Managing Group Policy on XP SP2

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I updated our GPO on our Windows 2000 domain controllers with the latest ADM
files from XP SP2. I did this by opening up the GPO on a Windows XP Pro
workstation with SP2 and it automatically replicated the ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are replicating to the
Windows 2000 servers. For example, in the policy path "Administrative
Templates\Network\Network Connections\Windows Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the replication process?
It would be nice to be able to define program exceptions because there are a
couple programs within our environment that won't work unless we can exclude
them. It would be preferable to do this through GP instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
14 answers Last reply
More about managing group policy
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    You might try gathering up the XP .adm templates, copying
    them to temp folder on the 2000 DC. Then opening the A/D
    Group policy on the 2000 box right click on the
    Admisitrative templates container, choose add snap-in.

    It'll show the ones currently in use in the wnnt/inf
    folder, Browse over to the new ones in the temp folder
    and select add, it should ask you about overwriting etc.

    Choose yes.

    Once the new ones are copied in you will probably get a
    bunch messages stating the new ones are too long or
    something, but you'll have to hunt down an update for this
    I think I found it at microsoft tech experts page on XP,
    but it didn't seem to want to be found with search.

    Anyways, maybe that will help.

    Regards

    Hunter


    >-----Original Message-----
    >I updated our GPO on our Windows 2000 domain controllers
    with the latest ADM
    >files from XP SP2. I did this by opening up the GPO on a
    Windows XP Pro
    >workstation with SP2 and it automatically replicated the
    ADM files to our
    >domain controllers. See document at
    >http://www.microsoft.com/technet/prodtechnol/winxppro/main
    tain/mangxpsp2/mngdepgp.mspx
    >
    >However, it seems like not all of the ADM files are
    replicating to the
    >Windows 2000 servers. For example, in the policy
    path "Administrative
    >Templates\Network\Network Connections\Windows
    Firewall\Domain Profile" there
    >are only 12 policies listed on the Windows 2000 Server
    but on the XP SP2 box,
    >there are 14 policies. The two that are missing are:
    >
    >Windows Firewall: Define program exceptions
    >Windows Firewall: Define port exceptions
    >
    >Is this by design or is there something wrong with the
    replication process?
    >It would be nice to be able to define program exceptions
    because there are a
    >couple programs within our environment that won't work
    unless we can exclude
    >them. It would be preferable to do this through GP
    instead of manually going
    >to each machine and defining the program exceptions.
    >
    >Thanks,
    >
    >d mac
    >.
    >
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    http://support.microsoft.com/?kbid=842933 documents this problem and has a
    patch available.

    --
    Bruce Sanderson MVP

    It's perfectly useless to know the right answer to the wrong question.


    "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    > You might try gathering up the XP .adm templates, copying
    > them to temp folder on the 2000 DC. Then opening the A/D
    > Group policy on the 2000 box right click on the
    > Admisitrative templates container, choose add snap-in.
    >
    > It'll show the ones currently in use in the wnnt/inf
    > folder, Browse over to the new ones in the temp folder
    > and select add, it should ask you about overwriting etc.
    >
    > Choose yes.
    >
    > Once the new ones are copied in you will probably get a
    > bunch messages stating the new ones are too long or
    > something, but you'll have to hunt down an update for this
    > I think I found it at microsoft tech experts page on XP,
    > but it didn't seem to want to be found with search.
    >
    > Anyways, maybe that will help.
    >
    > Regards
    >
    > Hunter
    >
    >
    >
    >>-----Original Message-----
    >>I updated our GPO on our Windows 2000 domain controllers
    > with the latest ADM
    >>files from XP SP2. I did this by opening up the GPO on a
    > Windows XP Pro
    >>workstation with SP2 and it automatically replicated the
    > ADM files to our
    >>domain controllers. See document at
    >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    > tain/mangxpsp2/mngdepgp.mspx
    >>
    >>However, it seems like not all of the ADM files are
    > replicating to the
    >>Windows 2000 servers. For example, in the policy
    > path "Administrative
    >>Templates\Network\Network Connections\Windows
    > Firewall\Domain Profile" there
    >>are only 12 policies listed on the Windows 2000 Server
    > but on the XP SP2 box,
    >>there are 14 policies. The two that are missing are:
    >>
    >>Windows Firewall: Define program exceptions
    >>Windows Firewall: Define port exceptions
    >>
    >>Is this by design or is there something wrong with the
    > replication process?
    >>It would be nice to be able to define program exceptions
    > because there are a
    >>couple programs within our environment that won't work
    > unless we can exclude
    >>them. It would be preferable to do this through GP
    > instead of manually going
    >>to each machine and defining the program exceptions.
    >>
    >>Thanks,
    >>
    >>d mac
    >>.
    >>
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hi there,

    I downloaded the 842933 patch before opening the GPO on the XP SP2
    workstation, so I haven't had any of the "The following entry in the
    [strings] section is too long and has been truncated" errors. But I still
    have the issue where not all the policies are showing up on the Windows 2000
    Server vs. the XP SP2 workstation. Is this a known issue?

    I will try Hunter's suggestion on manually importing the ADM files on the
    Windows 2000 server to see if that updates all the policies on the domain
    controllers to match the same amount showing on the XP SP2 workstation.

    I'll let you know how it goes.

    Thanks

    d mac

    "Bruce Sanderson" wrote:

    > http://support.microsoft.com/?kbid=842933 documents this problem and has a
    > patch available.
    >
    > --
    > Bruce Sanderson MVP
    >
    > It's perfectly useless to know the right answer to the wrong question.
    >
    >
    > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    > > You might try gathering up the XP .adm templates, copying
    > > them to temp folder on the 2000 DC. Then opening the A/D
    > > Group policy on the 2000 box right click on the
    > > Admisitrative templates container, choose add snap-in.
    > >
    > > It'll show the ones currently in use in the wnnt/inf
    > > folder, Browse over to the new ones in the temp folder
    > > and select add, it should ask you about overwriting etc.
    > >
    > > Choose yes.
    > >
    > > Once the new ones are copied in you will probably get a
    > > bunch messages stating the new ones are too long or
    > > something, but you'll have to hunt down an update for this
    > > I think I found it at microsoft tech experts page on XP,
    > > but it didn't seem to want to be found with search.
    > >
    > > Anyways, maybe that will help.
    > >
    > > Regards
    > >
    > > Hunter
    > >
    > >
    > >
    > >>-----Original Message-----
    > >>I updated our GPO on our Windows 2000 domain controllers
    > > with the latest ADM
    > >>files from XP SP2. I did this by opening up the GPO on a
    > > Windows XP Pro
    > >>workstation with SP2 and it automatically replicated the
    > > ADM files to our
    > >>domain controllers. See document at
    > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    > > tain/mangxpsp2/mngdepgp.mspx
    > >>
    > >>However, it seems like not all of the ADM files are
    > > replicating to the
    > >>Windows 2000 servers. For example, in the policy
    > > path "Administrative
    > >>Templates\Network\Network Connections\Windows
    > > Firewall\Domain Profile" there
    > >>are only 12 policies listed on the Windows 2000 Server
    > > but on the XP SP2 box,
    > >>there are 14 policies. The two that are missing are:
    > >>
    > >>Windows Firewall: Define program exceptions
    > >>Windows Firewall: Define port exceptions
    > >>
    > >>Is this by design or is there something wrong with the
    > > replication process?
    > >>It would be nice to be able to define program exceptions
    > > because there are a
    > >>couple programs within our environment that won't work
    > > unless we can exclude
    > >>them. It would be preferable to do this through GP
    > > instead of manually going
    > >>to each machine and defining the program exceptions.
    > >>
    > >>Thanks,
    > >>
    > >>d mac
    > >>.
    > >>
    >
    >
    >
  4. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    I imported the ADM files from the XP SP2 workstation and still some of the
    policies are missing (as mentioned below). I even imported the ADM files
    from the Microsoft website (at
    http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en) and still there are some missing.

    It seems like there might be certain policies that aren't compatible with
    Windows 2000 Server. Does anyone know what I should try next?

