Windows Firewall GPO Settings

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

What is the difference between the Domain Profile and Standard Profile
settings in Group Policy under Computer Config > Admin Templates > Network >
Windows Firewall ?
2 answers Last reply
More about windows firewall settings
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    DrNASA wrote:

    > What is the difference between the Domain Profile and Standard Profile
    > settings in Group Policy under Computer Config > Admin Templates >
    > Network > Windows Firewall ?
    Hi

    Here is how the SP2 firewall determines if it is to activate
    the domain or standard profile:

    If last-received Group Policy update DNS name match any of the
    connection-specific DNS suffixes of the currently connected
    connections (not PPP or SLIP-based) on the computer the FW's
    domain settings will be used. In all other cases the standard
    profile will be used. There is no way to change this behavior.

    From
    The Cable Guy - May 2004
    Network Determination Behavior for Network-Related Group Policy Settings
    http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx

    <quote>
    To apply this behavior to Windows Firewall settings:

    () If the connection-specific DNS suffix of a currently connected
    connection on the computer that is not PPP or SLIP-based (such as
    an Ethernet or 802.11 wireless network adapter) matches the value
    of the
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
    Policy\History\NetworkName registry entry, Windows Firewall uses
    the domain profile.

    () If the connection-specific DNS suffix of a currently connected
    connection on the computer that is not PPP or SLIP-based does not
    match the value of the
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
    Policy\History\NetworkName registry entry, Windows Firewall uses
    the standard profile.

    You can determine the connection-specific DNS suffixes of the
    currently connected connections on the computer from the display
    of the ipconfig command issued from a command prompt.

    </quote>

    Read the Cable Guy article for more about this.


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/scriptcenter/default.mspx
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Okay, so it's probably a good idea to configure both.

    Thanks!

    "Torgeir Bakken (MVP)" wrote:

    > DrNASA wrote:
    >
    > > What is the difference between the Domain Profile and Standard Profile
    > > settings in Group Policy under Computer Config > Admin Templates >
    > > Network > Windows Firewall ?
    > Hi
    >
    > Here is how the SP2 firewall determines if it is to activate
    > the domain or standard profile:
    >
    > If last-received Group Policy update DNS name match any of the
    > connection-specific DNS suffixes of the currently connected
    > connections (not PPP or SLIP-based) on the computer the FW's
    > domain settings will be used. In all other cases the standard
    > profile will be used. There is no way to change this behavior.
    >
    > From
    > The Cable Guy - May 2004
    > Network Determination Behavior for Network-Related Group Policy Settings
    > http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx
    >
    > <quote>
    > To apply this behavior to Windows Firewall settings:
    >
    > () If the connection-specific DNS suffix of a currently connected
    > connection on the computer that is not PPP or SLIP-based (such as
    > an Ethernet or 802.11 wireless network adapter) matches the value
    > of the
    > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
    > Policy\History\NetworkName registry entry, Windows Firewall uses
    > the domain profile.
    >
    > () If the connection-specific DNS suffix of a currently connected
    > connection on the computer that is not PPP or SLIP-based does not
    > match the value of the
    > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
    > Policy\History\NetworkName registry entry, Windows Firewall uses
    > the standard profile.
    >
    > You can determine the connection-specific DNS suffixes of the
    > currently connected connections on the computer from the display
    > of the ipconfig command issued from a command prompt.
    >
    > </quote>
    >
    > Read the Cable Guy article for more about this.
    >
    >
    > --
    > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    > Administration scripting examples and an ONLINE version of
    > the 1328 page Scripting Guide:
    > http://www.microsoft.com/technet/scriptcenter/default.mspx
    >
Ask a new question

Read More

Security Firewalls Microsoft Windows XP