Re: Windows Firewall GPO Settings

From: DrNASA (DrNASA_at_discussions.microsoft.com)
Date: 02/14/05 

Date: Mon, 14 Feb 2005 09:41:23 -0800

Okay, so it's probably a good idea to configure both.

Thanks!

"Torgeir Bakken (MVP)" wrote:

> DrNASA wrote:
>
> > What is the difference between the Domain Profile and Standard Profile
> > settings in Group Policy under Computer Config > Admin Templates >
> > Network > Windows Firewall ?
> Hi
>
> Here is how the SP2 firewall determines if it is to activate
> the domain or standard profile:
>
> If last-received Group Policy update DNS name match any of the
> connection-specific DNS suffixes of the currently connected
> connections (not PPP or SLIP-based) on the computer the FW's
> domain settings will be used. In all other cases the standard
> profile will be used. There is no way to change this behavior.
>
> From
> The Cable Guy - May 2004
> Network Determination Behavior for Network-Related Group Policy Settings
> http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx
>
> <quote>
> To apply this behavior to Windows Firewall settings:
>
> () If the connection-specific DNS suffix of a currently connected
> connection on the computer that is not PPP or SLIP-based (such as
> an Ethernet or 802.11 wireless network adapter) matches the value
> of the
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
> Policy\History\NetworkName registry entry, Windows Firewall uses
> the domain profile.
>
> () If the connection-specific DNS suffix of a currently connected
> connection on the computer that is not PPP or SLIP-based does not
> match the value of the
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
> Policy\History\NetworkName registry entry, Windows Firewall uses
> the standard profile.
>
> You can determine the connection-specific DNS suffixes of the
> currently connected connections on the computer from the display
> of the ipconfig command issued from a command prompt.
>
> </quote>
>
> Read the Cable Guy article for more about this.
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx
>

Relevant Pages

  • Re: Windows Firewall Turned on Automatically
    ... > Windows Firewall Has Two Profiles Domain and Standard. ... > on for the standard profile and off for the domain profile. ... currently connected connections on the computer from the display ...
    (microsoft.public.windowsxp.security_admin)
  • Windows firewall spontaneously changes profiles
    ... spontaneously change firewall profiles every couple weeks. ... The Windows Firewall has switched the active policy profile. ... the standard profile is stock. ... is there a way I can can have the domain profile always in use? ...
    (microsoft.public.windowsxp.security_admin)
  • Windows firewall spontaneously changes profiles
    ... spontaneously change firewall profiles every couple weeks. ... The Windows Firewall has switched the active policy profile. ... the standard profile is stock. ... is there a way I can can have the domain profile always in use? ...
    (microsoft.public.windows.server.security)
  • Re: [SLE] Internet via ADSL router and via dial up possible on same system?
    ... >> My notebook needs to get connected to the Internet via an ADSL router ... >> connections, and reenter it when I use the router. ... > That's exactly the kind of scenario where scpm comes into play: ... > Summary: System Configuration Profile Management ...
    (SuSE)
  • Re: SQL2000 - Merge Replication - Timeout error
    ... The agent profile properties do not appear to include packet size. ... We have merge replication running successfully between 2 SQL2000 boxes via ... connections. ...
    (microsoft.public.sqlserver.replication)