    Thanks,

    d mac

    "d mac" wrote:

    > Hi there,
    >
    > I downloaded the 842933 patch before opening the GPO on the XP SP2
    > workstation, so I haven't had any of the "The following entry in the
    > [strings] section is too long and has been truncated" errors. But I still
    > have the issue where not all the policies are showing up on the Windows 2000
    > Server vs. the XP SP2 workstation. Is this a known issue?
    >
    > I will try Hunter's suggestion on manually importing the ADM files on the
    > Windows 2000 server to see if that updates all the policies on the domain
    > controllers to match the same amount showing on the XP SP2 workstation.
    >
    > I'll let you know how it goes.
    >
    > Thanks
    >
    > d mac
    >
    > "Bruce Sanderson" wrote:
    >
    > > http://support.microsoft.com/?kbid=842933 documents this problem and has a
    > > patch available.
    > >
    > > --
    > > Bruce Sanderson MVP
    > >
    > > It's perfectly useless to know the right answer to the wrong question.
    > >
    > >
    > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    > > > You might try gathering up the XP .adm templates, copying
    > > > them to temp folder on the 2000 DC. Then opening the A/D
    > > > Group policy on the 2000 box right click on the
    > > > Admisitrative templates container, choose add snap-in.
    > > >
    > > > It'll show the ones currently in use in the wnnt/inf
    > > > folder, Browse over to the new ones in the temp folder
    > > > and select add, it should ask you about overwriting etc.
    > > >
    > > > Choose yes.
    > > >
    > > > Once the new ones are copied in you will probably get a
    > > > bunch messages stating the new ones are too long or
    > > > something, but you'll have to hunt down an update for this
    > > > I think I found it at microsoft tech experts page on XP,
    > > > but it didn't seem to want to be found with search.
    > > >
    > > > Anyways, maybe that will help.
    > > >
    > > > Regards
    > > >
    > > > Hunter
    > > >
    > > >
    > > >
    > > >>-----Original Message-----
    > > >>I updated our GPO on our Windows 2000 domain controllers
    > > > with the latest ADM
    > > >>files from XP SP2. I did this by opening up the GPO on a
    > > > Windows XP Pro
    > > >>workstation with SP2 and it automatically replicated the
    > > > ADM files to our
    > > >>domain controllers. See document at
    > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    > > > tain/mangxpsp2/mngdepgp.mspx
    > > >>
    > > >>However, it seems like not all of the ADM files are
    > > > replicating to the
    > > >>Windows 2000 servers. For example, in the policy
    > > > path "Administrative
    > > >>Templates\Network\Network Connections\Windows
    > > > Firewall\Domain Profile" there
    > > >>are only 12 policies listed on the Windows 2000 Server
    > > > but on the XP SP2 box,
    > > >>there are 14 policies. The two that are missing are:
    > > >>
    > > >>Windows Firewall: Define program exceptions
    > > >>Windows Firewall: Define port exceptions
    > > >>
    > > >>Is this by design or is there something wrong with the
    > > > replication process?
    > > >>It would be nice to be able to define program exceptions
    > > > because there are a
    > > >>couple programs within our environment that won't work
    > > > unless we can exclude
    > > >>them. It would be preferable to do this through GP
    > > > instead of manually going
    > > >>to each machine and defining the program exceptions.
    > > >>
    > > >>Thanks,
    > > >>
    > > >>d mac
    > > >>.
    > > >>
    > >
    > >
    > >
  5. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Short of the first suggestion I had I guess you could try
    The Knowledge Base Article - 323639 ( how to create Custom
    Adm templates in windows 2000)

    H


    >-----Original Message-----
    >Hi there,
    >
    >I downloaded the 842933 patch before opening the GPO on
    the XP SP2
    >workstation, so I haven't had any of the "The following
    entry in the
    >[strings] section is too long and has been truncated"
    errors. But I still
    >have the issue where not all the policies are showing up
    on the Windows 2000
    >Server vs. the XP SP2 workstation. Is this a known issue?
    >
    >I will try Hunter's suggestion on manually importing the
    ADM files on the
    >Windows 2000 server to see if that updates all the
    policies on the domain
    >controllers to match the same amount showing on the XP
    SP2 workstation.
    >
    >I'll let you know how it goes.
    >
    >Thanks
    >
    >d mac
    >
    >"Bruce Sanderson" wrote:
    >
    >> http://support.microsoft.com/?kbid=842933 documents
    this problem and has a
    >> patch available.
    >>
    >> --
    >> Bruce Sanderson MVP
    >>
    >> It's perfectly useless to know the right answer to the
    wrong question.
    >>
    >>
    >> "Hunter" <anonymous@discussions.microsoft.com> wrote in
    message
    >> news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    >> > You might try gathering up the XP .adm templates,
    copying
    >> > them to temp folder on the 2000 DC. Then opening the
    A/D
    >> > Group policy on the 2000 box right click on the
    >> > Admisitrative templates container, choose add snap-in.
    >> >
    >> > It'll show the ones currently in use in the wnnt/inf
    >> > folder, Browse over to the new ones in the temp
    folder
    >> > and select add, it should ask you about overwriting
    etc.
    >> >
    >> > Choose yes.
    >> >
    >> > Once the new ones are copied in you will probably get
    a
    >> > bunch messages stating the new ones are too long or
    >> > something, but you'll have to hunt down an update for
    this
    >> > I think I found it at microsoft tech experts page on
    XP,
    >> > but it didn't seem to want to be found with search.
    >> >
    >> > Anyways, maybe that will help.
    >> >
    >> > Regards
    >> >
    >> > Hunter
    >> >
    >> >
    >> >
    >> >>-----Original Message-----
    >> >>I updated our GPO on our Windows 2000 domain
    controllers
    >> > with the latest ADM
    >> >>files from XP SP2. I did this by opening up the GPO
    on a
    >> > Windows XP Pro
    >> >>workstation with SP2 and it automatically replicated
    the
    >> > ADM files to our
    >> >>domain controllers. See document at
    >>
    >>http://www.microsoft.com/technet/prodtechnol/winxppro/mai
    n
    >> > tain/mangxpsp2/mngdepgp.mspx
    >> >>
    >> >>However, it seems like not all of the ADM files are
    >> > replicating to the
    >> >>Windows 2000 servers. For example, in the policy
    >> > path "Administrative
    >> >>Templates\Network\Network Connections\Windows
    >> > Firewall\Domain Profile" there
    >> >>are only 12 policies listed on the Windows 2000 Server
    >> > but on the XP SP2 box,
    >> >>there are 14 policies. The two that are missing are:
    >> >>
    >> >>Windows Firewall: Define program exceptions
    >> >>Windows Firewall: Define port exceptions
    >> >>
    >> >>Is this by design or is there something wrong with the
    >> > replication process?
    >> >>It would be nice to be able to define program
    exceptions
    >> > because there are a
    >> >>couple programs within our environment that won't work
    >> > unless we can exclude
    >> >>them. It would be preferable to do this through GP
    >> > instead of manually going
    >> >>to each machine and defining the program exceptions.
    >> >>
    >> >>Thanks,
    >> >>
    >> >>d mac
    >> >>.
    >> >>
    >>
    >>
    >>
    >.
    >
  6. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    I've been facing the EXACT same issue since yesterday. If you come up with a
    solution, it would be great to post it here. I'll do the same.

    billj

    "d mac" wrote:

    > I imported the ADM files from the XP SP2 workstation and still some of the
    > policies are missing (as mentioned below). I even imported the ADM files
    > from the Microsoft website (at
    > http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en) and still there are some missing.
    >
    > It seems like there might be certain policies that aren't compatible with
    > Windows 2000 Server. Does anyone know what I should try next?
    >
    > Thanks,
    >
    > d mac
    >
    > "d mac" wrote:
    >
    > > Hi there,
    > >
    > > I downloaded the 842933 patch before opening the GPO on the XP SP2
    > > workstation, so I haven't had any of the "The following entry in the
    > > [strings] section is too long and has been truncated" errors. But I still
    > > have the issue where not all the policies are showing up on the Windows 2000
    > > Server vs. the XP SP2 workstation. Is this a known issue?
    > >
    > > I will try Hunter's suggestion on manually importing the ADM files on the
    > > Windows 2000 server to see if that updates all the policies on the domain
    > > controllers to match the same amount showing on the XP SP2 workstation.
    > >
    > > I'll let you know how it goes.
    > >
    > > Thanks
    > >
    > > d mac
    > >
    > > "Bruce Sanderson" wrote:
    > >
    > > > http://support.microsoft.com/?kbid=842933 documents this problem and has a
    > > > patch available.
    > > >
    > > > --
    > > > Bruce Sanderson MVP
    > > >
    > > > It's perfectly useless to know the right answer to the wrong question.
    > > >
    > > >
    > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    > > > > You might try gathering up the XP .adm templates, copying
    > > > > them to temp folder on the 2000 DC. Then opening the A/D
    > > > > Group policy on the 2000 box right click on the
    > > > > Admisitrative templates container, choose add snap-in.
    > > > >
    > > > > It'll show the ones currently in use in the wnnt/inf
    > > > > folder, Browse over to the new ones in the temp folder
    > > > > and select add, it should ask you about overwriting etc.
    > > > >
    > > > > Choose yes.
    > > > >
    > > > > Once the new ones are copied in you will probably get a
    > > > > bunch messages stating the new ones are too long or
    > > > > something, but you'll have to hunt down an update for this
    > > > > I think I found it at microsoft tech experts page on XP,
    > > > > but it didn't seem to want to be found with search.
    > > > >
    > > > > Anyways, maybe that will help.
    > > > >
    > > > > Regards
    > > > >
    > > > > Hunter
    > > > >
    > > > >
    > > > >
    > > > >>-----Original Message-----
    > > > >>I updated our GPO on our Windows 2000 domain controllers
    > > > > with the latest ADM
    > > > >>files from XP SP2. I did this by opening up the GPO on a
    > > > > Windows XP Pro
    > > > >>workstation with SP2 and it automatically replicated the
    > > > > ADM files to our
    > > > >>domain controllers. See document at
    > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    > > > > tain/mangxpsp2/mngdepgp.mspx
    > > > >>
    > > > >>However, it seems like not all of the ADM files are
    > > > > replicating to the
    > > > >>Windows 2000 servers. For example, in the policy
    > > > > path "Administrative
    > > > >>Templates\Network\Network Connections\Windows
    > > > > Firewall\Domain Profile" there
    > > > >>are only 12 policies listed on the Windows 2000 Server
    > > > > but on the XP SP2 box,
    > > > >>there are 14 policies. The two that are missing are:
    > > > >>
    > > > >>Windows Firewall: Define program exceptions
    > > > >>Windows Firewall: Define port exceptions
    > > > >>
    > > > >>Is this by design or is there something wrong with the
    > > > > replication process?
    > > > >>It would be nice to be able to define program exceptions
    > > > > because there are a
    > > > >>couple programs within our environment that won't work
    > > > > unless we can exclude
    > > > >>them. It would be preferable to do this through GP
    > > > > instead of manually going
    > > > >>to each machine and defining the program exceptions.
    > > > >>
    > > > >>Thanks,
    > > > >>
    > > > >>d mac
    > > > >>.
    > > > >>
    > > >
    > > >
    > > >
  7. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    I'm glad I'm not the only one. I will definitely know if I find any fixes.
    For the time being, I'm enabling the policy through the workstation that has
    XP SP2 and it seems to be applying through the domain controllers, however
    the programs don't show up on the list in the Windows Firewall like I would
    expect. Can you see if this is the same experience for you? I'm guessing
    it's doing this because the policy isn't listed on the servers but still
    affects the machines as a policy.

