Solved

Can't acces Vista computer in domain

Posted on 2008-10-09
6
685 Views
Last Modified: 2010-08-05
I can't access a vista computer in the domain.  I have a firewall gpo setup.  See code Snippet for details.  With the firewall turned off on the vista machine everything works fine.  What am I missing here?
Computer Configuration (Enabled)hide
Administrative Templateshide
Network/Network Connections/Windows Firewall/Domain Profilehide
Policy Setting 
Windows Firewall: Allow file and printer sharing exception Enabled 
Allow unsolicited incoming messages from: localsubnet 
Syntax: 
Type "*" to allow messages from any network, or 
else type a comma-separated list that contains 
any number or combination of these: 
IP addresses, such as 10.0.0.1 
Subnet descriptions, such as 10.2.3.0/24 
The string "localsubnet" 
Example: to allow messages from 10.0.0.1, 
10.0.0.2, and from any system on the 
local subnet or on the 10.3.4.x subnet, 
type the following: 
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24 
 
Policy Setting 
Windows Firewall: Allow ICMP exceptions Enabled 
Allow outbound destination unreachable Enabled 
Allow outbound source quench Enabled 
Allow redirect Enabled 
Allow inbound echo request Enabled 
Allow inbound router request Enabled 
Allow outbound time exceeded Enabled 
Allow outbound parameter problem Enabled 
Allow inbound timestamp request Enabled 
Allow inbound mask request Enabled 
Allow outbound packet too big Enabled 
 
Policy Setting 
Windows Firewall: Allow local port exceptions Enabled 
Windows Firewall: Allow local program exceptions Enabled 
Windows Firewall: Allow logging Enabled 
Log dropped packets Enabled 
Log successful connections Disabled 
Log file path and name: C:\Windows\System32\LogFiles\Firewall\firewall.log 
Size limit (KB): 4096 
 
Policy Setting 
Windows Firewall: Allow remote administration exception Enabled 
Allow unsolicited incoming messages from: localsubnet 
Syntax: 
Type "*" to allow messages from any network, or 
else type a comma-separated list that contains 
any number or combination of these: 
IP addresses, such as 10.0.0.1 
Subnet descriptions, such as 10.2.3.0/24 
The string "localsubnet" 
Example: to allow messages from 10.0.0.1, 
10.0.0.2, and from any system on the 
local subnet or on the 10.3.4.x subnet, 
type the following: 
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24 
 
Policy Setting 
Windows Firewall: Allow Remote Desktop exception Enabled 
Allow unsolicited incoming messages from: localsubnet 
Syntax: 
Type "*" to allow messages from any network, or 
else type a comma-separated list that contains 
any number or combination of these: 
IP addresses, such as 10.0.0.1 
Subnet descriptions, such as 10.2.3.0/24 
The string "localsubnet" 
Example: to allow messages from 10.0.0.1, 
10.0.0.2, and from any system on the 
local subnet or on the 10.3.4.x subnet, 
type the following: 
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24 
 
Policy Setting 
Windows Firewall: Allow UPnP framework exception Enabled 
Allow unsolicited incoming messages from: localsubnet 
Syntax: 
Type "*" to allow messages from any network, or 
else type a comma-separated list that contains 
any number or combination of these: 
IP addresses, such as 10.0.0.1 
Subnet descriptions, such as 10.2.3.0/24 
The string "localsubnet" 
Example: to allow messages from 10.0.0.1, 
10.0.0.2, and from any system on the 
local subnet or on the 10.3.4.x subnet, 
type the following: 
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24 
 
Policy Setting 
Windows Firewall: Do not allow exceptions Disabled 
Windows Firewall: Prohibit notifications Enabled 
Windows Firewall: Prohibit unicast response to multicast or broadcast requests Enabled 
Windows Firewall: Protect all network connections Enabled 
 
Network/Network Connections/Windows Firewall/Standard Profilehide
Policy Setting 
Windows Firewall: Allow file and printer sharing exception Disabled 
Windows Firewall: Allow ICMP exceptions Disabled 
Windows Firewall: Allow local port exceptions Disabled 
Windows Firewall: Allow local program exceptions Disabled 
Windows Firewall: Allow logging Enabled 
Log dropped packets Enabled 
Log successful connections Disabled 
Log file path and name: C:\Windows\System32\LogFiles\Firewall\firewall.log 
Size limit (KB): 4096 
 
Policy Setting 
Windows Firewall: Allow remote administration exception Disabled 
Windows Firewall: Allow Remote Desktop exception Disabled 
Windows Firewall: Allow UPnP framework exception Disabled 
Windows Firewall: Do not allow exceptions Enabled 
Windows Firewall: Prohibit notifications Disabled 
Windows Firewall: Protect all network connections Enabled 
 
Extra Registry Settingshide
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.
 
Setting State 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\Enabled 1 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%programfiles%\Common Files\Symantec Shared\ccApp.exe:localsubnet:enabled %programfiles%\Common Files\Symantec Shared\ccApp.exe:localsubnet:enabled 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%programfiles%\Symantec\Symantec Endpoint Protection\Smc.exe:localsubnet:enabled %programfiles%\Symantec\Symantec Endpoint Protection\Smc.exe:localsubnet:enabled 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%programfiles%\Symantec\Symantec Endpoint Protection\SNAC.exe:localsubnet:enabled %programfiles%\Symantec\Symantec Endpoint Protection\SNAC.exe:localsubnet:enabled 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%systemroot%\system32\dmadmin.exe:localsubnet:enabled:Logical Disk Manager %systemroot%\system32\dmadmin.exe:localsubnet:enabled:Logical Disk Manager 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%systemroot%\system32\dmremote.exe:localsubnet:enabled:Logical Disk Manager %systemroot%\system32\dmremote.exe:localsubnet:enabled:Logical Disk Manager 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%systemroot%\system32\ftp.exe %systemroot%\system32\ftp.exe 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%systemroot%\system32\INETSRV\inetinfo.exe:localsubnet:enabled %systemroot%\system32\INETSRV\inetinfo.exe:localsubnet:enabled 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%systemroot%\system32\mmc.exe:localsubnet:enabled %systemroot%\system32\mmc.exe:localsubnet:enabled 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%systemroot%\system32\WBEM\unsecapp.exe:localsubnet:enabled %systemroot%\system32\WBEM\unsecapp.exe:localsubnet:enabled 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\Enabled 1 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\20:TCP:localsubnet:enabled:FTP 20:TCP:localsubnet:enabled:FTP 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\21:TCP:localsubnet:enabled:FTP 21:TCP:localsubnet:enabled:FTP 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\2967:TCP:localsubnet:enabled:Winsock(SAV) 2967:TCP:localsubnet:enabled:Winsock(SAV) 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\3702:TCP:localsubnet:enabled:Vista Network Discovery 3702:TCP:localsubnet:enabled:Vista Network Discovery 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\38293:TCP:localsubnet:enabled:Intel PDS Service 38293:TCP:localsubnet:enabled:Intel PDS Service 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\443:TCP:localsubnet:enabled:HTTPS 443:TCP:localsubnet:enabled:HTTPS 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\5357:TCP:localsubnet:enabled:Vista Network Discovery 5357:TCP:localsubnet:enabled:Vista Network Discovery 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\5358:TCP:localsubnet:enabled:Vista Network Discovery 5358:TCP:localsubnet:enabled:Vista Network Discovery 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\5900:TCP:localsubnet:enabled:GenControl 5900:TCP:localsubnet:enabled:GenControl 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\80:TCP:localsubnet:enabled:HTTP 80:TCP:localsubnet:enabled:HTTP 
SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\8530:TCP:localsubnet:enabled:WSUS 8530:TCP:localsubnet:enabled:WSUS 
SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\Enabled 0 
SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\Enabled 0

Open in new window

0
Comment
Question by:tbeck1983
  • 3
  • 3
6 Comments
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22683059
When you say you cannot access it do you mean cannot browse to its shares, can't RDP to it, or can't remotely manage it?
0
 

Author Comment

by:tbeck1983
ID: 22683162
Can't browse shares, can't RDP or remotely manage.
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22683201
Policy Setting
Windows Firewall: Allow remote administration exception Disabled
Windows Firewall: Allow Remote Desktop exception Disabled
Windows Firewall: Allow UPnP framework exception Disabled
Windows Firewall: Do not allow exceptions Enabled
Windows Firewall: Prohibit notifications Disabled
Windows Firewall: Protect all network connections Enabled  
You seem to have those items disabled...
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:tbeck1983
ID: 22683638
The standard profile only applies when the computer is not connected to the domain.  If you'll look up top you'll see that for the domain profile has both of those enabled.  
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22683648
Have you use the RSoP wizard to make sure that the policy is applying in the way that you think it should be?
0
 

Accepted Solution

by:
tbeck1983 earned 0 total points
ID: 22799205
I figured it out.  You have to setup firewall policies under Widnwos Settings | Security Settings | Widnows Firewall with Advanced Security in Group Policies.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Picasa MPG no sound 3 1,048
How to switch langages in Vista 9 356
Can't download updates after i factory restore a Lenovo Desktop 8 319
uninstall windows 10 6 147
There are many reasons a PC runs slower than when it was new, ranging from malicious software intended to mess things up to simple general Windows use.  Your PC performance may slowly degrade over time without you noticing but when you buy a PC from…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question