RE: SP1 Firewall Question

From: Leon2005 (Leon2005_at_discussions.microsoft.com)
Date: 04/18/05 

Date: Mon, 18 Apr 2005 11:16:04 -0700

check out this site:
www.securitybastion.com
it is a patch management tool that incorporates windows firewall management
without Active Directory or Group Plicies or any scripting. You can scan your
network servers and push your configuration in minutes...

"jerry cantrell" wrote:

> I've configured a policy on a new GPO that is linked to a Domain Controllers
> OU. I can see using the GPMC modelling that the correct "Domain Profile"
> firewall settings are being" applied to the domain controllers. This
> includes remote desktop enablement.
>
> However when the policy is refreshed on the DC's, I soon lose connectivity,
> and they're all exhibiting strange behaviours.
>
> Noting one of the previous SP1 Firewall problem posts, given below, I am
> wondering - aside from using the GPMC results wizard, which I don't know
> whether to trust, how can I tell whether the Domain Profile or Domain
> Standard is being enforced?
>
> NETSH firewall Show State tells me a little, but not enough.
>
>
> jerry.
>
>
> "Leighton Earl" <leighton.earl@gmail.com> wrote in message
> news:da90d4f3.0504040844.61876686@posting.google.com...
> >I have installed SP1 on one of our Windows 2003 domain controllers.
> > Unfortunately the Windows firewall is applying the non domain policy
> > which blocks everything. I think this is because this registry key has
> > a null value:
> > NKLM\software\microsoft\windows\currentversion\group
> > policy\history\networkname
> >
> > sourced from:
> > http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx
> >
> > Other servers have correctly assigned network names, it seems only our
> > domain controllers suffer from this.
> >
> > Why do only the domain controllers have null network names
>
>
>

Relevant Pages

  • Re: How To Force LDAP Queries Through One Domain?
    ... In any case, my focus wasn't on whether a firewall was necessary, but more ... Other white papers on the topic of isolating domain controllers behind ... Windows 2003 that documents behavior between two forests in a trust, ... >> When you login to a domain on a computer that is a member server in the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows firewall for domain controllers
    ... If you have the policy defined in a higher level policy and in the DC policy only the DC policy will apply, since all the exceptions are in one settings. ... So as far as the share acces failing, I'm not sure about, you'll need to do some troubleshooting with the firewall log file to see what is being blocked, but I would say it had something to do with authentication to the DC not working properly. ... Windows Firewall: Protect all network connections - Enabled ... on our two domain controllers. ...
    (microsoft.public.windows.group_policy)
  • Re: Windows firewall for domain controllers
    ... So, if the Windows Firewall on the Domain Controllers is blocking the authentication requests, you will get the symptoms your users report. ... It is quite possible that the Firewall Policy you configured for the Domain has different settings for the Standard Profile than for the Domain Profile in the Windows Firewall part of the GPO. ...
    (microsoft.public.windows.group_policy)
  • Re: Stand Alone DHCP Servers and Windows 2000
    ... but I stand by the statement that a firewall limits ... client network from domain controllers by an ISA Server 2004 firewall, ... RPC, and that is solved by ISA Server 2004. ... Every virus I have ever been hit with would not have even been slowed down ...
    (microsoft.public.windows.server.networking)
  • Re: 3rd Party Firewalls on Domain Controllers.
    ... I would - were money not an issue - opt for a Hardware solution. ... I would be very hesitant to run any Firewall on a Domain Controller. ... > Domain Controllers right now, but eventually on Windows 2003 server Domain ... > - What 3rd party firewall software has worked on Domain Controllers. ...
    (microsoft.public.win2000.active_directory)