Re: Windows Firewall and 2003 SP1 Domain Controllers

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/23/05

• Next message: Steven L Umbach: "Re: Computer join/disjoin log"
• Previous message: Steven L Umbach: "Re: XP sp2 turning off the firewall in group policies"
• In reply to: roadie: "Windows Firewall and 2003 SP1 Domain Controllers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 22 Apr 2005 17:58:50 -0500

I have seen more than a few posts reflecting what you are seeing. I don't
know the cause but it seems your domain controller is using the settings in
the "standard" profile instead of the "domain profile in Group policy. You
could run the Resultant Set of Policy mmc snapin to see exactly what Windows
Firewall Group Policy is being applied to the domain controller and from
what Group Policy. Your solution may be to disable the Windows Firewall in
standard profile which normally applies only when a domain computer is not
connected to the domain. Open Group Policy such as local or for the domain
controller container and go to computer configuration/administrative
templates/network/network connections/Windows Firewall/standard profile and
disable the first option for "protect all network connections" to see if
that disable the Windows Firewall. --- Steve

"roadie" <isoma@darden.virginia.edu> wrote in message
news:1114191258.714571.284900@g14g2000cwa.googlegroups.com...
> anyone know what would cause a windows 2003 sp1 server w/ it's windows
> firewall set to off, to switch to on w/o anyone telling it to?
>
> here are the details:
> 2003 sp1 domain controller w/ the icf service enabled, but the windows
> firewall itself set to off. security event log shows
> "the windows firewall has switched the active policy profile."
> "active profile: standard"
>
> the windows firewall operational mode has chnaged.
> policy origin: local policy
> profile changed: standard
> new setting: on
> old setting: off
>

---

• Next message: Steven L Umbach: "Re: Computer join/disjoin log"
• Previous message: Steven L Umbach: "Re: XP sp2 turning off the firewall in group policies"
• In reply to: roadie: "Windows Firewall and 2003 SP1 Domain Controllers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages XP SP2 Firewall selects Standard profile when computer is properly connected to domain network ... the Firewall settings are exactly what is configured in the Group Policy ... Standard firewall profile has no Exceptions. ... (microsoft.public.windowsxp.network_web) Re: Firewall grayed out in xp after gpupdate /force ... It's at the same hierarchical level as the Domain Profile in the Group ... Domain and Standard Profiles for the Windows Firewall. ... If you enable the firewall settings in a Group Policy Object ... (microsoft.public.windows.server.sbs) Re: Windows firewall spontaneously changes profiles ... My guess is that this happens when a domain controller is not detected by ... gpresult on a computer to see the last time that a computer had Group Policy ... > The Windows Firewall has switched the active policy profile. ... the standard profile is stock. ... (microsoft.public.windows.server.security) Re: GP and firewall on and off domain ... Run rsop.msc on your computer to see if any firewall settings are configured ... for "domain" profile and if so it should show what Group Policy is applying ... If it is not the local Group Policy then it is being applied ... (microsoft.public.windows.group_policy) Re: GPO Password length not working ... The errors running RSOP in logging mode on the XP Pro computers could be ... Configure some settings for both user and computer ... You mention that you are using Group Policy filtering by using groups other ... >> domain container and that the default domain controller Group Policy is ... (microsoft.public.windows.server.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)