    d mac


    "billj" wrote:

    > I've been facing the EXACT same issue since yesterday. If you come up with a
    > solution, it would be great to post it here. I'll do the same.
    >
    > billj
    >
    > "d mac" wrote:
    >
    > > I imported the ADM files from the XP SP2 workstation and still some of the
    > > policies are missing (as mentioned below). I even imported the ADM files
    > > from the Microsoft website (at
    > > http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en) and still there are some missing.
    > >
    > > It seems like there might be certain policies that aren't compatible with
    > > Windows 2000 Server. Does anyone know what I should try next?
    > >
    > > Thanks,
    > >
    > > d mac
    > >
    > > "d mac" wrote:
    > >
    > > > Hi there,
    > > >
    > > > I downloaded the 842933 patch before opening the GPO on the XP SP2
    > > > workstation, so I haven't had any of the "The following entry in the
    > > > [strings] section is too long and has been truncated" errors. But I still
    > > > have the issue where not all the policies are showing up on the Windows 2000
    > > > Server vs. the XP SP2 workstation. Is this a known issue?
    > > >
    > > > I will try Hunter's suggestion on manually importing the ADM files on the
    > > > Windows 2000 server to see if that updates all the policies on the domain
    > > > controllers to match the same amount showing on the XP SP2 workstation.
    > > >
    > > > I'll let you know how it goes.
    > > >
    > > > Thanks
    > > >
    > > > d mac
    > > >
    > > > "Bruce Sanderson" wrote:
    > > >
    > > > > http://support.microsoft.com/?kbid=842933 documents this problem and has a
    > > > > patch available.
    > > > >
    > > > > --
    > > > > Bruce Sanderson MVP
    > > > >
    > > > > It's perfectly useless to know the right answer to the wrong question.
    > > > >
    > > > >
    > > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    > > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    > > > > > You might try gathering up the XP .adm templates, copying
    > > > > > them to temp folder on the 2000 DC. Then opening the A/D
    > > > > > Group policy on the 2000 box right click on the
    > > > > > Admisitrative templates container, choose add snap-in.
    > > > > >
    > > > > > It'll show the ones currently in use in the wnnt/inf
    > > > > > folder, Browse over to the new ones in the temp folder
    > > > > > and select add, it should ask you about overwriting etc.
    > > > > >
    > > > > > Choose yes.
    > > > > >
    > > > > > Once the new ones are copied in you will probably get a
    > > > > > bunch messages stating the new ones are too long or
    > > > > > something, but you'll have to hunt down an update for this
    > > > > > I think I found it at microsoft tech experts page on XP,
    > > > > > but it didn't seem to want to be found with search.
    > > > > >
    > > > > > Anyways, maybe that will help.
    > > > > >
    > > > > > Regards
    > > > > >
    > > > > > Hunter
    > > > > >
    > > > > >
    > > > > >
    > > > > >>-----Original Message-----
    > > > > >>I updated our GPO on our Windows 2000 domain controllers
    > > > > > with the latest ADM
    > > > > >>files from XP SP2. I did this by opening up the GPO on a
    > > > > > Windows XP Pro
    > > > > >>workstation with SP2 and it automatically replicated the
    > > > > > ADM files to our
    > > > > >>domain controllers. See document at
    > > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    > > > > > tain/mangxpsp2/mngdepgp.mspx
    > > > > >>
    > > > > >>However, it seems like not all of the ADM files are
    > > > > > replicating to the
    > > > > >>Windows 2000 servers. For example, in the policy
    > > > > > path "Administrative
    > > > > >>Templates\Network\Network Connections\Windows
    > > > > > Firewall\Domain Profile" there
    > > > > >>are only 12 policies listed on the Windows 2000 Server
    > > > > > but on the XP SP2 box,
    > > > > >>there are 14 policies. The two that are missing are:
    > > > > >>
    > > > > >>Windows Firewall: Define program exceptions
    > > > > >>Windows Firewall: Define port exceptions
    > > > > >>
    > > > > >>Is this by design or is there something wrong with the
    > > > > > replication process?
    > > > > >>It would be nice to be able to define program exceptions
    > > > > > because there are a
    > > > > >>couple programs within our environment that won't work
    > > > > > unless we can exclude
    > > > > >>them. It would be preferable to do this through GP
    > > > > > instead of manually going
    > > > > >>to each machine and defining the program exceptions.
    > > > > >>
    > > > > >>Thanks,
    > > > > >>
    > > > > >>d mac
    > > > > >>.
    > > > > >>
    > > > >
    > > > >
    > > > >
  8. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    I just checked this out and found the same behavior on my Win2K machine when
    viewing an XP, SP2 policy--specifically those two Windows Firewall policies:

    Windows Firewall: Define program exceptions
    Windows Firewall: Define port exceptions

    do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
    that you've found. I can see no reason, in looking at the ADM file, why they
    should not appear. Maybe someone on this NG from Microsoft can check into
    it?


    --
    Darren Mar-Elia
    MS-MVP-Windows Server--Group Policy
    Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
    FAQs, Whitepapers and Utilities for all things Group Policy-related


    "d mac" <dmac@discussions.microsoft.com> wrote in message
    news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
    > I'm glad I'm not the only one. I will definitely know if I find any
    > fixes.
    > For the time being, I'm enabling the policy through the workstation that
    > has
    > XP SP2 and it seems to be applying through the domain controllers, however
    > the programs don't show up on the list in the Windows Firewall like I
    > would
    > expect. Can you see if this is the same experience for you? I'm guessing
    > it's doing this because the policy isn't listed on the servers but still
    > affects the machines as a policy.
    >
    > d mac
    >
    >
    > "billj" wrote:
    >
    >> I've been facing the EXACT same issue since yesterday. If you come up
    >> with a
    >> solution, it would be great to post it here. I'll do the same.
    >>
    >> billj
    >>
    >> "d mac" wrote:
    >>
    >> > I imported the ADM files from the XP SP2 workstation and still some of
    >> > the
    >> > policies are missing (as mentioned below). I even imported the ADM
    >> > files
    >> > from the Microsoft website (at
    >> > http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
    >> > and still there are some missing.
    >> >
    >> > It seems like there might be certain policies that aren't compatible
    >> > with
    >> > Windows 2000 Server. Does anyone know what I should try next?
    >> >
    >> > Thanks,
    >> >
    >> > d mac
    >> >
    >> > "d mac" wrote:
    >> >
    >> > > Hi there,
    >> > >
    >> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
    >> > > workstation, so I haven't had any of the "The following entry in the
    >> > > [strings] section is too long and has been truncated" errors. But I
    >> > > still
    >> > > have the issue where not all the policies are showing up on the
    >> > > Windows 2000
    >> > > Server vs. the XP SP2 workstation. Is this a known issue?
    >> > >
    >> > > I will try Hunter's suggestion on manually importing the ADM files on
    >> > > the
    >> > > Windows 2000 server to see if that updates all the policies on the
    >> > > domain
    >> > > controllers to match the same amount showing on the XP SP2
    >> > > workstation.
    >> > >
    >> > > I'll let you know how it goes.
    >> > >
    >> > > Thanks
    >> > >
    >> > > d mac
    >> > >
    >> > > "Bruce Sanderson" wrote:
    >> > >
    >> > > > http://support.microsoft.com/?kbid=842933 documents this problem
    >> > > > and has a
    >> > > > patch available.
    >> > > >
    >> > > > --
    >> > > > Bruce Sanderson MVP
    >> > > >
    >> > > > It's perfectly useless to know the right answer to the wrong
    >> > > > question.
    >> > > >
    >> > > >
    >> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    >> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    >> > > > > You might try gathering up the XP .adm templates, copying
    >> > > > > them to temp folder on the 2000 DC. Then opening the A/D
    >> > > > > Group policy on the 2000 box right click on the
    >> > > > > Admisitrative templates container, choose add snap-in.
    >> > > > >
    >> > > > > It'll show the ones currently in use in the wnnt/inf
    >> > > > > folder, Browse over to the new ones in the temp folder
    >> > > > > and select add, it should ask you about overwriting etc.
    >> > > > >
    >> > > > > Choose yes.
    >> > > > >
    >> > > > > Once the new ones are copied in you will probably get a
    >> > > > > bunch messages stating the new ones are too long or
    >> > > > > something, but you'll have to hunt down an update for this
    >> > > > > I think I found it at microsoft tech experts page on XP,
    >> > > > > but it didn't seem to want to be found with search.
    >> > > > >
    >> > > > > Anyways, maybe that will help.
    >> > > > >
    >> > > > > Regards
    >> > > > >
    >> > > > > Hunter
    >> > > > >
    >> > > > >
    >> > > > >
    >> > > > >>-----Original Message-----
    >> > > > >>I updated our GPO on our Windows 2000 domain controllers
    >> > > > > with the latest ADM
    >> > > > >>files from XP SP2. I did this by opening up the GPO on a
    >> > > > > Windows XP Pro
    >> > > > >>workstation with SP2 and it automatically replicated the
    >> > > > > ADM files to our
    >> > > > >>domain controllers. See document at
    >> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    >> > > > > tain/mangxpsp2/mngdepgp.mspx
    >> > > > >>
    >> > > > >>However, it seems like not all of the ADM files are
    >> > > > > replicating to the
    >> > > > >>Windows 2000 servers. For example, in the policy
    >> > > > > path "Administrative
    >> > > > >>Templates\Network\Network Connections\Windows
    >> > > > > Firewall\Domain Profile" there
    >> > > > >>are only 12 policies listed on the Windows 2000 Server
    >> > > > > but on the XP SP2 box,
    >> > > > >>there are 14 policies. The two that are missing are:
    >> > > > >>
    >> > > > >>Windows Firewall: Define program exceptions
    >> > > > >>Windows Firewall: Define port exceptions
    >> > > > >>
    >> > > > >>Is this by design or is there something wrong with the
    >> > > > > replication process?
    >> > > > >>It would be nice to be able to define program exceptions
    >> > > > > because there are a
    >> > > > >>couple programs within our environment that won't work
    >> > > > > unless we can exclude
    >> > > > >>them. It would be preferable to do this through GP
    >> > > > > instead of manually going
    >> > > > >>to each machine and defining the program exceptions.
    >> > > > >>
    >> > > > >>Thanks,
    >> > > > >>
    >> > > > >>d mac
    >> > > > >>.
    >> > > > >>
    >> > > >
    >> > > >
    >> > > >
  9. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Here's another good question late in the game... well, maybe not so good of
    a question... how can I manage domain group policies from my XP machine?
    When I go Start>Run>gpedit.msc, the window I get says "Local policy". I
    can't seem to run what I would think is gpmc.mmc/msc

