Small Business Server Windows Vista Policy Blocks Ping

Posted on 2011-04-23
Last Modified: 2012-05-11
Hello Experts!

I’m having issues between a 2003 SBS server and a Dell Latitude Laptop running Vista Business.  All PCs and servers are X32.  The laptop can ping the server and other workstations on the LAN, but those machines cannot ping the laptop.  I can browse to the laptop through Network Neighborhood and using \\laptop.  The laptop is getting an IP from the SBS server.  When I ping the laptop from the server by machine name, it kicks back the correct IP but times out.

This laptop needs to access a geological app, (GeoGraphix), which runs in a client\server mode off a mapped drive on another server running 2003 R2.  When I open GeoGraphix on the laptop, it can’t see the host server or any of the other PCs with the same installed app.

I figured that this had to be a firewall issue, so I started looking at my settings in Group Policy.  Found a GPO called Small Business Server - Windows Vista policy.  When I disable that policy, I am able to turn off the firewall on the client and GeoGraphix is able to see and access the projects on the server.  I can also then ping the laptop from the server.

How can I edit this Small Business Server - Windows Vista policy to allow access to GeoGraphix?  Why do I need this specific Vista policy anyway?  Why can’t I just apply the regular Small Business Server Windows Firewall policy to his laptop?  All the other GeoGraphix clients are running XPP X32 and are, (I assume), controlled by the Small Business Server Windows Firewall policy…and can connect to the server database fine.
Question by:snake454
    LVL 56

    Accepted Solution

    In XP and 2003, the "firewall" that comes with windows was tied with the internet sharing component and was reliant on other non-firewall services. That meant a flaw found in one of those services, such as RRAS, made the firewall ineffective.

    As you may recall, around 2005, MS decided to completely change their software development policies regarding security development. XP SP2 was one of the first things to come out of that initiative, but Vista was also developed heavily under the new rules. One of the major significant chnges in Vista (and 2008,R2,Win7) is that the firewally wasn't simply retooled, but was completely rewritten. Because of the signficant changes to the firewall to add *real* security, it no longer had other service dependencies, so regisry keys that controlled those other services no longer impacted the firewall.

    Since grou policy rules are really just a set of predefined and controlled registry changes, this means that the 2003 firewall rules would not apply to Vista, and again, under Microsoft's new "more secure" mantra, they wanted to give you a good default that is secure. This is something I happen to agree with. So they included new group policy tempaltes to conrol the updated firewalls, and those firewalls are configured very secure by default.

    As far as unblocking traffic, you can temporarily disable the GPO so you can control the firewalal, but instead of *disabling* the firewall, turn on logging of blocked packets. Attempt your connection. Turn off logging. Enable the GPO. View the log. Add "allow" rules based on what you find...preferrably in a new GPO so you can alter, update, or remove it without impacting other defaults.

    That's a high level overview, but if you get stuck on a step, feel free to ask.


    Author Closing Comment


    Thanks for a excellent response!  I have jacked around with the Small Business Server - Windows Vista GPO for 3 days now and cannot get the app to see the network projects when the firewall is turned on.  I am getting behind on my other projects and so...I just disabled the Vista firewall.  Not a good solution I grant you...but it solves the problem.

    THANKS for  you help!!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now