Service Pack 2 2 February 25th 05 09:29 PM
Firewall Registry Settings SP2 MP Windows Service Pack 2 1 January 6th 05 10:00 PM
XP SP2 Firewall Domain Level Controll of Exceptions Benson Windows Service Pack 2 1 November 16th 04 09:27 AM
SP2 firewall status alert settings not retained JTHM Windows Service Pack 2 4 September 6th 04 06:09 AM
Long boot pause with SATA boot drive Randy General XP issues or comments 3 September 1st 04 12:44 AM






All times are GMT +1. The time now is 01:25 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.