    It's something probably really simple I'm missing...

    TIA

    K

    "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
    news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
    > I just checked this out and found the same behavior on my Win2K machine
    when
    > viewing an XP, SP2 policy--specifically those two Windows Firewall
    policies:
    >
    > Windows Firewall: Define program exceptions
    > Windows Firewall: Define port exceptions
    >
    > do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
    > that you've found. I can see no reason, in looking at the ADM file, why
    they
    > should not appear. Maybe someone on this NG from Microsoft can check into
    > it?
    >
    >
    >
    > --
    > Darren Mar-Elia
    > MS-MVP-Windows Server--Group Policy
    > Check out http://www.gpoguy.com -- The Windows Group Policy Information
    Hub:
    > FAQs, Whitepapers and Utilities for all things Group Policy-related
    >
    >
    >
    > "d mac" <dmac@discussions.microsoft.com> wrote in message
    > news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
    > > I'm glad I'm not the only one. I will definitely know if I find any
    > > fixes.
    > > For the time being, I'm enabling the policy through the workstation that
    > > has
    > > XP SP2 and it seems to be applying through the domain controllers,
    however
    > > the programs don't show up on the list in the Windows Firewall like I
    > > would
    > > expect. Can you see if this is the same experience for you? I'm
    guessing
    > > it's doing this because the policy isn't listed on the servers but still
    > > affects the machines as a policy.
    > >
    > > d mac
    > >
    > >
    > > "billj" wrote:
    > >
    > >> I've been facing the EXACT same issue since yesterday. If you come up
    > >> with a
    > >> solution, it would be great to post it here. I'll do the same.
    > >>
    > >> billj
    > >>
    > >> "d mac" wrote:
    > >>
    > >> > I imported the ADM files from the XP SP2 workstation and still some
    of
    > >> > the
    > >> > policies are missing (as mentioned below). I even imported the ADM
    > >> > files
    > >> > from the Microsoft website (at
    > >> >
    http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
    > >> > and still there are some missing.
    > >> >
    > >> > It seems like there might be certain policies that aren't compatible
    > >> > with
    > >> > Windows 2000 Server. Does anyone know what I should try next?
    > >> >
    > >> > Thanks,
    > >> >
    > >> > d mac
    > >> >
    > >> > "d mac" wrote:
    > >> >
    > >> > > Hi there,
    > >> > >
    > >> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
    > >> > > workstation, so I haven't had any of the "The following entry in
    the
    > >> > > [strings] section is too long and has been truncated" errors. But
    I
    > >> > > still
    > >> > > have the issue where not all the policies are showing up on the
    > >> > > Windows 2000
    > >> > > Server vs. the XP SP2 workstation. Is this a known issue?
    > >> > >
    > >> > > I will try Hunter's suggestion on manually importing the ADM files
    on
    > >> > > the
    > >> > > Windows 2000 server to see if that updates all the policies on the
    > >> > > domain
    > >> > > controllers to match the same amount showing on the XP SP2
    > >> > > workstation.
    > >> > >
    > >> > > I'll let you know how it goes.
    > >> > >
    > >> > > Thanks
    > >> > >
    > >> > > d mac
    > >> > >
    > >> > > "Bruce Sanderson" wrote:
    > >> > >
    > >> > > > http://support.microsoft.com/?kbid=842933 documents this problem
    > >> > > > and has a
    > >> > > > patch available.
    > >> > > >
    > >> > > > --
    > >> > > > Bruce Sanderson MVP
    > >> > > >
    > >> > > > It's perfectly useless to know the right answer to the wrong
    > >> > > > question.
    > >> > > >
    > >> > > >
    > >> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    > >> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    > >> > > > > You might try gathering up the XP .adm templates, copying
    > >> > > > > them to temp folder on the 2000 DC. Then opening the A/D
    > >> > > > > Group policy on the 2000 box right click on the
    > >> > > > > Admisitrative templates container, choose add snap-in.
    > >> > > > >
    > >> > > > > It'll show the ones currently in use in the wnnt/inf
    > >> > > > > folder, Browse over to the new ones in the temp folder
    > >> > > > > and select add, it should ask you about overwriting etc.
    > >> > > > >
    > >> > > > > Choose yes.
    > >> > > > >
    > >> > > > > Once the new ones are copied in you will probably get a
    > >> > > > > bunch messages stating the new ones are too long or
    > >> > > > > something, but you'll have to hunt down an update for this
    > >> > > > > I think I found it at microsoft tech experts page on XP,
    > >> > > > > but it didn't seem to want to be found with search.
    > >> > > > >
    > >> > > > > Anyways, maybe that will help.
    > >> > > > >
    > >> > > > > Regards
    > >> > > > >
    > >> > > > > Hunter
    > >> > > > >
    > >> > > > >
    > >> > > > >
    > >> > > > >>-----Original Message-----
    > >> > > > >>I updated our GPO on our Windows 2000 domain controllers
    > >> > > > > with the latest ADM
    > >> > > > >>files from XP SP2. I did this by opening up the GPO on a
    > >> > > > > Windows XP Pro
    > >> > > > >>workstation with SP2 and it automatically replicated the
    > >> > > > > ADM files to our
    > >> > > > >>domain controllers. See document at
    > >> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    > >> > > > > tain/mangxpsp2/mngdepgp.mspx
    > >> > > > >>
    > >> > > > >>However, it seems like not all of the ADM files are
    > >> > > > > replicating to the
    > >> > > > >>Windows 2000 servers. For example, in the policy
    > >> > > > > path "Administrative
    > >> > > > >>Templates\Network\Network Connections\Windows
    > >> > > > > Firewall\Domain Profile" there
    > >> > > > >>are only 12 policies listed on the Windows 2000 Server
    > >> > > > > but on the XP SP2 box,
    > >> > > > >>there are 14 policies. The two that are missing are:
    > >> > > > >>
    > >> > > > >>Windows Firewall: Define program exceptions
    > >> > > > >>Windows Firewall: Define port exceptions
    > >> > > > >>
    > >> > > > >>Is this by design or is there something wrong with the
    > >> > > > > replication process?
    > >> > > > >>It would be nice to be able to define program exceptions
    > >> > > > > because there are a
    > >> > > > >>couple programs within our environment that won't work
    > >> > > > > unless we can exclude
    > >> > > > >>them. It would be preferable to do this through GP
    > >> > > > > instead of manually going
    > >> > > > >>to each machine and defining the program exceptions.
    > >> > > > >>
    > >> > > > >>Thanks,
    > >> > > > >>
    > >> > > > >>d mac
    > >> > > > >>.
    > >> > > > >>
    > >> > > >
    > >> > > >
    > >> > > >
    >
    >
  10. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    You might check to see that you have the latest copy of the GP Management
    Console on your XP workstation:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

    "Ken B" wrote:

