Windows Firewall GPO Settings

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

What is the difference between the Domain Profile and Standard Profile
settings in Group Policy under Computer Config > Admin Templates > Network >
Windows Firewall ?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

DrNASA wrote:

> What is the difference between the Domain Profile and Standard Profile
> settings in Group Policy under Computer Config > Admin Templates >
> Network > Windows Firewall ?
Hi

Here is how the SP2 firewall determines if it is to activate
the domain or standard profile:

If last-received Group Policy update DNS name match any of the
connection-specific DNS suffixes of the currently connected
connections (not PPP or SLIP-based) on the computer the FW's
domain settings will be used. In all other cases the standard
profile will be used. There is no way to change this behavior.

From
The Cable Guy - May 2004
Network Determination Behavior for Network-Related Group Policy Settings
http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx

<quote>
To apply this behavior to Windows Firewall settings:

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based (such as
an Ethernet or 802.11 wireless network adapter) matches the value
of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the domain profile.

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based does not
match the value of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the standard profile.

You can determine the connection-specific DNS suffixes of the
currently connected connections on the computer from the display
of the ipconfig command issued from a command prompt.

</quote>

Read the Cable Guy article for more about this.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Okay, so it's probably a good idea to configure both.

Thanks!

"Torgeir Bakken (MVP)" wrote:

> DrNASA wrote:
>
> > What is the difference between the Domain Profile and Standard Profile
> > settings in Group Policy under Computer Config > Admin Templates >
> > Network > Windows Firewall ?
> Hi
>
> Here is how the SP2 firewall determines if it is to activate
> the domain or standard profile:
>
> If last-received Group Policy update DNS name match any of the
> connection-specific DNS suffixes of the currently connected
> connections (not PPP or SLIP-based) on the computer the FW's
> domain settings will be used. In all other cases the standard
> profile will be used. There is no way to change this behavior.
>
> From
> The Cable Guy - May 2004
> Network Determination Behavior for Network-Related Group Policy Settings
> http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx
>
> <quote>
> To apply this behavior to Windows Firewall settings:
>
> () If the connection-specific DNS suffix of a currently connected
> connection on the computer that is not PPP or SLIP-based (such as
> an Ethernet or 802.11 wireless network adapter) matches the value
> of the
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
> Policy\History\NetworkName registry entry, Windows Firewall uses
> the domain profile.
>
> () If the connection-specific DNS suffix of a currently connected
> connection on the computer that is not PPP or SLIP-based does not
> match the value of the
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
> Policy\History\NetworkName registry entry, Windows Firewall uses
> the standard profile.
>
> You can determine the connection-specific DNS suffixes of the
> currently connected connections on the computer from the display
> of the ipconfig command issued from a command prompt.
>
> </quote>
>
> Read the Cable Guy article for more about this.
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom