[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Disabled GPO Firewalls; still can't RDC or ping workstation

Posted on 2006-05-20
Medium Priority
Last Modified: 2010-08-05
I'm trying to use RDC to connect from home to my network server (thorugh a firewall), then from the server to a workstation in the domain. I have no trouble getting to the server (SBS2003), but Windows Firewall was enabled on the workstation and I had Global Policies in place to enable the firewall--these are now disabled. I still can't ping the workstation (by IP or domain name)--do I need to reboot the workstation or reset something locally in order for the policy to take effect? I've read something about ADM files needing to be refreshed; can I do this from the server?


Question by:judyhz
  • 3
  • 2
  • 2

Author Comment

ID: 16726064

I'm not sure how my predecessordeveloped the policies. I've disbled the firewall policy manually.
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 16726310
can you RDC to the workstations from the server when at work?

Have you tried using the Connect to Desktops from SBS RWW to directly connect rather than RDC to server desktop first ?

How do you RDC to server ?  VPN or RWW ?

Author Comment

ID: 16726616
I haven't tried RDC from server to workstation at work, but I can RDC from workstations to server.
Haven't tried RWW--does it give the same local functionality as RDC?
Not sure about this last question--I'm using RDC client to server, with a pass-through the firewall. Not using it over a VPN, but not sure how RWW works.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 16726647

1. need to check this as if fails, then no chance doing it remotely.
2. RWW is a front end. From there you can select to "Connect to server desktops" (if Domain Admin) or "Conncet to Workstation desktops" ; exactly RDC. I use it all the time.

3. Obviously not using RWW or VPN!  You have openned a hole in your firewall.
        RWW is an intermediate step as is creating a VPN that improves security.

I recommend looking into using RWW (Remote Web Workplace). Installed by default I think. Lets you look at CompanyWeb / Sharepoint as well.

Expert Comment

ID: 16728784
Did you actually go into control panel on the workstation and disable windows firewall?  If the workstation let you turn off windows firewall, then you know the group policy settings change worked.

Your previous administrator could have put some manual filters into routing and remote access (on the Server) that would further block RDC but this is very difficult -- let me know if you want to know how to check those.

I am able to RDC to my workstations from my server.  I don't use RWW.

Any network devices between server and workstation?

Author Comment

ID: 16729466
I am home right now; I changed the global policy Friday night. I believe the workstation is powered up but no one is logged in; it's my understanding that the changed local policy (at the workstation) should have refreshed by now (I reset the refresh rate to 1 hour in the GPO). I'll need to check tomorrow morning to see if either the firewall is now disabled as a result of the policy or if I can disable it locally. I really want to understand exactly what comes into play for remote access through the server so I can make everything right & document it. That's why I prefer not to fool around with other fixes/protocols until I understand what effect RDC (and associated policies & filters) has on my net.

I am willing to up the points to whatever you want if you'll take the time to create a narrative or list what else I might look into--this would be very useful now but generally instructive for me.

Finally, there are no network devices between the server and workstation. I am able to access other devices on the net (SNMP, ping)...

thanks for your response...

Accepted Solution

jm-johnmeyer-us earned 2000 total points
ID: 16730894
The firewall still needs to be disabled locally -- the GPO simply gives you permission to disable locally.  Go into control panel, classic view, windows firewall; set to OFF.  

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question