Windows firewall sp2

Morning,

I seem to be having a small problem with windows firewall on a server 2003 enteprise edition.
I've installed SP2 and all relevent updates. the server is setup as one domain controller with dns.
All is working AOK on that side - the problem started when i tried to join a computer's to the domain, i was getting access denied errors etc, (these were fresh installs) I found that disabling the firewall sorted this problem.
Now that i have 5 users connected to the domain they all have problems logging on to it.  It just hangs there for ages and ages.  If i disable windows firewall they connect immediately.
Do i need to open any ports for Active D and DNS - never had to do this before from memory - strange.


Thanks for any help.


JohnAsked:
Who is Participating?
 
Burns2007Connect With a Mentor Commented:
Personally I would disable windows firewall on the server.

Windows firewall is not a valid solution fo ryour internal connection.

Do you have this server directly connected to the internet and using ICS? If so, you can enable the firewall on that connection but not the internal one.

If you a router etc instead connected to the network, I wouldn't have the windows firewall turned on at all on your server.
0
 
JohnAuthor Commented:
Hi Burns2007

The server and clients use are using a Netgear DG834 ADSL router with built in NAT etc for internet access.  I'm not using ICS so i don't know what you mean about using the firewall on that connection. do you think not having the firewall on will be sufficient. I'd prefer to have it on but don't understand why this is giving me problems.


Thanx.
0
 
Zenith63Commented:
Your NAT router will be acting as a firewall to the outside world, effectively sealing you off from it, so having a firewall on the server is probably going to cause you more hassle (for reasons like the problem you've described) then the small amount of extra security you gain.  The Windows firewall is only really giving you two extra bits of security - it will prevent access to the server from clients already on your network (not important in most small businesses IMHO) and will prevent the spread of network viruses to the server if one happens to get onto a LAN PC (again not that important considering how rare viruses are these days and how good most AntiVirus programs are if they're up-to-date).
So I agree with Burns2007, dump the firewall, you don't need it and it will cause more problems then it solves.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
JohnAuthor Commented:
OK, see what your saying.  Have you guys run servers before without any firewall protection.

0
 
JohnAuthor Commented:
I still don't like teh idea of running this Server without a personal firewall turned on,  especially as it's running as a file server and DNS server.  My NAT firewall router will only provide a perimator wall for traffic on the Net - if a laptop user for instance is infected with a virus, this could easily spead across the LAN, and effect any weak system that's vunerable. i.e MSblaster worm etc or any new born.

There are tonnes of ports, so opening a few for Server 2003 to function correctly shouldn't be a problem.  Do you guys know the right ports for this.

Cheers
0
 
Zenith63Connect With a Mentor Commented:
Sorry, I don't know the ports in question.  To answer your other question; I have never put a firewall on a server, ever.  I also can't remember the last time I came across a server with a firewall on it.  It's just not the way it tends to be done for the very reason you've come across.

Decent AntiVirus (including server email scanning) updated at least daily and regular Windows updates is enough in a vast majority of cases.
0
 
JohnAuthor Commented:
Ok i will close this question and take your advice. I'm looking into getting a better hardware firewall anyway which should protect the server.

I will share the points out - think that's fair enough.

cheers

W.J
0
All Courses

From novice to tech pro — start learning today.