Group Policy setting for Windows Firewall

Guy's this is sooooo!!! urgent.

Have  a Windows Server 2003 controlling 5 XP workstations.

the server (by default) has turned on all the firewalls and now I cannot remote install/ assist etc.

Please can someone guide me to the Group policy thats doing this .


Timbertool12Asked:
Who is Participating?
 
Pete LongTechnical ConsultantCommented:
Disable XP SP2 Firewall through Group Policy

1.      Open Active directory users and computers.
2.      Right click the domain name and select properties (note you can also apply this .policy on an OU if you wish).
3.      Select the Group policy tab.
4.      Select either the default domain policy (of the policy you wish to edit).
5.      Click Edit.
6.      Navigate to Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall.

Note I’m only concerned with the domain profile here – If you have mobile users you can configure different settings for the domain and standard (not on the domain) settings.

7.      Select Domain Profile.
8.      Set the policies as follows,

Windows Firewall: Protect all network connections – set to disabled

Note this is all you need to do however – if you have users that “Fiddle” you might want to configure a few more (note you can navigate through all the settings using the “Next Setting buttons”

Windows Firewall: Do not allow exceptions – not configured
Windows Firewall: Define program exceptions– not configured
Windows Firewall: Allow local program exceptions– not configured
Windows Firewall: Allow remote administration exception – enabled (put in your entire subnet i.e 172.16.0.0/16)
Windows Firewall: Allow file and printer sharing exception – enabled (put in your entire subnet i.e 172.16.0.0/16)
Windows Firewall: Allow ICMP exceptions – not configured
Windows Firewall: Allow Remote Desktop exception– enabled (put in your entire subnet i.e 172.16.0.0/16)
Windows Firewall: Allow UPnP framework exception– enabled (put in your entire subnet i.e 172.16.0.0/16)
Windows Firewall: Prohibit notifications– enabled (notifications cause calls to IT :)
Windows Firewall: Allow logging - disabled
Windows Firewall: Prohibit unicast response to multicast or broadcast requests - disabled
Windows Firewall: Define port exceptions – not configured
Windows Firewall: Allow local port exceptions – not configured


NOTE give this some time to propagate round the network (NOTE start > run > gpupdate will enforce it immediately on an XP client if you want to test it)
0
 
mlemanCommented:
you need to check first what version the adm files are on the active directory.
you will need the service pack 2 adm files.
when you have done this you will be able to set a group policy enabling, disabling, populating exception losts etc.
0
 
mlemanCommented:
to create a group policy, you will need to have your users, in an OU in the active directory, then you access group policys via properties of the ou, under group policys, just click new policy, give it a meanful name, make you changes to the policy,

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngintro.mspx
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
joedoe58Commented:
You can also download the Group Policy management tool from MS where you have a better view of your policies.
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
0
 
pdxsrwCommented:
Side question... is it necessary/advisable to have XP's firewall running on a desktop machine in a domain like this?  
0
 
Pete LongTechnical ConsultantCommented:
- in a domain enviroment - that is secured by it own network Firewall(s) and or network segragation - then no turn it off

on your aunty Mables home PC'turn it on :)
0
 
mlemanCommented:
no, you should have an external firewall so the desktops dont need one.
0
 
mikeleebrlaCommented:
mleman---the policy that controls the firewall is a COMPUTER policy,, meaning it is 100% irrelevant which OU the users are, it is however 100% relevant which OU the computers are in.

pdxsrw,, i always have the firewall turned off so i can do various administrative tasks to the computers in a domain (i'm sure many would diagree with that).  you should however have a good hardware firewall between your lan and the internet to protect your computers from the internet.  no need to protect your lan from itself is there??  MS turned on the firewall if you do a default install of SP2 (no switches) b/c it is advisable to do so on a network without a good hardware firewall, but of course this screws up network admins' ability to manage the PCs.
0
 
Timbertool12Author Commented:
Your the puppy's parts old chap.

Just what I needed.

Still slaving away on this one 22:07 GMT.

Still, with your knowledge Pete, I should have it cracked soon.

Regards,

Timbertool12
0
 
Pete LongTechnical ConsultantCommented:
LOL its Ten o clock up here in Middlesbrough m8 - get knocked off and get yer ead down :)

ThanQ
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.