|
sponsored links |
|
|
sponsored links
|
|
1
22nd July 05:24
External User
Posts: 1
|
Group Policy - WinXp firewall
Yes, the settings for GP are under "Computer
Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall: Define port exceptions" Roger |
|
|
|
2
22nd July 09:31
External User
Posts: 1
|
Group Policy - WinXp firewall
*YES!*
But , as I explained, on this server at least, the only option is either to allow a local administrator to make changes or not. I want to enforce the opening of the specific port # 6719 on all computers. That option is not available in this tree of the GP. I am asking if anyone knows the correct method of enforcing the opening of specific ports. And that is NOT what you explained. Dale |
|
|
|
3
22nd July 09:47
External User
Posts: 1
|
Group Policy - WinXp firewall
Dale,
then I'll ask you if you installed the patches to SBS to make Group Policy WinXPSP2 aware? There were a couple of patches for SBS (not offered through WU) that added ADM templates for WinXPSP2. Without these templates you won't see all the settings. If you've got those patches, here's the step-by-step... On the server open Group Policy Management (I prefer to open it directly from Administrative Tools but you can open it from Server Management if you want.) Expand the Forest, Domains, your domain.local, then Group Policy Objects. Right click Group Policy Objects and select New; give the new policy an appropriate name. Right click the newly created policy and select Edit; this will open the Group Policy Object Editor with the new policy open. Drill down into Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile. Right click "Windows Firewall: Define port exceptions" and select properties. Click "Enabled", then the "Show" button. In the "Show Contents" dialog, click the Add button. The syntax for a port exception is <Port>:<Transport>:<Scope>:<Status>:<Name> (this is shown in the setting property page. In your case I believe the correct setting should be: "6719:TCP:localsubnet:enabled  atabase Application"without the quotes. The setting "localsubnet" determines which part of your network the port should be open for; localsubnet will open it for all computers on the same sub net. Now drill down into Computer Configuration/Administrative Templates/System/Logon and enable "Always wait for the network at computer startup and logon"; this will make the client wait for the network to be available before trying to apply policy. Close the Group Policy Object Editor. Now go back to Group Policy Management and right click one of the nodes under MyBusiness and select "Link an Existing GPO" and select the Group Policy Object you created above. Which node to right-click depends on what OU you want to apply the GPO to. After you've applied it to a node, expand the node you applied it to and click the linked GPO in the tree; you'll see the details on the right side of the Group Policy Management Window. At the bottom, under "WMI Filtering" change it to "PostSP2"; this will restrict the policy just to WinXPSP2 computers. It may take a time or two for the clients to reboot and log in before it 'takes.' Dale, I just did this myself last week on a new network and it did exactly what I wanted. If this still doesn't answer your questions then I'm sorry, I'm just not understanding your problem. Roger Dale wrote: |
|
|
|
Linear Mode
