Re: XP Firewall setting for AD

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/22/05

Next message: Steven L Umbach: "Re: Network security"
Previous message: Steven L Umbach: "Re: XP firewall is grayed out"
In reply to: striffy_at_gmail.com: "XP Firewall setting for AD"
Next in thread: Torgeir Bakken \(MVP\): "Re: XP Firewall setting for AD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Nov 2005 22:30:09 -0600

Generally you don't configure the Windows Firewall on the domain controllers
on domain controllers or WSUS server but it should not interfere with Group
Policy if configured on domain client computers though often there is an
exception for file and print sharing and remote administration from
computers used for domain administration and domain controllers if you are
using Computer Management to manage computers, scanning with MBSA, or
running RSOP on them. One thing that often helps is to enable the firewall
log on a couple affected computers and then looking in the firewall logs for
dropped traffic that would show from what IP address/port/protocol. Group
Policy is pulled by domain computers when foreground or background refresh
is done and the Windows Firewall should not interfere since it is stateful
and traffic in response to what they initiated would not be blocked . ---
Steve

<striffy@gmail.com> wrote in message
news:1132543152.477776.243690@g44g2000cwa.googlegroups.com...
> Hi All.
> In process of testing XP SP2 on Windows 2003 AD.
> Been testing with wireless XP machine with firewall on, default
> settings.
> Is there a knowledge base or recommended settings for the firewall to
> let AD work.
> Without configuration, Group Policies aren't being applied, WSUS also
> can't connect.
> I've enable all ICMP packets to be allowed, this seems to have helped
> somewhat but still unable to manage the computer from GPMC.
> If I turn off the firewall everything works fine.
>
>
> Thanks
>

Next message: Steven L Umbach: "Re: Network security"
Previous message: Steven L Umbach: "Re: XP firewall is grayed out"
In reply to: striffy_at_gmail.com: "XP Firewall setting for AD"
Next in thread: Torgeir Bakken \(MVP\): "Re: XP Firewall setting for AD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Completely replace software firewall with hardware firewall?
... i.e. connected to a router connected to a cable modem. ... >> becoming an enthusiast or even expert in firewall configuration. ... > different computers and versions of Windows, not one of them has been ...
(comp.security.firewalls)
Re: Completely replace software firewall with hardware firewall?
... i.e. connected to a router connected to a cable modem. ... >> becoming an enthusiast or even expert in firewall configuration. ... > different computers and versions of Windows, not one of them has been ...
(alt.computer.security)
Re: Whats up with Dells f-ed up XP setup?
... >it to allow the set of computers on my network did the trick and i can now ... My new Insiron 6000 came with Norton Internet Security and I also had ... What was the simple configuration of the firewall that you made that ...
(alt.sys.pc-clone.dell)
Re: How To Force LDAP Queries Through One Domain?
... In any case, my focus wasn't on whether a firewall was necessary, but more ... Other white papers on the topic of isolating domain controllers behind ... Windows 2003 that documents behavior between two forests in a trust, ... >> When you login to a domain on a computer that is a member server in the ...
(microsoft.public.windows.server.active_directory)
Re: Group Policy not applying
... unusual to have domain controllers in a dmz. ... that can cause problems as domain members can not use ipsec negotiation ... the link below on what ports are required for AD to work through a firewall and pay ... Looking in Event Viewer on all computers involved would also be ...
(microsoft.public.win2000.group_policy)