Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Enable iSCSI service on Windows firewall through Group Policy

Posted on 2012-03-15
7
782 Views
Last Modified: 2012-04-02
Are setup: Windows 7 32bit OS, Server 2008R2

I want to enable iSCSI service tcp-in for all networks on the firewall. I would like to do this through Group Policy. I have tried adding this already and created a rule but it will not apply. I have tested just turning the firewall off and it works fine, but I would prefer not to do that for just one thing. I know I do this in Computer Config\Policies\Windows Settings\Security Settings and then Firewall. When I applied and checked with gpresult /r on the PC I am testing on it says "denied access".

Any assistance is appreciated. Let me know if you have any questions.

Thank you,
0
Comment
Question by:SilverSharp
  • 4
  • 2
7 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 37726924
Not sure what the point is since the only iscsi target host is the windows 2008 server, what port are you allowing and what is the security filter you are using for the GPO?

Are you allowing port 3250 for the discovery?
Use gpmc to get info policy events to see why it is being denied.
0
 

Author Comment

by:SilverSharp
ID: 37729705
Yea, we are using the iSCSI service to do discovery. We have an application that will detect what user is on a specific computer. Do you mean allowing port 3260? Do I need to run the gpmc from the PC I am trying to apply it to?
0
 
LVL 77

Expert Comment

by:arnold
ID: 37729843
You would run GPMC on the DC and then use the group policy results wizard to see what policy applies to a computer/user and there you should see why a setting is not being applied i.e. there is another policy that is processed first and is the one the sets the item, i.e. causing a conflict. you could enforce the policy to make sure it takes precedent over all others.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 40

Expert Comment

by:footech
ID: 37734124
You're probably getting a "denied access" because of security filtering.  If you could provide what settings you are using for this on your GPO as Arnold asked, it would be helpful.

If you're not too familiar with group policy, computer settings have to apply to computer objects in AD.  You should link the GPO to an OU (or it's parent OU) that has the computer objects you want to apply to (if you have set up an OU for this purpose), or you can link at the domain level (if all your computers are in the default computers container).  If you have security filtering set to "Authenticated Users" it will match both users and computers.  If you think this sounds like a problem, that's not necessarily true.  If your GPO only has computer settings, it won't apply to users and vice versa.
0
 

Author Comment

by:SilverSharp
ID: 37737596
So would it be best to create an OU - maybe called Firewall, add all the OU's I created for each dept - add them in and then put that in the GP?
0
 
LVL 77

Accepted Solution

by:
arnold earned 255 total points
ID: 37737641
What is the result of running gpmc on one computer? Do you have another policy that deals with firewall settings?
The GPO applies based on group memberships, so you would either need to apply this policy at the top of the ad, or added/linked to each OU.
0
 
LVL 77

Expert Comment

by:arnold
ID: 37737646
There are other methods to have users setup with a GPO login script that will reord the user that logged into a system.  The script can add the data to a flat file or into a database depending on your needs.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question