Small Business Server Windows Vista Policy Blocks Ping

Posted on 2011-04-23
Medium Priority
Last Modified: 2012-05-11
Hello Experts!

I’m having issues between a 2003 SBS server and a Dell Latitude Laptop running Vista Business.  All PCs and servers are X32.  The laptop can ping the server and other workstations on the LAN, but those machines cannot ping the laptop.  I can browse to the laptop through Network Neighborhood and using \\laptop.  The laptop is getting an IP from the SBS server.  When I ping the laptop from the server by machine name, it kicks back the correct IP but times out.

This laptop needs to access a geological app, (GeoGraphix), which runs in a client\server mode off a mapped drive on another server running 2003 R2.  When I open GeoGraphix on the laptop, it can’t see the host server or any of the other PCs with the same installed app.

I figured that this had to be a firewall issue, so I started looking at my settings in Group Policy.  Found a GPO called Small Business Server - Windows Vista policy.  When I disable that policy, I am able to turn off the firewall on the client and GeoGraphix is able to see and access the projects on the server.  I can also then ping the laptop from the server.

How can I edit this Small Business Server - Windows Vista policy to allow access to GeoGraphix?  Why do I need this specific Vista policy anyway?  Why can’t I just apply the regular Small Business Server Windows Firewall policy to his laptop?  All the other GeoGraphix clients are running XPP X32 and are, (I assume), controlled by the Small Business Server Windows Firewall policy…and can connect to the server database fine.
Question by:snake454
LVL 60

Accepted Solution

Cliff Galiher earned 2000 total points
ID: 35454478
In XP and 2003, the "firewall" that comes with windows was tied with the internet sharing component and was reliant on other non-firewall services. That meant a flaw found in one of those services, such as RRAS, made the firewall ineffective.

As you may recall, around 2005, MS decided to completely change their software development policies regarding security development. XP SP2 was one of the first things to come out of that initiative, but Vista was also developed heavily under the new rules. One of the major significant chnges in Vista (and 2008,R2,Win7) is that the firewally wasn't simply retooled, but was completely rewritten. Because of the signficant changes to the firewall to add *real* security, it no longer had other service dependencies, so regisry keys that controlled those other services no longer impacted the firewall.

Since grou policy rules are really just a set of predefined and controlled registry changes, this means that the 2003 firewall rules would not apply to Vista, and again, under Microsoft's new "more secure" mantra, they wanted to give you a good default that is secure. This is something I happen to agree with. So they included new group policy tempaltes to conrol the updated firewalls, and those firewalls are configured very secure by default.

As far as unblocking traffic, you can temporarily disable the GPO so you can control the firewalal, but instead of *disabling* the firewall, turn on logging of blocked packets. Attempt your connection. Turn off logging. Enable the GPO. View the log. Add "allow" rules based on what you find...preferrably in a new GPO so you can alter, update, or remove it without impacting other defaults.

That's a high level overview, but if you get stuck on a step, feel free to ask.


Author Closing Comment

ID: 35478621

Thanks for a excellent response!  I have jacked around with the Small Business Server - Windows Vista GPO for 3 days now and cannot get the app to see the network projects when the firewall is turned on.  I am getting behind on my other projects and so...I just disabled the Vista firewall.  Not a good solution I grant you...but it solves the problem.

THANKS for  you help!!

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Is your organization moving toward a cloud and mobile-first environment? In this transition, your IT department will encounter many challenges, such as navigating how to: Deploy new applications and services to a growing team Accommodate employee…
Stellar Phoenix SQL Database Repair software easily fixes the suspect mode issue of SQL Server database. It is a simple process to bring the database from suspect mode to normal mode. Check out the video and fix the SQL database suspect mode problem.
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question