If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
XP SP2 Firewall selects Standard profile when computer is properly connected to domain network
We are rolling out about 180 new IBM ThinkPad R51 laptops with XP SP2 installed. These are all joining the domain and receiving the Group Policies correctly. I know this is the case because: 1. the Firewall settings are exactly what is configured in the Group Policy I have for the SP2 firewall 2. I get Event Log entries saying the attempt to install SP1 (done on all of our XP computers via Group Policy) fails as expected 3. other things set by Group Policy are set correctly However, on at least some of them, the SP2 firewall allways (or at least nearly always) selects the Standard firewall profile. This means that we can not remotely administer these computers because, via Group Policy, the Standard firewall profile has no Exceptions. Occasionally, after a restart (without moving or disconnecting the network cable), the Domain firewall profile is selected. Now, according to http://www.microsoft.com/technet/com...uy/cg0504.mspx, the firewall feature determines which profile to use (Standard or Domain) based on the "Connection specific DNS suffix" and what it was set to when the last Group Policy updates were received. I've checked (using ipconfig /all) that the computers selecting the Standard profile have the exactly the same Connection Specific DNS suffix as those that are consistently selecting the Domain profile. All of these computers have been restarted several times while being connected to the network via Ethernet cable. I've also (while logged on as an administrator) issued the gpupdate command to force a Group Policy update (after verifying that the Connection Specific DNS Suffix is correct), then restarted, but the computer still gets the Standard firewall profile. I've tried disconnecting then reconnecting the network cable; issuing ipconfig /release, ipconfig /renew; without any success. I've disabled the wireless network adapter (there is no wireless network in the office) - still get the Standard firewall profile. I did not encounter this issue when beta testing SP2, nor while I was testing the firewall Group Policy on the 4 Windows XP SP2 (RTM) computers (domain members - same domain) at my desk. On these computers, the Domain Firewall Profile is always selected when the computer is connected to the office network and the Standard profile when it is not - just as advertised. If I disconnect the netrwok cable, the profile changes to Standard; when I plug the network cable back in again, the profile changes back to Domain. So: 1. what diagnostic tools/logs etc. are available to determine why the Standard profile is selected incorrectly? 2. is there are fix (or workaround) for this problem? The new computers were "imaged" from the same copy of the system image (created via Sysprep and Ghost). -- Bruce Sanderson MVP It's perfectly useless to know the right answer to the wrong question. |
Ads |
#2
|
|||
|
|||
XP SP2 Firewall selects Standard profile when computer is properly
Bruce
I have the same problem. Did you manage to solve it? Morgan "Bruce Sanderson" wrote: We are rolling out about 180 new IBM ThinkPad R51 laptops with XP SP2 installed. These are all joining the domain and receiving the Group Policies correctly. I know this is the case because: 1. the Firewall settings are exactly what is configured in the Group Policy I have for the SP2 firewall 2. I get Event Log entries saying the attempt to install SP1 (done on all of our XP computers via Group Policy) fails as expected 3. other things set by Group Policy are set correctly However, on at least some of them, the SP2 firewall allways (or at least nearly always) selects the Standard firewall profile. This means that we can not remotely administer these computers because, via Group Policy, the Standard firewall profile has no Exceptions. Occasionally, after a restart (without moving or disconnecting the network cable), the Domain firewall profile is selected. Now, according to http://www.microsoft.com/technet/com...uy/cg0504.mspx, the firewall feature determines which profile to use (Standard or Domain) based on the "Connection specific DNS suffix" and what it was set to when the last Group Policy updates were received. I've checked (using ipconfig /all) that the computers selecting the Standard profile have the exactly the same Connection Specific DNS suffix as those that are consistently selecting the Domain profile. All of these computers have been restarted several times while being connected to the network via Ethernet cable. I've also (while logged on as an administrator) issued the gpupdate command to force a Group Policy update (after verifying that the Connection Specific DNS Suffix is correct), then restarted, but the computer still gets the Standard firewall profile. I've tried disconnecting then reconnecting the network cable; issuing ipconfig /release, ipconfig /renew; without any success. I've disabled the wireless network adapter (there is no wireless network in the office) - still get the Standard firewall profile. I did not encounter this issue when beta testing SP2, nor while I was testing the firewall Group Policy on the 4 Windows XP SP2 (RTM) computers (domain members - same domain) at my desk. On these computers, the Domain Firewall Profile is always selected when the computer is connected to the office network and the Standard profile when it is not - just as advertised. If I disconnect the netrwok cable, the profile changes to Standard; when I plug the network cable back in again, the profile changes back to Domain. So: 1. what diagnostic tools/logs etc. are available to determine why the Standard profile is selected incorrectly? 2. is there are fix (or workaround) for this problem? The new computers were "imaged" from the same copy of the system image (created via Sysprep and Ghost). -- Bruce Sanderson MVP It's perfectly useless to know the right answer to the wrong question. |
#4
|
|||
|
|||
XP SP2 Firewall selects Standard profile when computer is prop
No, it's another make: a local manufacturer using standard parts.