    > Here's another good question late in the game... well, maybe not so good of
    > a question... how can I manage domain group policies from my XP machine?
    > When I go Start>Run>gpedit.msc, the window I get says "Local policy". I
    > can't seem to run what I would think is gpmc.mmc/msc
    >
    > It's something probably really simple I'm missing...
    >
    > TIA
    >
    > K
    >
    > "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
    > news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
    > > I just checked this out and found the same behavior on my Win2K machine
    > when
    > > viewing an XP, SP2 policy--specifically those two Windows Firewall
    > policies:
    > >
    > > Windows Firewall: Define program exceptions
    > > Windows Firewall: Define port exceptions
    > >
    > > do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
    > > that you've found. I can see no reason, in looking at the ADM file, why
    > they
    > > should not appear. Maybe someone on this NG from Microsoft can check into
    > > it?
    > >
    > >
    > >
    > > --
    > > Darren Mar-Elia
    > > MS-MVP-Windows Server--Group Policy
    > > Check out http://www.gpoguy.com -- The Windows Group Policy Information
    > Hub:
    > > FAQs, Whitepapers and Utilities for all things Group Policy-related
    > >
    > >
    > >
    > > "d mac" <dmac@discussions.microsoft.com> wrote in message
    > > news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
    > > > I'm glad I'm not the only one. I will definitely know if I find any
    > > > fixes.
    > > > For the time being, I'm enabling the policy through the workstation that
    > > > has
    > > > XP SP2 and it seems to be applying through the domain controllers,
    > however
    > > > the programs don't show up on the list in the Windows Firewall like I
    > > > would
    > > > expect. Can you see if this is the same experience for you? I'm
    > guessing
    > > > it's doing this because the policy isn't listed on the servers but still
    > > > affects the machines as a policy.
    > > >
    > > > d mac
    > > >
    > > >
    > > > "billj" wrote:
    > > >
    > > >> I've been facing the EXACT same issue since yesterday. If you come up
    > > >> with a
    > > >> solution, it would be great to post it here. I'll do the same.
    > > >>
    > > >> billj
    > > >>
    > > >> "d mac" wrote:
    > > >>
    > > >> > I imported the ADM files from the XP SP2 workstation and still some
    > of
    > > >> > the
    > > >> > policies are missing (as mentioned below). I even imported the ADM
    > > >> > files
    > > >> > from the Microsoft website (at
    > > >> >
    > http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
    > > >> > and still there are some missing.
    > > >> >
    > > >> > It seems like there might be certain policies that aren't compatible
    > > >> > with
    > > >> > Windows 2000 Server. Does anyone know what I should try next?
    > > >> >
    > > >> > Thanks,
    > > >> >
    > > >> > d mac
    > > >> >
    > > >> > "d mac" wrote:
    > > >> >
    > > >> > > Hi there,
    > > >> > >
    > > >> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
    > > >> > > workstation, so I haven't had any of the "The following entry in
    > the
    > > >> > > [strings] section is too long and has been truncated" errors. But
    > I
    > > >> > > still
    > > >> > > have the issue where not all the policies are showing up on the
    > > >> > > Windows 2000
    > > >> > > Server vs. the XP SP2 workstation. Is this a known issue?
    > > >> > >
    > > >> > > I will try Hunter's suggestion on manually importing the ADM files
    > on
    > > >> > > the
    > > >> > > Windows 2000 server to see if that updates all the policies on the
    > > >> > > domain
    > > >> > > controllers to match the same amount showing on the XP SP2
    > > >> > > workstation.
    > > >> > >
    > > >> > > I'll let you know how it goes.
    > > >> > >
    > > >> > > Thanks
    > > >> > >
    > > >> > > d mac
    > > >> > >
    > > >> > > "Bruce Sanderson" wrote:
    > > >> > >
    > > >> > > > http://support.microsoft.com/?kbid=842933 documents this problem
    > > >> > > > and has a
    > > >> > > > patch available.
    > > >> > > >
    > > >> > > > --
    > > >> > > > Bruce Sanderson MVP
    > > >> > > >
    > > >> > > > It's perfectly useless to know the right answer to the wrong
    > > >> > > > question.
    > > >> > > >
    > > >> > > >
    > > >> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    > > >> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    > > >> > > > > You might try gathering up the XP .adm templates, copying
    > > >> > > > > them to temp folder on the 2000 DC. Then opening the A/D
    > > >> > > > > Group policy on the 2000 box right click on the
    > > >> > > > > Admisitrative templates container, choose add snap-in.
    > > >> > > > >
    > > >> > > > > It'll show the ones currently in use in the wnnt/inf
    > > >> > > > > folder, Browse over to the new ones in the temp folder
    > > >> > > > > and select add, it should ask you about overwriting etc.
    > > >> > > > >
    > > >> > > > > Choose yes.
    > > >> > > > >
    > > >> > > > > Once the new ones are copied in you will probably get a
    > > >> > > > > bunch messages stating the new ones are too long or
    > > >> > > > > something, but you'll have to hunt down an update for this
    > > >> > > > > I think I found it at microsoft tech experts page on XP,
    > > >> > > > > but it didn't seem to want to be found with search.
    > > >> > > > >
    > > >> > > > > Anyways, maybe that will help.
    > > >> > > > >
    > > >> > > > > Regards
    > > >> > > > >
    > > >> > > > > Hunter
    > > >> > > > >
    > > >> > > > >
    > > >> > > > >
    > > >> > > > >>-----Original Message-----
    > > >> > > > >>I updated our GPO on our Windows 2000 domain controllers
    > > >> > > > > with the latest ADM
    > > >> > > > >>files from XP SP2. I did this by opening up the GPO on a
    > > >> > > > > Windows XP Pro
    > > >> > > > >>workstation with SP2 and it automatically replicated the
    > > >> > > > > ADM files to our
    > > >> > > > >>domain controllers. See document at
    > > >> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    > > >> > > > > tain/mangxpsp2/mngdepgp.mspx
    > > >> > > > >>
    > > >> > > > >>However, it seems like not all of the ADM files are
    > > >> > > > > replicating to the
    > > >> > > > >>Windows 2000 servers. For example, in the policy
    > > >> > > > > path "Administrative
    > > >> > > > >>Templates\Network\Network Connections\Windows
    > > >> > > > > Firewall\Domain Profile" there
    > > >> > > > >>are only 12 policies listed on the Windows 2000 Server
    > > >> > > > > but on the XP SP2 box,
    > > >> > > > >>there are 14 policies. The two that are missing are:
    > > >> > > > >>
    > > >> > > > >>Windows Firewall: Define program exceptions
    > > >> > > > >>Windows Firewall: Define port exceptions
    > > >> > > > >>
    > > >> > > > >>Is this by design or is there something wrong with the
    > > >> > > > > replication process?
    > > >> > > > >>It would be nice to be able to define program exceptions
    > > >> > > > > because there are a
    > > >> > > > >>couple programs within our environment that won't work
    > > >> > > > > unless we can exclude
    > > >> > > > >>them. It would be preferable to do this through GP
    > > >> > > > > instead of manually going
    > > >> > > > >>to each machine and defining the program exceptions.
    > > >> > > > >>
    > > >> > > > >>Thanks,
    > > >> > > > >>
    > > >> > > > >>d mac
    > > >> > > > >>.
    > > >> > > > >>
    > > >> > > >
    > > >> > > >
    > > >> > > >
    > >
    > >
    >
    >
    >
  11. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hi Ken

    On your XP machine, go to Start > Run > type in MMC and hit enter. Go to
    the File menu and select Add/Remove Snap-in. Click the Add button > scroll
    through the list and select Group Policy > click Add. You can then click
    Browse and look for the domain policy that you want to edit, select it, click
    OK > Finish > Close > OK. Then you should see the Policy listed in the
    management console.

    d mac

    "Ken B" wrote:

