Re: Windows firewall spontaneously changes profiles

From: David Carlin (dcarlin3_at_yahoo.com)
Date: 06/29/05 

Date: Wed, 29 Jun 2005 00:30:18 -0400

David,

This is an interesting article that a Dusty from Microsoft posted on the
"microsoft.public.windows.networking.firewall" newsgroup:

http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx

That basically desribes what you are saying; the windows firewall
matches the DNS suffix to the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
Policy\History\NetworkName

On every machine, I already had the primary DNS suffix statically set,
and it matches what is currently in my NetworkName registry key. Am I
correct in assuming this every 3-5 week discrepency must be handed down
via GPO from the domain controllers then?

Thanks!

David Beder [MSFT] wrote:
> Windows Firewall will switch to the to the standard profile when none of
> your nics has a dns suffix that matches the network name pushed down through
> group policy. My guess is that either the machines are running out of time
> on their leases and going back to dhcp to get new ones, hitting a dhcp
> server that gives out a non-matching or empty dns suffix, or they're getting
> a gp update from a dc that plumbs a new network name.
>
> I think the best-practice guidence is to set both domain and standard
> profile gp settings to be the same to cover this scenario where the box
> isn't really actually moving but could interact with infrustructure that
> makes it think it's changed domains.
>
> Unfortunately at the moment I'm not at a machine that's a member of a domain
> and don't recall the exact gp regkey to check, but I know there are some
> firewall kb articles a deployment guides on microsoft.com which should walk
> you through what to check.
>

Relevant Pages

  • Re: Zone Alarm Free blocks everything
    ... >> Of course that IP is my network IP address. ... (DHCP) ... > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in ... machine as Windows Firewall does not block ANY outgoing ...
    (comp.security.firewalls)
  • Re: Unable to ping or be pinged by other machines on the same network
    ... My DHCP works fine with Windows firewall on at its default settings. ... Maybe cycling the power on the DHCP server would fix it too. ... network. ...
    (microsoft.public.windows.mediacenter)
  • Re: Server 2008 with Hyper-V - domain controller - Firewall GUIs show firewall ON, but n
    ... This physical computer has only one network adapter and there are virtual machines that communicate with each other, other LAN attached computers and the Internet, so yes, there is a virtual network linked to the NIC. ... If I run the Start, Administrative Tools, Windows Firewall with Advanced Security it tells me: ... some settings are controlled by Group Policy ... 88 TCP Any ...
    (microsoft.public.windows.server.networking)
  • Re: File sharing one-way-only on 1 pc of 4
    ... Chuck wrote: ... All of the machines can read and write files to and from each-other, ... This one 'sees itself' on the network, ... My windows firewall service is stopped, and I cannot restart it, due to ...
    (microsoft.public.windowsxp.network_web)
  • Re: File sharing one-way-only on 1 pc of 4
    ... Chuck wrote: ... All of the machines can read and write files to and from each-other, ... This one 'sees itself' on the network, ... My windows firewall service is stopped, and I cannot restart it, due to ...
    (microsoft.public.windowsxp.network_web)