NT 4.0 domain connected PC's use non-domain firewall setti..

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

When we enable Windows Firewall on PC connected to our NT 4.0 domain, it uses
the non-domain settings. How does Windows Firewall determine if it is
connected to a domain? We have tested this on 5 different PC's with the same
results. We are using WINS and DNS (running on NT4 servers).
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

NetPIP wrote:

> When we enable Windows Firewall on PC connected to our NT 4.0 domain, it uses
> the non-domain settings. How does Windows Firewall determine if it is
> connected to a domain? We have tested this on 5 different PC's with the same
> results. We are using WINS and DNS (running on NT4 servers).
Hi

The domain profile is only activated if you run a Active Directory
domain.

Here is how the SP2 firewall determines if it is to activate
the domain or standard profile:

If last-received Group Policy update DNS name match any of the
connection-specific DNS suffixes of the currently connected
connections (not PPP or SLIP-based) on the computer the FW's
domain settings will be used. There is no way to change this
behavior.

From
The Cable Guy - May 2004
Network Determination Behavior for Network-Related Group Policy Settings
http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx

<quote>
To apply this behavior to Windows Firewall settings:

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based (such as
an Ethernet or 802.11 wireless network adapter) matches the value
of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the domain profile.

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based does not
match the value of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the standard profile.

You can determine the connection-specific DNS suffixes of the
currently connected connections on the computer from the display
of the ipconfig command issued from a command prompt.

</quote>

Read the Cable Guy article for more about this.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Torgeir,

Thanks for your help. That's what I needed to know.



"Torgeir Bakken (MVP)" wrote:

> NetPIP wrote:
>
> > When we enable Windows Firewall on PC connected to our NT 4.0 domain, it uses
> > the non-domain settings. How does Windows Firewall determine if it is
> > connected to a domain? We have tested this on 5 different PC's with the same
> > results. We are using WINS and DNS (running on NT4 servers).
> Hi
>
> The domain profile is only activated if you run a Active Directory
> domain.
>
> Here is how the SP2 firewall determines if it is to activate
> the domain or standard profile:
>
> If last-received Group Policy update DNS name match any of the
> connection-specific DNS suffixes of the currently connected
> connections (not PPP or SLIP-based) on the computer the FW's
> domain settings will be used. There is no way to change this
> behavior.
>
> From
> The Cable Guy - May 2004
> Network Determination Behavior for Network-Related Group Policy Settings
> http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx
>
> <quote>
> To apply this behavior to Windows Firewall settings:
>
> () If the connection-specific DNS suffix of a currently connected
> connection on the computer that is not PPP or SLIP-based (such as
> an Ethernet or 802.11 wireless network adapter) matches the value
> of the
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
> Policy\History\NetworkName registry entry, Windows Firewall uses
> the domain profile.
>
> () If the connection-specific DNS suffix of a currently connected
> connection on the computer that is not PPP or SLIP-based does not
> match the value of the
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
> Policy\History\NetworkName registry entry, Windows Firewall uses
> the standard profile.
>
> You can determine the connection-specific DNS suffixes of the
> currently connected connections on the computer from the display
> of the ipconfig command issued from a command prompt.
>
> </quote>
>
> Read the Cable Guy article for more about this.
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom