SP4 and Group Policies - resolution, Kind of.

From: George Carlson (georgepcarlson_at_YAHOO.COM)
Date: 12/09/03

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "If you couldn't get to the Security webcast week last week....." 
    Date:         Mon, 8 Dec 2003 18:07:35 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    This is a story of the right hand not knowing what the left hand was
    doing.

    In the last few days, I have found out the following:

    Scripts are now running in the new building (we just moved the whole
    agency 3 blocks down the road and set up NEW layer 3 switches). It is
    still the same way in the old building where SP2 and SP3 work, and SP4
    does not.

    The difference with the old building and the new building is that my
    other co-Engineer turned off ICMP on the Switches! Even Peer to peer on
    the same subnet! He did this without consulting me, or advising me of
    what he had done. He does have a bit of a communication problem.

    But, now that I know what is wrong, I still don't know why earlier
    versions of W2K work without ICMP, and latter versions do. I know that
    GPOs are supposed to use ICMP, and yet without it, they still worked
    with earlier versions of W2K, not latter ones tho.

    I want to thank all who responded to my post. There is something
    different about SP4 and several gave me a hint of what the problem was
    (we do not use Cross Domain Logins, but the fact that SP4 broke it lead
    me to the sucessful conclusion).

    SO I guess MS patched a hole they had all along, and for those who are
    having problems, check what your routers/layer 3 switches are doing to
    ICMP. If you block it, that may be your problem.

    If we could get rid of some NetAPP products, we would patch to all SP4!
    Unfortunately, the older NetApp products cannot understand SP3/4
    Authentication, so we are stuck in a real mixed mode. Sp4 on the
    desktop, and 2 on the servers. For now at least.

    -----
    Marcus Ranum's new book "The Myth of Homeland Security" is now out and
    is available from http://www.amazon.com/ranum In this hard-hitting
    review of the homeland security business, Ranum shows us how the problem
    is vastly harder than it's being made to sound, and how special
    interests, *** covering, and bureaucracy are threatening to derail any
    chance of making progress.
    -----

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "If you couldn't get to the Security webcast week last week....."