How to control Windows XP SP2 Windows Firewall via Active ..

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

I have AD implementation in my organization. We are divided between
the main hq and 37 remote sites. Recently we wanted to roll out SP2 to
all our workstations in the hq and remote sites. We have a checkpoint
firewall in between the hq and remote sites. For the workstations at
the hq, we are not experiencing any problem with managing the windows
firewall via OU/AD. We are able to manage the exceptions, greting out
the options etc. However it is the reverse for the remote sites
workstations. Is there a specific port to added in the firewall rules?
Thanks for any suggestion.
 
B

Blade

Distinguished
Jul 3, 2003
8
0
18,510
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Paul,


Thanks for the reply. ICMP is permitted for connection from HQ to
remote sites. The WAN link is around 7Mbps to the ISP while from the
ISP to the remotes sites around 512Kbps.

About the scope, for the authenticated users, I have the permission to
allow read access.

Again many thanks for your help!
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

At what scope have you defined the GPO? Does the checkpoint allow ICMP
through? What speed connections are the WAN links?

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"noraschid.ghani" <noraschid.ghani@gmail.com> wrote in message
news:ea7a6721.0501262309.1e7817ec@posting.google.com...
Hi,

I have AD implementation in my organization. We are divided between
the main hq and 37 remote sites. Recently we wanted to roll out SP2 to
all our workstations in the hq and remote sites. We have a checkpoint
firewall in between the hq and remote sites. For the workstations at
the hq, we are not experiencing any problem with managing the windows
firewall via OU/AD. We are able to manage the exceptions, greting out
the options etc. However it is the reverse for the remote sites
workstations. Is there a specific port to added in the firewall rules?
Thanks for any suggestion.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

In addition to read access, authenticated users should also have apply GPO
permissions. This then encompasses everything within scope, i.e. computer
settings in an OU will apply to all computers in that OU.

The next thing to ensure is that you've configured this GPO so that it does
apply to the correct computers.

If this is the case, you should look in the event logs, specifically for
userenv and scecli errors and warnings. Cross reference these events with
www.eventid.net

If there's no joy there, we'll have to enable verbose logging and run some
more tests.

At what level of the AD hierarchy have you defined the GPO, and what
settings (computer or user) are you trying to apply?


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Blade" <noraschid.ghani@gmail.com> wrote in message
news:1106819559.404657.151040@c13g2000cwb.googlegroups.com...
Hi Paul,


Thanks for the reply. ICMP is permitted for connection from HQ to
remote sites. The WAN link is around 7Mbps to the ISP while from the
ISP to the remotes sites around 512Kbps.

About the scope, for the authenticated users, I have the permission to
allow read access.

Again many thanks for your help!
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom