Solved

Windows firewall sp2

Posted on 2007-03-29
7
290 Views
Last Modified: 2010-04-10
Morning,

I seem to be having a small problem with windows firewall on a server 2003 enteprise edition.
I've installed SP2 and all relevent updates. the server is setup as one domain controller with dns.
All is working AOK on that side - the problem started when i tried to join a computer's to the domain, i was getting access denied errors etc, (these were fresh installs) I found that disabling the firewall sorted this problem.
Now that i have 5 users connected to the domain they all have problems logging on to it.  It just hangs there for ages and ages.  If i disable windows firewall they connect immediately.
Do i need to open any ports for Active D and DNS - never had to do this before from memory - strange.


Thanks for any help.


0
Comment
Question by:John
  • 4
  • 2
7 Comments
 
LVL 14

Accepted Solution

by:
Burns2007 earned 250 total points
ID: 18821935
Personally I would disable windows firewall on the server.

Windows firewall is not a valid solution fo ryour internal connection.

Do you have this server directly connected to the internet and using ICS? If so, you can enable the firewall on that connection but not the internal one.

If you a router etc instead connected to the network, I wouldn't have the windows firewall turned on at all on your server.
0
 

Author Comment

by:John
ID: 18821975
Hi Burns2007

The server and clients use are using a Netgear DG834 ADSL router with built in NAT etc for internet access.  I'm not using ICS so i don't know what you mean about using the firewall on that connection. do you think not having the firewall on will be sufficient. I'd prefer to have it on but don't understand why this is giving me problems.


Thanx.
0
 
LVL 11

Expert Comment

by:Zenith63
ID: 18828412
Your NAT router will be acting as a firewall to the outside world, effectively sealing you off from it, so having a firewall on the server is probably going to cause you more hassle (for reasons like the problem you've described) then the small amount of extra security you gain.  The Windows firewall is only really giving you two extra bits of security - it will prevent access to the server from clients already on your network (not important in most small businesses IMHO) and will prevent the spread of network viruses to the server if one happens to get onto a LAN PC (again not that important considering how rare viruses are these days and how good most AntiVirus programs are if they're up-to-date).
So I agree with Burns2007, dump the firewall, you don't need it and it will cause more problems then it solves.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:John
ID: 18831384
OK, see what your saying.  Have you guys run servers before without any firewall protection.

0
 

Author Comment

by:John
ID: 18832222
I still don't like teh idea of running this Server without a personal firewall turned on,  especially as it's running as a file server and DNS server.  My NAT firewall router will only provide a perimator wall for traffic on the Net - if a laptop user for instance is infected with a virus, this could easily spead across the LAN, and effect any weak system that's vunerable. i.e MSblaster worm etc or any new born.

There are tonnes of ports, so opening a few for Server 2003 to function correctly shouldn't be a problem.  Do you guys know the right ports for this.

Cheers
0
 
LVL 11

Assisted Solution

by:Zenith63
Zenith63 earned 250 total points
ID: 18836113
Sorry, I don't know the ports in question.  To answer your other question; I have never put a firewall on a server, ever.  I also can't remember the last time I came across a server with a firewall on it.  It's just not the way it tends to be done for the very reason you've come across.

Decent AntiVirus (including server email scanning) updated at least daily and regular Windows updates is enough in a vast majority of cases.
0
 

Author Comment

by:John
ID: 18836816
Ok i will close this question and take your advice. I'm looking into getting a better hardware firewall anyway which should protect the server.

I will share the points out - think that's fair enough.

cheers

W.J
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now