If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
SP2 firewall Domain & Standard GPO settings?
All,
I have been searching around for a bit, and am looking to understand exactly how I can take advantage of the SP2 firewall GPO settings - specifically the Domain and Standard Profile settings. If I have a bunch of salespeople with laptops, and I set a GPO as follows: DOMAIN PROFILE WF: Protect all network connections: Enabled WF: Allow remote admin exception: Enabled STANDARD PROFILE WF: Protect all network connections: Enabled Is this saying that when the Salespeople are at our office & plugged into our network that the firewall will be enabled and will allow remote admin connections - but when they are offsite (at home, at a client, etc.) the firewall will be on with no exceptions? Thanks in advance... David |
Ads |
#2
|
|||
|
|||
David Levine wrote:
I have been searching around for a bit, and am looking to understand exactly how I can take advantage of the SP2 firewall GPO settings - specifically the Domain and Standard Profile settings. If I have a bunch of salespeople with laptops, and I set a GPO as follows: DOMAIN PROFILE WF: Protect all network connections: Enabled WF: Allow remote admin exception: Enabled STANDARD PROFILE WF: Protect all network connections: Enabled Is this saying that when the Salespeople are at our office & plugged into our network that the firewall will be enabled and will allow remote admin connections - but when they are offsite (at home, at a client, etc.) the firewall will be on with no exceptions? Hi, Yes, that is correct. Note that is some cases the Standard Profile will be used even if the computers are connected to the domain. This will happen if last-received Group Policy update DNS name does not match any of the connection-specific DNS suffixes of the currently connected connections on the computer. In this case, the non-domain settings will be used. From The Cable Guy - May 2004 Network Determination Behavior for Network-Related Group Policy Settings http://www.microsoft.com/technet/com...uy/cg0504.mspx quote To apply this behavior to Windows Firewall settings: () If the connection-specific DNS suffix of a currently connected connection on the computer that is not PPP or SLIP-based (such as an Ethernet or 802.11 wireless network adapter) matches the value of the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Group Policy\History\NetworkName registry entry, Windows Firewall uses the domain profile. () If the connection-specific DNS suffix of a currently connected connection on the computer that is not PPP or SLIP-based does not match the value of the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Group Policy\History\NetworkName registry entry, Windows Firewall uses the standard profile. You can determine the connection-specific DNS suffixes of the currently connected connections on the computer from the display of the ipconfig command issued from a command prompt. /quote Read the Cable Guy article for more about this. -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scr...r/default.mspx |
#3
|
|||
|
|||
I appreciate the response!
I am sure I will find out for myself, but once I apply these settings to the GPO, will my SMS 2.0 client software blow up, or will the admin exception handle that as well? Thanks much... -D "Torgeir Bakken (MVP)" wrote: David Levine wrote: I have been searching around for a bit, and am looking to understand exactly how I can take advantage of the SP2 firewall GPO settings - specifically the Domain and Standard Profile settings. If I have a bunch of salespeople with laptops, and I set a GPO as follows: DOMAIN PROFILE WF: Protect all network connections: Enabled WF: Allow remote admin exception: Enabled STANDARD PROFILE WF: Protect all network connections: Enabled Is this saying that when the Salespeople are at our office & plugged into our network that the firewall will be enabled and will allow remote admin connections - but when they are offsite (at home, at a client, etc.) the firewall will be on with no exceptions? Hi, Yes, that is correct. Note that is some cases the Standard Profile will be used even if the computers are connected to the domain. This will happen if last-received Group Policy update DNS name does not match any of the connection-specific DNS suffixes of the currently connected connections on the computer. In this case, the non-domain settings will be used. From The Cable Guy - May 2004 Network Determination Behavior for Network-Related Group Policy Settings http://www.microsoft.com/technet/com...uy/cg0504.mspx quote To apply this behavior to Windows Firewall settings: () If the connection-specific DNS suffix of a currently connected connection on the computer that is not PPP or SLIP-based (such as an Ethernet or 802.11 wireless network adapter) matches the value of the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Group Policy\History\NetworkName registry entry, Windows Firewall uses the domain profile. () If the connection-specific DNS suffix of a currently connected connection on the computer that is not PPP or SLIP-based does not match the value of the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Group Policy\History\NetworkName registry entry, Windows Firewall uses the standard profile. You can determine the connection-specific DNS suffixes of the currently connected connections on the computer from the display of the ipconfig command issued from a command prompt. /quote Read the Cable Guy article for more about this. -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scr...r/default.mspx |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Offer Remote Assistance - "Permission denied" - Windows XP SP2 | Research Services | Windows Service Pack 2 | 2 | February 25th 05 08:29 PM |
Firewall Registry Settings SP2 | MP | Windows Service Pack 2 | 1 | January 6th 05 09:00 PM |
XP SP2 Firewall Domain Level Controll of Exceptions | Benson | Windows Service Pack 2 | 1 | November 16th 04 08:27 AM |
SP2 firewall status alert settings not retained | JTHM | Windows Service Pack 2 | 4 | September 6th 04 06:09 AM |
Long boot pause with SATA boot drive | Randy | General XP issues or comments | 3 | September 1st 04 12:44 AM |