However, I haven't observed the problem in a while now. "Bruce Sanderson" wrote: Nope: still pursueing. Is this with IBM Thinkpads or other makes and models of computers also? (At this time, we only have SP2 on the IBM ThinkPad R51s). -- Bruce Sanderson MVP It's perfectly useless to know the right answer to the wrong question. "Morgan Cruse" Morgan wrote in message ... Bruce I have the same problem. Did you manage to solve it? Morgan "Bruce Sanderson" wrote: We are rolling out about 180 new IBM ThinkPad R51 laptops with XP SP2 installed. These are all joining the domain and receiving the Group Policies correctly. I know this is the case because: 1. the Firewall settings are exactly what is configured in the Group Policy I have for the SP2 firewall 2. I get Event Log entries saying the attempt to install SP1 (done on all of our XP computers via Group Policy) fails as expected 3. other things set by Group Policy are set correctly However, on at least some of them, the SP2 firewall allways (or at least nearly always) selects the Standard firewall profile. This means that we can not remotely administer these computers because, via Group Policy, the Standard firewall profile has no Exceptions. Occasionally, after a restart (without moving or disconnecting the network cable), the Domain firewall profile is selected. Now, according to http://www.microsoft.com/technet/com...uy/cg0504.mspx, the firewall feature determines which profile to use (Standard or Domain) based on the "Connection specific DNS suffix" and what it was set to when the last Group Policy updates were received. I've checked (using ipconfig /all) that the computers selecting the Standard profile have the exactly the same Connection Specific DNS suffix as those that are consistently selecting the Domain profile. All of these computers have been restarted several times while being connected to the network via Ethernet cable. I've also (while logged on as an administrator) issued the gpupdate command to force a Group Policy update (after verifying that the Connection Specific DNS Suffix is correct), then restarted, but the computer still gets the Standard firewall profile. I've tried disconnecting then reconnecting the network cable; issuing ipconfig /release, ipconfig /renew; without any success. I've disabled the wireless network adapter (there is no wireless network in the office) - still get the Standard firewall profile. I did not encounter this issue when beta testing SP2, nor while I was testing the firewall Group Policy on the 4 Windows XP SP2 (RTM) computers (domain members - same domain) at my desk. On these computers, the Domain Firewall Profile is always selected when the computer is connected to the office network and the Standard profile when it is not - just as advertised. If I disconnect the netrwok cable, the profile changes to Standard; when I plug the network cable back in again, the profile changes back to Domain. So: 1. what diagnostic tools/logs etc. are available to determine why the Standard profile is selected incorrectly? 2. is there are fix (or workaround) for this problem? The new computers were "imaged" from the same copy of the system image (created via Sysprep and Ghost). -- Bruce Sanderson MVP It's perfectly useless to know the right answer to the wrong question. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
XP SP 2: Is it worth it? | Thane of Lochaber | The Basics | 27 | September 1st 04 06:01 AM |
Why can't my computer see the others on the network? | Al | Networking and the Internet with Windows XP | 2 | July 19th 04 12:43 AM |
Help: lost profile and settings | James \(MCP\) | Networking and the Internet with Windows XP | 0 | July 16th 04 06:34 PM |
Help: lost profile and settings | James \(MCP\) | Networking and the Internet with Windows XP | 0 | July 16th 04 05:41 PM |