    > Here's another good question late in the game... well, maybe not so good of
    > a question... how can I manage domain group policies from my XP machine?
    > When I go Start>Run>gpedit.msc, the window I get says "Local policy". I
    > can't seem to run what I would think is gpmc.mmc/msc
    >
    > It's something probably really simple I'm missing...
    >
    > TIA
    >
    > K
    >
    > "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
    > news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
    > > I just checked this out and found the same behavior on my Win2K machine
    > when
    > > viewing an XP, SP2 policy--specifically those two Windows Firewall
    > policies:
    > >
    > > Windows Firewall: Define program exceptions
    > > Windows Firewall: Define port exceptions
    > >
    > > do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
    > > that you've found. I can see no reason, in looking at the ADM file, why
    > they
    > > should not appear. Maybe someone on this NG from Microsoft can check into
    > > it?
    > >
    > >
    > >
    > > --
    > > Darren Mar-Elia
    > > MS-MVP-Windows Server--Group Policy
    > > Check out http://www.gpoguy.com -- The Windows Group Policy Information
    > Hub:
    > > FAQs, Whitepapers and Utilities for all things Group Policy-related
    > >
    > >
    > >
    > > "d mac" <dmac@discussions.microsoft.com> wrote in message
    > > news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
    > > > I'm glad I'm not the only one. I will definitely know if I find any
    > > > fixes.
    > > > For the time being, I'm enabling the policy through the workstation that
    > > > has
    > > > XP SP2 and it seems to be applying through the domain controllers,
    > however
    > > > the programs don't show up on the list in the Windows Firewall like I
    > > > would
    > > > expect. Can you see if this is the same experience for you? I'm
    > guessing
    > > > it's doing this because the policy isn't listed on the servers but still
    > > > affects the machines as a policy.
    > > >
    > > > d mac
    > > >
    > > >
    > > > "billj" wrote:
    > > >
    > > >> I've been facing the EXACT same issue since yesterday. If you come up
    > > >> with a
    > > >> solution, it would be great to post it here. I'll do the same.
    > > >>
    > > >> billj
    > > >>
    > > >> "d mac" wrote:
    > > >>
    > > >> > I imported the ADM files from the XP SP2 workstation and still some
    > of
    > > >> > the
    > > >> > policies are missing (as mentioned below). I even imported the ADM
    > > >> > files
    > > >> > from the Microsoft website (at
    > > >> >
    > http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
    > > >> > and still there are some missing.
    > > >> >
    > > >> > It seems like there might be certain policies that aren't compatible
    > > >> > with
    > > >> > Windows 2000 Server. Does anyone know what I should try next?
    > > >> >
    > > >> > Thanks,
    > > >> >
    > > >> > d mac
    > > >> >
    > > >> > "d mac" wrote:
    > > >> >
    > > >> > > Hi there,
    > > >> > >
    > > >> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
    > > >> > > workstation, so I haven't had any of the "The following entry in
    > the
    > > >> > > [strings] section is too long and has been truncated" errors. But
    > I
    > > >> > > still
    > > >> > > have the issue where not all the policies are showing up on the
    > > >> > > Windows 2000
    > > >> > > Server vs. the XP SP2 workstation. Is this a known issue?
    > > >> > >
    > > >> > > I will try Hunter's suggestion on manually importing the ADM files
    > on
    > > >> > > the
    > > >> > > Windows 2000 server to see if that updates all the policies on the
    > > >> > > domain
    > > >> > > controllers to match the same amount showing on the XP SP2
    > > >> > > workstation.
    > > >> > >
    > > >> > > I'll let you know how it goes.
    > > >> > >
    > > >> > > Thanks
    > > >> > >
    > > >> > > d mac
    > > >> > >
    > > >> > > "Bruce Sanderson" wrote:
    > > >> > >
    > > >> > > > http://support.microsoft.com/?kbid=842933 documents this problem
    > > >> > > > and has a
    > > >> > > > patch available.
    > > >> > > >
    > > >> > > > --
    > > >> > > > Bruce Sanderson MVP
    > > >> > > >
    > > >> > > > It's perfectly useless to know the right answer to the wrong
    > > >> > > > question.
    > > >> > > >
    > > >> > > >
    > > >> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    > > >> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    > > >> > > > > You might try gathering up the XP .adm templates, copying
    > > >> > > > > them to temp folder on the 2000 DC. Then opening the A/D
    > > >> > > > > Group policy on the 2000 box right click on the
    > > >> > > > > Admisitrative templates container, choose add snap-in.
    > > >> > > > >
    > > >> > > > > It'll show the ones currently in use in the wnnt/inf
    > > >> > > > > folder, Browse over to the new ones in the temp folder
    > > >> > > > > and select add, it should ask you about overwriting etc.
    > > >> > > > >
    > > >> > > > > Choose yes.
    > > >> > > > >
    > > >> > > > > Once the new ones are copied in you will probably get a
    > > >> > > > > bunch messages stating the new ones are too long or
    > > >> > > > > something, but you'll have to hunt down an update for this
    > > >> > > > > I think I found it at microsoft tech experts page on XP,
    > > >> > > > > but it didn't seem to want to be found with search.
    > > >> > > > >
    > > >> > > > > Anyways, maybe that will help.
    > > >> > > > >
    > > >> > > > > Regards
    > > >> > > > >
    > > >> > > > > Hunter
    > > >> > > > >
    > > >> > > > >
    > > >> > > > >
    > > >> > > > >>-----Original Message-----
    > > >> > > > >>I updated our GPO on our Windows 2000 domain controllers
    > > >> > > > > with the latest ADM
    > > >> > > > >>files from XP SP2. I did this by opening up the GPO on a
    > > >> > > > > Windows XP Pro
    > > >> > > > >>workstation with SP2 and it automatically replicated the
    > > >> > > > > ADM files to our
    > > >> > > > >>domain controllers. See document at
    > > >> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    > > >> > > > > tain/mangxpsp2/mngdepgp.mspx
    > > >> > > > >>
    > > >> > > > >>However, it seems like not all of the ADM files are
    > > >> > > > > replicating to the
    > > >> > > > >>Windows 2000 servers. For example, in the policy
    > > >> > > > > path "Administrative
    > > >> > > > >>Templates\Network\Network Connections\Windows
    > > >> > > > > Firewall\Domain Profile" there
    > > >> > > > >>are only 12 policies listed on the Windows 2000 Server
    > > >> > > > > but on the XP SP2 box,
    > > >> > > > >>there are 14 policies. The two that are missing are:
    > > >> > > > >>
    > > >> > > > >>Windows Firewall: Define program exceptions
    > > >> > > > >>Windows Firewall: Define port exceptions
    > > >> > > > >>
    > > >> > > > >>Is this by design or is there something wrong with the
    > > >> > > > > replication process?
    > > >> > > > >>It would be nice to be able to define program exceptions
    > > >> > > > > because there are a
    > > >> > > > >>couple programs within our environment that won't work
    > > >> > > > > unless we can exclude
    > > >> > > > >>them. It would be preferable to do this through GP
    > > >> > > > > instead of manually going
    > > >> > > > >>to each machine and defining the program exceptions.
    > > >> > > > >>
    > > >> > > > >>Thanks,
    > > >> > > > >>
    > > >> > > > >>d mac
    > > >> > > > >>.
    > > >> > > > >>
    > > >> > > >
    > > >> > > >
    > > >> > > >
    > >
    > >
    >
    >
    >
  12. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hmm. I see this also, even with the latest version of GPMC on Windows 2003
    Enterprise Server (RTM), but after installing hotfix 842933, the two missing
    settings show up in the Group Policy Editor.

    But, the corresponding version of the hotfix for Windows 2000 post SP3
    (installed on a Windows 2000 Standard Server with SP4) DID NOT correct the
    problem there.


    --
    Bruce Sanderson MVP

    It's perfectly useless to know the right answer to the wrong question.


    "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
    news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
    >I just checked this out and found the same behavior on my Win2K machine
    >when viewing an XP, SP2 policy--specifically those two Windows Firewall
    >policies:
    >
    > Windows Firewall: Define program exceptions
    > Windows Firewall: Define port exceptions
    >
    > do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
    > that you've found. I can see no reason, in looking at the ADM file, why
    > they should not appear. Maybe someone on this NG from Microsoft can check
    > into it?
    >
    >
    >
    > --
    > Darren Mar-Elia
    > MS-MVP-Windows Server--Group Policy
    > Check out http://www.gpoguy.com -- The Windows Group Policy Information
    > Hub:
    > FAQs, Whitepapers and Utilities for all things Group Policy-related
    >
    >
    >
    > "d mac" <dmac@discussions.microsoft.com> wrote in message
    > news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
    >> I'm glad I'm not the only one. I will definitely know if I find any
    >> fixes.
    >> For the time being, I'm enabling the policy through the workstation that
    >> has
    >> XP SP2 and it seems to be applying through the domain controllers,
    >> however
    >> the programs don't show up on the list in the Windows Firewall like I
    >> would
    >> expect. Can you see if this is the same experience for you? I'm
    >> guessing
    >> it's doing this because the policy isn't listed on the servers but still
    >> affects the machines as a policy.
    >>
    >> d mac
    >>
    >>
    >> "billj" wrote:
    >>
    >>> I've been facing the EXACT same issue since yesterday. If you come up
    >>> with a
    >>> solution, it would be great to post it here. I'll do the same.
    >>>
    >>> billj
    >>>
    >>> "d mac" wrote:
    >>>
    >>> > I imported the ADM files from the XP SP2 workstation and still some of
    >>> > the
    >>> > policies are missing (as mentioned below). I even imported the ADM
    >>> > files
    >>> > from the Microsoft website (at
    >>> > http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
    >>> > and still there are some missing.
    >>> >
    >>> > It seems like there might be certain policies that aren't compatible
    >>> > with
    >>> > Windows 2000 Server. Does anyone know what I should try next?
    >>> >
    >>> > Thanks,
    >>> >
    >>> > d mac
    >>> >
    >>> > "d mac" wrote:
    >>> >
    >>> > > Hi there,
    >>> > >
    >>> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
    >>> > > workstation, so I haven't had any of the "The following entry in the
    >>> > > [strings] section is too long and has been truncated" errors. But I
    >>> > > still
    >>> > > have the issue where not all the policies are showing up on the
    >>> > > Windows 2000
    >>> > > Server vs. the XP SP2 workstation. Is this a known issue?
    >>> > >
    >>> > > I will try Hunter's suggestion on manually importing the ADM files
    >>> > > on the
    >>> > > Windows 2000 server to see if that updates all the policies on the
    >>> > > domain
    >>> > > controllers to match the same amount showing on the XP SP2
    >>> > > workstation.
    >>> > >
    >>> > > I'll let you know how it goes.
    >>> > >
    >>> > > Thanks
    >>> > >
    >>> > > d mac
    >>> > >
    >>> > > "Bruce Sanderson" wrote:
    >>> > >
    >>> > > > http://support.microsoft.com/?kbid=842933 documents this problem
    >>> > > > and has a
    >>> > > > patch available.
    >>> > > >
    >>> > > > --
    >>> > > > Bruce Sanderson MVP
    >>> > > >
    >>> > > > It's perfectly useless to know the right answer to the wrong
    >>> > > > question.
    >>> > > >
    >>> > > >
    >>> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    >>> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    >>> > > > > You might try gathering up the XP .adm templates, copying
    >>> > > > > them to temp folder on the 2000 DC. Then opening the A/D
    >>> > > > > Group policy on the 2000 box right click on the
    >>> > > > > Admisitrative templates container, choose add snap-in.
    >>> > > > >
    >>> > > > > It'll show the ones currently in use in the wnnt/inf
    >>> > > > > folder, Browse over to the new ones in the temp folder
    >>> > > > > and select add, it should ask you about overwriting etc.
    >>> > > > >
    >>> > > > > Choose yes.
    >>> > > > >
    >>> > > > > Once the new ones are copied in you will probably get a
    >>> > > > > bunch messages stating the new ones are too long or
    >>> > > > > something, but you'll have to hunt down an update for this
    >>> > > > > I think I found it at microsoft tech experts page on XP,
    >>> > > > > but it didn't seem to want to be found with search.
    >>> > > > >
    >>> > > > > Anyways, maybe that will help.
    >>> > > > >
    >>> > > > > Regards
    >>> > > > >
    >>> > > > > Hunter
    >>> > > > >
    >>> > > > >
    >>> > > > >
    >>> > > > >>-----Original Message-----
    >>> > > > >>I updated our GPO on our Windows 2000 domain controllers
    >>> > > > > with the latest ADM
    >>> > > > >>files from XP SP2. I did this by opening up the GPO on a
    >>> > > > > Windows XP Pro
    >>> > > > >>workstation with SP2 and it automatically replicated the
    >>> > > > > ADM files to our
    >>> > > > >>domain controllers. See document at
    >>> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    >>> > > > > tain/mangxpsp2/mngdepgp.mspx
    >>> > > > >>
    >>> > > > >>However, it seems like not all of the ADM files are
    >>> > > > > replicating to the
    >>> > > > >>Windows 2000 servers. For example, in the policy
    >>> > > > > path "Administrative
    >>> > > > >>Templates\Network\Network Connections\Windows
    >>> > > > > Firewall\Domain Profile" there
    >>> > > > >>are only 12 policies listed on the Windows 2000 Server
    >>> > > > > but on the XP SP2 box,
    >>> > > > >>there are 14 policies. The two that are missing are:
    >>> > > > >>
    >>> > > > >>Windows Firewall: Define program exceptions
    >>> > > > >>Windows Firewall: Define port exceptions
    >>> > > > >>
    >>> > > > >>Is this by design or is there something wrong with the
    >>> > > > > replication process?
    >>> > > > >>It would be nice to be able to define program exceptions
    >>> > > > > because there are a
    >>> > > > >>couple programs within our environment that won't work
    >>> > > > > unless we can exclude
    >>> > > > >>them. It would be preferable to do this through GP
    >>> > > > > instead of manually going
    >>> > > > >>to each machine and defining the program exceptions.
    >>> > > > >>
    >>> > > > >>Thanks,
    >>> > > > >>
    >>> > > > >>d mac
    >>> > > > >>.
    >>> > > > >>
    >>> > > >
    >>> > > >
    >>> > > >
    >
    >
  13. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    See http://support.microsoft.com/?kbid=873449 for an explanation.

