Solved

Enable iSCSI service on Windows firewall through Group Policy

Posted on 2012-03-15
7
756 Views
Last Modified: 2012-04-02
Are setup: Windows 7 32bit OS, Server 2008R2

I want to enable iSCSI service tcp-in for all networks on the firewall. I would like to do this through Group Policy. I have tried adding this already and created a rule but it will not apply. I have tested just turning the firewall off and it works fine, but I would prefer not to do that for just one thing. I know I do this in Computer Config\Policies\Windows Settings\Security Settings and then Firewall. When I applied and checked with gpresult /r on the PC I am testing on it says "denied access".

Any assistance is appreciated. Let me know if you have any questions.

Thank you,
0
Comment
Question by:SilverSharp
  • 4
  • 2
7 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 37726924
Not sure what the point is since the only iscsi target host is the windows 2008 server, what port are you allowing and what is the security filter you are using for the GPO?

Are you allowing port 3250 for the discovery?
Use gpmc to get info policy events to see why it is being denied.
0
 

Author Comment

by:SilverSharp
ID: 37729705
Yea, we are using the iSCSI service to do discovery. We have an application that will detect what user is on a specific computer. Do you mean allowing port 3260? Do I need to run the gpmc from the PC I am trying to apply it to?
0
 
LVL 76

Expert Comment

by:arnold
ID: 37729843
You would run GPMC on the DC and then use the group policy results wizard to see what policy applies to a computer/user and there you should see why a setting is not being applied i.e. there is another policy that is processed first and is the one the sets the item, i.e. causing a conflict. you could enforce the policy to make sure it takes precedent over all others.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 39

Expert Comment

by:footech
ID: 37734124
You're probably getting a "denied access" because of security filtering.  If you could provide what settings you are using for this on your GPO as Arnold asked, it would be helpful.

If you're not too familiar with group policy, computer settings have to apply to computer objects in AD.  You should link the GPO to an OU (or it's parent OU) that has the computer objects you want to apply to (if you have set up an OU for this purpose), or you can link at the domain level (if all your computers are in the default computers container).  If you have security filtering set to "Authenticated Users" it will match both users and computers.  If you think this sounds like a problem, that's not necessarily true.  If your GPO only has computer settings, it won't apply to users and vice versa.
0
 

Author Comment

by:SilverSharp
ID: 37737596
So would it be best to create an OU - maybe called Firewall, add all the OU's I created for each dept - add them in and then put that in the GP?
0
 
LVL 76

Accepted Solution

by:
arnold earned 255 total points
ID: 37737641
What is the result of running gpmc on one computer? Do you have another policy that deals with firewall settings?
The GPO applies based on group memberships, so you would either need to apply this policy at the top of the ad, or added/linked to each OU.
0
 
LVL 76

Expert Comment

by:arnold
ID: 37737646
There are other methods to have users setup with a GPO login script that will reord the user that logged into a system.  The script can add the data to a flat file or into a database depending on your needs.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now