RE: Firewall and Group Policy

From: The Frustrated Monk (TheFrustratedMonk_at_discussions.microsoft.com)
Date: 07/11/05

• Next message: The Frustrated Monk: "RE: Windows Firewall exceptions"
• Previous message: The Frustrated Monk: "Question about Remote Administration (XP) over VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 11 Jul 2005 10:53:01 -0700

There are two sets of firewall settings: domain and standard. Domain applies
when the laptop is connected to the domain (not sure about using cached
credentials). The standard firewall settings kick in when the machine is not
connected to the network, even over VPN.

We are rolling this out on our network now.

"Cindy" wrote:

> Hello:
> I currently have disabled MS firewall on LAN connections and enabled on
> Wireless and Dialup not allowing file and print sharing or remote
> desktop/assistance. For my users it is more important to keep them secure
> when not on our LAN which has a nice hardware firewall to protect them.
>
> I have been toying with the idea of enabling the firewall on XP machines and
> maybe 2003 servers through Group Policy allowing the exceptions necessary for
> me to remotely administer the services, update virus software, install
> patches, etc. My concern is Windows firewall does not allow exception for
> each individual connection, seems it is a one for all configuration.
>
> If you have Group Policy firewall connections will they also be applied when
> the user is not physically connected to the domain? Even if they sign onto
> domain using cached credentials?
>
> Needless to say it is more important to protect my laptops over unsupervised
> wireless and dialup connections than on our protected LAN. It would be a
> nice improvement to MS firewall to allow different exceptions for each
> connection.
>
> Thanks, Cindy
>
>

---

• Next message: The Frustrated Monk: "RE: Windows Firewall exceptions"
• Previous message: The Frustrated Monk: "Question about Remote Administration (XP) over VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: What is the Pattern here ? ... These are all Dialup Connections that I had no connection with at the time. ... It's obviously an enormous security hole, ... > and a real firewall box. ... (comp.security.firewalls) Re: Black Ice confesses faulty program!!! ... > outgoing connections or traffic except in cases where these connections ... > "dangerous/suspicious" traffic by the BlackICE program. ... > get into your machine then even a PC *without* a firewall is completely ... If you don't think "Spyware" is a problem for computer ... (comp.security.firewalls) Re: Port 135 ... The patch doesn't disable DCOM / RPC, so connections can still be made. ... That's why you need a firewall. ... the patch is not the thing to control ... control over your TCP/IP ports and services, ... (microsoft.public.security) Re: Home LAN : XP Pro SP2 - passwords ? Master browser ? ... >> Peter still has ip problems - it can't ping itself, by name, by ip ... >> firewall problem, or maybe an LSP / Winsock problem. ... Open the network connections folder, ... > laptop in my network places. ... (microsoft.public.windowsxp.network_web) Re: Networking/Security Question... ... The router itself will be a Cisco 1721. ... >setup is very simple... ... XP sp2 having the firewall on by default. ... > # but deny established connections that don't have a dynamic rule. ... (freebsd-net)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)