    --
    Bruce Sanderson MVP

    It is perfectly useless to know the right answer to the wrong question.


    "Bruce Sanderson" <Bruce.Sanderson@junk.junk> wrote in message
    news:ur8oRrhwEHA.4004@tk2msftngp13.phx.gbl...
    > Hmm. I see this also, even with the latest version of GPMC on Windows
    > 2003 Enterprise Server (RTM), but after installing hotfix 842933, the two
    > missing settings show up in the Group Policy Editor.
    >
    > But, the corresponding version of the hotfix for Windows 2000 post SP3
    > (installed on a Windows 2000 Standard Server with SP4) DID NOT correct the
    > problem there.
    >
    >
    > --
    > Bruce Sanderson MVP
    >
    > It's perfectly useless to know the right answer to the wrong question.
    >
    >
    > "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
    > news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
    >>I just checked this out and found the same behavior on my Win2K machine
    >>when viewing an XP, SP2 policy--specifically those two Windows Firewall
    >>policies:
    >>
    >> Windows Firewall: Define program exceptions
    >> Windows Firewall: Define port exceptions
    >>
    >> do not appear if I view the GPO from Win2K. Frankly, I think this is a
    >> bug that you've found. I can see no reason, in looking at the ADM file,
    >> why they should not appear. Maybe someone on this NG from Microsoft can
    >> check into it?
    >>
    >>
    >>
    >> --
    >> Darren Mar-Elia
    >> MS-MVP-Windows Server--Group Policy
    >> Check out http://www.gpoguy.com -- The Windows Group Policy Information
    >> Hub:
    >> FAQs, Whitepapers and Utilities for all things Group Policy-related
    >>
    >>
    >>
    >> "d mac" <dmac@discussions.microsoft.com> wrote in message
    >> news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
    >>> I'm glad I'm not the only one. I will definitely know if I find any
    >>> fixes.
    >>> For the time being, I'm enabling the policy through the workstation that
    >>> has
    >>> XP SP2 and it seems to be applying through the domain controllers,
    >>> however
    >>> the programs don't show up on the list in the Windows Firewall like I
    >>> would
    >>> expect. Can you see if this is the same experience for you? I'm
    >>> guessing
    >>> it's doing this because the policy isn't listed on the servers but still
    >>> affects the machines as a policy.
    >>>
    >>> d mac
    >>>
    >>>
    >>> "billj" wrote:
    >>>
    >>>> I've been facing the EXACT same issue since yesterday. If you come up
    >>>> with a
    >>>> solution, it would be great to post it here. I'll do the same.
    >>>>
    >>>> billj
    >>>>
    >>>> "d mac" wrote:
    >>>>
    >>>> > I imported the ADM files from the XP SP2 workstation and still some
    >>>> > of the
    >>>> > policies are missing (as mentioned below). I even imported the ADM
    >>>> > files
    >>>> > from the Microsoft website (at
    >>>> > http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
    >>>> > and still there are some missing.
    >>>> >
    >>>> > It seems like there might be certain policies that aren't compatible
    >>>> > with
    >>>> > Windows 2000 Server. Does anyone know what I should try next?
    >>>> >
    >>>> > Thanks,
    >>>> >
    >>>> > d mac
    >>>> >
    >>>> > "d mac" wrote:
    >>>> >
    >>>> > > Hi there,
    >>>> > >
    >>>> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
    >>>> > > workstation, so I haven't had any of the "The following entry in
    >>>> > > the
    >>>> > > [strings] section is too long and has been truncated" errors. But
    >>>> > > I still
    >>>> > > have the issue where not all the policies are showing up on the
    >>>> > > Windows 2000
    >>>> > > Server vs. the XP SP2 workstation. Is this a known issue?
    >>>> > >
    >>>> > > I will try Hunter's suggestion on manually importing the ADM files
    >>>> > > on the
    >>>> > > Windows 2000 server to see if that updates all the policies on the
    >>>> > > domain
    >>>> > > controllers to match the same amount showing on the XP SP2
    >>>> > > workstation.
    >>>> > >
    >>>> > > I'll let you know how it goes.
    >>>> > >
    >>>> > > Thanks
    >>>> > >
    >>>> > > d mac
    >>>> > >
    >>>> > > "Bruce Sanderson" wrote:
    >>>> > >
    >>>> > > > http://support.microsoft.com/?kbid=842933 documents this problem
    >>>> > > > and has a
    >>>> > > > patch available.
    >>>> > > >
    >>>> > > > --
    >>>> > > > Bruce Sanderson MVP
    >>>> > > >
    >>>> > > > It's perfectly useless to know the right answer to the wrong
    >>>> > > > question.
    >>>> > > >
    >>>> > > >
    >>>> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    >>>> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    >>>> > > > > You might try gathering up the XP .adm templates, copying
    >>>> > > > > them to temp folder on the 2000 DC. Then opening the A/D
    >>>> > > > > Group policy on the 2000 box right click on the
    >>>> > > > > Admisitrative templates container, choose add snap-in.
    >>>> > > > >
    >>>> > > > > It'll show the ones currently in use in the wnnt/inf
    >>>> > > > > folder, Browse over to the new ones in the temp folder
    >>>> > > > > and select add, it should ask you about overwriting etc.
    >>>> > > > >
    >>>> > > > > Choose yes.
    >>>> > > > >
    >>>> > > > > Once the new ones are copied in you will probably get a
    >>>> > > > > bunch messages stating the new ones are too long or
    >>>> > > > > something, but you'll have to hunt down an update for this
    >>>> > > > > I think I found it at microsoft tech experts page on XP,
    >>>> > > > > but it didn't seem to want to be found with search.
    >>>> > > > >
    >>>> > > > > Anyways, maybe that will help.
    >>>> > > > >
    >>>> > > > > Regards
    >>>> > > > >
    >>>> > > > > Hunter
    >>>> > > > >
    >>>> > > > >
    >>>> > > > >
    >>>> > > > >>-----Original Message-----
    >>>> > > > >>I updated our GPO on our Windows 2000 domain controllers
    >>>> > > > > with the latest ADM
    >>>> > > > >>files from XP SP2. I did this by opening up the GPO on a
    >>>> > > > > Windows XP Pro
    >>>> > > > >>workstation with SP2 and it automatically replicated the
    >>>> > > > > ADM files to our
    >>>> > > > >>domain controllers. See document at
    >>>> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    >>>> > > > > tain/mangxpsp2/mngdepgp.mspx
    >>>> > > > >>
    >>>> > > > >>However, it seems like not all of the ADM files are
    >>>> > > > > replicating to the
    >>>> > > > >>Windows 2000 servers. For example, in the policy
    >>>> > > > > path "Administrative
    >>>> > > > >>Templates\Network\Network Connections\Windows
    >>>> > > > > Firewall\Domain Profile" there
    >>>> > > > >>are only 12 policies listed on the Windows 2000 Server
    >>>> > > > > but on the XP SP2 box,
    >>>> > > > >>there are 14 policies. The two that are missing are:
    >>>> > > > >>
    >>>> > > > >>Windows Firewall: Define program exceptions
    >>>> > > > >>Windows Firewall: Define port exceptions
    >>>> > > > >>
    >>>> > > > >>Is this by design or is there something wrong with the
    >>>> > > > > replication process?
    >>>> > > > >>It would be nice to be able to define program exceptions
    >>>> > > > > because there are a
    >>>> > > > >>couple programs within our environment that won't work
    >>>> > > > > unless we can exclude
    >>>> > > > >>them. It would be preferable to do this through GP
    >>>> > > > > instead of manually going
    >>>> > > > >>to each machine and defining the program exceptions.
    >>>> > > > >>
    >>>> > > > >>Thanks,
    >>>> > > > >>
    >>>> > > > >>d mac
    >>>> > > > >>.
    >>>> > > > >>
    >>>> > > >
    >>>> > > >
    >>>> > > >
    >>
    >>
    >
    >
  14. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    PS: a link to http://support.microsoft.com/?kbid=873449 has been added to KB
    article 842933 (right near the end under More Information).

    --
    Bruce Sanderson MVP

    It is perfectly useless to know the right answer to the wrong question.


    "Bruce Sanderson" <Bruce.Sanderson@junk.junk> wrote in message
    news:ur8oRrhwEHA.4004@tk2msftngp13.phx.gbl...
    > Hmm. I see this also, even with the latest version of GPMC on Windows
    > 2003 Enterprise Server (RTM), but after installing hotfix 842933, the two
    > missing settings show up in the Group Policy Editor.
    >
    > But, the corresponding version of the hotfix for Windows 2000 post SP3
    > (installed on a Windows 2000 Standard Server with SP4) DID NOT correct the
    > problem there.
    >
    >
    > --
    > Bruce Sanderson MVP
    >
    > It's perfectly useless to know the right answer to the wrong question.
    >
    >
    > "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
    > news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
    >>I just checked this out and found the same behavior on my Win2K machine
    >>when viewing an XP, SP2 policy--specifically those two Windows Firewall
    >>policies:
    >>
    >> Windows Firewall: Define program exceptions
    >> Windows Firewall: Define port exceptions
    >>
    >> do not appear if I view the GPO from Win2K. Frankly, I think this is a
    >> bug that you've found. I can see no reason, in looking at the ADM file,
    >> why they should not appear. Maybe someone on this NG from Microsoft can
    >> check into it?
    >>
    >>
    >>
    >> --
    >> Darren Mar-Elia
    >> MS-MVP-Windows Server--Group Policy
    >> Check out http://www.gpoguy.com -- The Windows Group Policy Information
    >> Hub:
    >> FAQs, Whitepapers and Utilities for all things Group Policy-related
    >>
    >>
    >>
    >> "d mac" <dmac@discussions.microsoft.com> wrote in message
    >> news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
    >>> I'm glad I'm not the only one. I will definitely know if I find any
    >>> fixes.
    >>> For the time being, I'm enabling the policy through the workstation that
    >>> has
    >>> XP SP2 and it seems to be applying through the domain controllers,
    >>> however
    >>> the programs don't show up on the list in the Windows Firewall like I
    >>> would
    >>> expect. Can you see if this is the same experience for you? I'm
    >>> guessing
    >>> it's doing this because the policy isn't listed on the servers but still
    >>> affects the machines as a policy.
    >>>
    >>> d mac
    >>>
    >>>
    >>> "billj" wrote:
    >>>
    >>>> I've been facing the EXACT same issue since yesterday. If you come up
    >>>> with a
    >>>> solution, it would be great to post it here. I'll do the same.
    >>>>
    >>>> billj
    >>>>
    >>>> "d mac" wrote:
    >>>>
    >>>> > I imported the ADM files from the XP SP2 workstation and still some
    >>>> > of the
    >>>> > policies are missing (as mentioned below). I even imported the ADM
    >>>> > files
    >>>> > from the Microsoft website (at
    >>>> > http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
    >>>> > and still there are some missing.
    >>>> >
    >>>> > It seems like there might be certain policies that aren't compatible
    >>>> > with
    >>>> > Windows 2000 Server. Does anyone know what I should try next?
    >>>> >
    >>>> > Thanks,
    >>>> >
    >>>> > d mac
    >>>> >
    >>>> > "d mac" wrote:
    >>>> >
    >>>> > > Hi there,
    >>>> > >
    >>>> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
    >>>> > > workstation, so I haven't had any of the "The following entry in
    >>>> > > the
    >>>> > > [strings] section is too long and has been truncated" errors. But
    >>>> > > I still
    >>>> > > have the issue where not all the policies are showing up on the
    >>>> > > Windows 2000
    >>>> > > Server vs. the XP SP2 workstation. Is this a known issue?
    >>>> > >
    >>>> > > I will try Hunter's suggestion on manually importing the ADM files
    >>>> > > on the
    >>>> > > Windows 2000 server to see if that updates all the policies on the
    >>>> > > domain
    >>>> > > controllers to match the same amount showing on the XP SP2
    >>>> > > workstation.
    >>>> > >
    >>>> > > I'll let you know how it goes.
    >>>> > >
    >>>> > > Thanks
    >>>> > >
    >>>> > > d mac
    >>>> > >
    >>>> > > "Bruce Sanderson" wrote:
    >>>> > >
    >>>> > > > http://support.microsoft.com/?kbid=842933 documents this problem
    >>>> > > > and has a
    >>>> > > > patch available.
    >>>> > > >
    >>>> > > > --
    >>>> > > > Bruce Sanderson MVP
    >>>> > > >
    >>>> > > > It's perfectly useless to know the right answer to the wrong
    >>>> > > > question.
    >>>> > > >
    >>>> > > >
    >>>> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
    >>>> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
    >>>> > > > > You might try gathering up the XP .adm templates, copying
    >>>> > > > > them to temp folder on the 2000 DC. Then opening the A/D
    >>>> > > > > Group policy on the 2000 box right click on the
    >>>> > > > > Admisitrative templates container, choose add snap-in.
    >>>> > > > >
    >>>> > > > > It'll show the ones currently in use in the wnnt/inf
    >>>> > > > > folder, Browse over to the new ones in the temp folder
    >>>> > > > > and select add, it should ask you about overwriting etc.
    >>>> > > > >
    >>>> > > > > Choose yes.
    >>>> > > > >
    >>>> > > > > Once the new ones are copied in you will probably get a
    >>>> > > > > bunch messages stating the new ones are too long or
    >>>> > > > > something, but you'll have to hunt down an update for this
    >>>> > > > > I think I found it at microsoft tech experts page on XP,
    >>>> > > > > but it didn't seem to want to be found with search.
    >>>> > > > >
    >>>> > > > > Anyways, maybe that will help.
    >>>> > > > >
    >>>> > > > > Regards
    >>>> > > > >
    >>>> > > > > Hunter
    >>>> > > > >
    >>>> > > > >
    >>>> > > > >
    >>>> > > > >>-----Original Message-----
    >>>> > > > >>I updated our GPO on our Windows 2000 domain controllers
    >>>> > > > > with the latest ADM
    >>>> > > > >>files from XP SP2. I did this by opening up the GPO on a
    >>>> > > > > Windows XP Pro
    >>>> > > > >>workstation with SP2 and it automatically replicated the
    >>>> > > > > ADM files to our
    >>>> > > > >>domain controllers. See document at
    >>>> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/main
    >>>> > > > > tain/mangxpsp2/mngdepgp.mspx
    >>>> > > > >>
    >>>> > > > >>However, it seems like not all of the ADM files are
    >>>> > > > > replicating to the
    >>>> > > > >>Windows 2000 servers. For example, in the policy
    >>>> > > > > path "Administrative
    >>>> > > > >>Templates\Network\Network Connections\Windows
    >>>> > > > > Firewall\Domain Profile" there
    >>>> > > > >>are only 12 policies listed on the Windows 2000 Server
    >>>> > > > > but on the XP SP2 box,
    >>>> > > > >>there are 14 policies. The two that are missing are:
    >>>> > > > >>
    >>>> > > > >>Windows Firewall: Define program exceptions
    >>>> > > > >>Windows Firewall: Define port exceptions
    >>>> > > > >>
    >>>> > > > >>Is this by design or is there something wrong with the
    >>>> > > > > replication process?
    >>>> > > > >>It would be nice to be able to define program exceptions
    >>>> > > > > because there are a
    >>>> > > > >>couple programs within our environment that won't work
    >>>> > > > > unless we can exclude
    >>>> > > > >>them. It would be preferable to do this through GP
    >>>> > > > > instead of manually going
    >>>> > > > >>to each machine and defining the program exceptions.
    >>>> > > > >>
    >>>> > > > >>Thanks,
    >>>> > > > >>
    >>>> > > > >>d mac
    >>>> > > > >>.
    >>>> > > > >>
    >>>> > > >
    >>>> > > >
    >>>> > > >
    >>
    >>
    >
    >
Ask a new question

Read More

Policy Windows 2000 Windows XP Windows