HMBNETPC
asked on
Unable to access PC inside a domain with RCD
Got a Windows domain with 5 PCs: 4 are Windows 7 Pro 64-bit, 1 is Windows 7 Ultimate 64-bit.
I can access all Win 7 Pro PCs using RCD within the domain, but I am unable to do so on the Windows 7 Ultimate.
I setup access to several users, including the domain admin, but am still unable to access it.
NOTE: upon going to Windows firewall settings on that machine, I see that the domain firewall is on, but grayed out.
Do I have to disable it from the domain controller? How do I go about doing that?
The DC is running Windows 2011 SBS.
Thank you.
HMBNETPC.
I can access all Win 7 Pro PCs using RCD within the domain, but I am unable to do so on the Windows 7 Ultimate.
I setup access to several users, including the domain admin, but am still unable to access it.
NOTE: upon going to Windows firewall settings on that machine, I see that the domain firewall is on, but grayed out.
Do I have to disable it from the domain controller? How do I go about doing that?
The DC is running Windows 2011 SBS.
Thank you.
HMBNETPC.
What are your domain policy settings regarding W7 workstation Firewalls?
probably windows firewall which is enable is doing this. If it is grayed out probably it is enabled based on GPO? Do you have such a GPO in your domain which could affect this PC?
You can check which GPO is applied on the machine by gpresult command
Also you can check in System settings if Remote connection is enabled for that PC
You can check which GPO is applied on the machine by gpresult command
Also you can check in System settings if Remote connection is enabled for that PC
ASKER
Helpfinder:
Thanks for your response:
1) yes, Remote Connection is enabled on the client's side ("Allow Connections from Computers Running Any version of Windows") Also, these choices are grayed out, so I couldn't change them if I wanted to.
2)How do I go about editing the GPO in server 2011 SBS?
Thanks for your response:
1) yes, Remote Connection is enabled on the client's side ("Allow Connections from Computers Running Any version of Windows") Also, these choices are grayed out, so I couldn't change them if I wanted to.
2)How do I go about editing the GPO in server 2011 SBS?
you need to open Group Policy Management (in Administrative Tools) and check GPOs and in case of need edit it.
also as I wrote you can use on Win 7 machine gpresult /r command to check which GPOs are applied and based on this you can then check and edit GPO in your server
also as I wrote you can use on Win 7 machine gpresult /r command to check which GPOs are applied and based on this you can then check and edit GPO in your server
ASKER
Helpfinder: The users are now in production mode, so I'll have to wait until lunch time to be able to run the gpresult /r command.
I'll let you know.
Weird thing is that I am able to access all other PCs, but this one. I already disjoined the domain and re-joined to same results....
Thank you.
I'll let you know.
Weird thing is that I am able to access all other PCs, but this one. I already disjoined the domain and re-joined to same results....
Thank you.
ASKER
Sinfocomar:
here is the policy for domain firewall:
Setting State Comment
Windows Firewall: Allow local program exceptions Not configured No
Windows Firewall: Define inbound program exceptions Not configured No
Windows Firewall: Protect all network connections Disabled No
Windows Firewall: Do not allow exceptions Not configured No
Windows Firewall: Allow inbound file and printer sharing exception Not configured No
Windows Firewall: Allow ICMP exceptions Not configured No
Windows Firewall: Allow logging Not configured No
Windows Firewall: Prohibit notifications Not configured No
Windows Firewall: Allow local port exceptions Not configured No
Windows Firewall: Define inbound port exceptions Not configured No
Windows Firewall: Allow inbound remote administration exception Enabled No
Windows Firewall: Allow inbound Remote Desktop exceptions Enabled No
Windows Firewall: Prohibit unicast response to multicast or broadcast requests Not configured No
Windows Firewall: Allow inbound UPnP framework exceptions Not configured No
here is the policy for domain firewall:
Setting State Comment
Windows Firewall: Allow local program exceptions Not configured No
Windows Firewall: Define inbound program exceptions Not configured No
Windows Firewall: Protect all network connections Disabled No
Windows Firewall: Do not allow exceptions Not configured No
Windows Firewall: Allow inbound file and printer sharing exception Not configured No
Windows Firewall: Allow ICMP exceptions Not configured No
Windows Firewall: Allow logging Not configured No
Windows Firewall: Prohibit notifications Not configured No
Windows Firewall: Allow local port exceptions Not configured No
Windows Firewall: Define inbound port exceptions Not configured No
Windows Firewall: Allow inbound remote administration exception Enabled No
Windows Firewall: Allow inbound Remote Desktop exceptions Enabled No
Windows Firewall: Prohibit unicast response to multicast or broadcast requests Not configured No
Windows Firewall: Allow inbound UPnP framework exceptions Not configured No
maybe GPO is linked only to this PC? Are all the PCs in the same OU in AD?
you can also try gpupdate /force command, in case GPO is not refreshed correctly (if valid GPO is to disable win firewall)
you can also try gpupdate /force command, in case GPO is not refreshed correctly (if valid GPO is to disable win firewall)
ASKER
Yes, all PCs are on the same OU in AD.
Should the gpupdate /force command be ran from the DC or the PC having the issue?
Should the gpupdate /force command be ran from the DC or the PC having the issue?
from PC - it will update PC with all GPOs which should be there
ASKER
I just tried that: updated policies, but upon trying to connect, same thing....
OK, what about gpresult /r?
ASKER
helpfinder: it is interesting to note that now the firewall on that PC is now disabled on the Domain portion (still grayed out) and only enabled to Public networks.
I temporarily disabled the firewall for public networked, tested RCD again to no avail...
I temporarily disabled the firewall for public networked, tested RCD again to no avail...
ASKER
Here you go:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\asiblesz>gpresult /r
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 7/16/2013 at 10:28:48 AM
RSOP data for SMARTINVEST\asiblesz on ASIBLESZ : Logging Mode
-------------------------- ---------- ---------- ---------- ------
OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\asiblesz
Connected over a slow link?: No
USER SETTINGS
--------------
CN=Alberto Siblesz,CN=Users,DC=smarti nvest,DC=l ocal
Last time Group Policy was applied: 7/16/2013 at 10:23:30 AM
Group Policy was applied from: SERVER01.smartinvest.local
Group Policy slow link threshold: 500 kbps
Domain Name: SMARTINVEST
Domain Type: Windows 2000
Applied Group Policy Objects
-------------------------- ---
Windows SBS CSE Policy
The following GPOs were not applied because they were filtered out
-------------------------- ---------- ---------- ---------- ---------- -
Default Domain Policy
Filtering: Not Applied (Empty)
Update Services Common Settings Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
-------------------------- ---------- ---------- -----
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
High Mandatory Level
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\asiblesz>gpresult
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 7/16/2013 at 10:28:48 AM
RSOP data for SMARTINVEST\asiblesz on ASIBLESZ : Logging Mode
--------------------------
OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\asiblesz
Connected over a slow link?: No
USER SETTINGS
--------------
CN=Alberto Siblesz,CN=Users,DC=smarti
Last time Group Policy was applied: 7/16/2013 at 10:23:30 AM
Group Policy was applied from: SERVER01.smartinvest.local
Group Policy slow link threshold: 500 kbps
Domain Name: SMARTINVEST
Domain Type: Windows 2000
Applied Group Policy Objects
--------------------------
Windows SBS CSE Policy
The following GPOs were not applied because they were filtered out
--------------------------
Default Domain Policy
Filtering: Not Applied (Empty)
Update Services Common Settings Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
--------------------------
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
High Mandatory Level
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please change Windows Firewall: Allow inbound Remote Desktop exceptions Enabled No
change to Yes
change to Yes
ASKER
Helpfinder:
Yes I can ping by IP and by name.
Yes I can ping by IP and by name.
hmm, and RDP using IP is also not working?
If you've enabled RDP exceptions at GP level... have you also checked if users are enabled for RDP in their profile
ASKER
Helpfinder: IP using RDP, same results
did you also try to change firevall settings as sinfocomar wrote?
are you able to stop windows firewall service in Services and try?
are you able to stop windows firewall service in Services and try?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All responses were accurate, but unfortunately none of them solved the issue.
I've found the solution looking at a blog on the web.
I've found the solution looking at a blog on the web.