Sign in with
Sign up | Sign in
Your question

Managing Group Policy on XP SP2

Last response: in Windows 2000/NT
Share
Anonymous
September 23, 2004 3:41:03 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I updated our GPO on our Windows 2000 domain controllers with the latest ADM
files from XP SP2. I did this by opening up the GPO on a Windows XP Pro
workstation with SP2 and it automatically replicated the ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/m...

However, it seems like not all of the ADM files are replicating to the
Windows 2000 servers. For example, in the policy path "Administrative
Templates\Network\Network Connections\Windows Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the replication process?
It would be nice to be able to define program exceptions because there are a
couple programs within our environment that won't work unless we can exclude
them. It would be preferable to do this through GP instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
September 23, 2004 4:06:22 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter



>-----Original Message-----
>I updated our GPO on our Windows 2000 domain controllers
with the latest ADM
>files from XP SP2. I did this by opening up the GPO on a
Windows XP Pro
>workstation with SP2 and it automatically replicated the
ADM files to our
>domain controllers. See document at
>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
tain/mangxpsp2/mngdepgp.mspx
>
>However, it seems like not all of the ADM files are
replicating to the
>Windows 2000 servers. For example, in the policy
path "Administrative
>Templates\Network\Network Connections\Windows
Firewall\Domain Profile" there
>are only 12 policies listed on the Windows 2000 Server
but on the XP SP2 box,
>there are 14 policies. The two that are missing are:
>
>Windows Firewall: Define program exceptions
>Windows Firewall: Define port exceptions
>
>Is this by design or is there something wrong with the
replication process?
>It would be nice to be able to define program exceptions
because there are a
>couple programs within our environment that won't work
unless we can exclude
>them. It would be preferable to do this through GP
instead of manually going
>to each machine and defining the program exceptions.
>
>Thanks,
>
>d mac
>.
>
Anonymous
September 23, 2004 4:59:24 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

http://support.microsoft.com/?kbid=842933 documents this problem and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.


"Hunter" <anonymous@discussions.microsoft.com> wrote in message
news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
> You might try gathering up the XP .adm templates, copying
> them to temp folder on the 2000 DC. Then opening the A/D
> Group policy on the 2000 box right click on the
> Admisitrative templates container, choose add snap-in.
>
> It'll show the ones currently in use in the wnnt/inf
> folder, Browse over to the new ones in the temp folder
> and select add, it should ask you about overwriting etc.
>
> Choose yes.
>
> Once the new ones are copied in you will probably get a
> bunch messages stating the new ones are too long or
> something, but you'll have to hunt down an update for this
> I think I found it at microsoft tech experts page on XP,
> but it didn't seem to want to be found with search.
>
> Anyways, maybe that will help.
>
> Regards
>
> Hunter
>
>
>
>>-----Original Message-----
>>I updated our GPO on our Windows 2000 domain controllers
> with the latest ADM
>>files from XP SP2. I did this by opening up the GPO on a
> Windows XP Pro
>>workstation with SP2 and it automatically replicated the
> ADM files to our
>>domain controllers. See document at
>>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
> tain/mangxpsp2/mngdepgp.mspx
>>
>>However, it seems like not all of the ADM files are
> replicating to the
>>Windows 2000 servers. For example, in the policy
> path "Administrative
>>Templates\Network\Network Connections\Windows
> Firewall\Domain Profile" there
>>are only 12 policies listed on the Windows 2000 Server
> but on the XP SP2 box,
>>there are 14 policies. The two that are missing are:
>>
>>Windows Firewall: Define program exceptions
>>Windows Firewall: Define port exceptions
>>
>>Is this by design or is there something wrong with the
> replication process?
>>It would be nice to be able to define program exceptions
> because there are a
>>couple programs within our environment that won't work
> unless we can exclude
>>them. It would be preferable to do this through GP
> instead of manually going
>>to each machine and defining the program exceptions.
>>
>>Thanks,
>>
>>d mac
>>.
>>
Related resources
Anonymous
September 23, 2004 8:13:03 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I still
have the issue where not all the policies are showing up on the Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files on the
Windows 2000 server to see if that updates all the policies on the domain
controllers to match the same amount showing on the XP SP2 workstation.

I'll let you know how it goes.

Thanks

d mac

"Bruce Sanderson" wrote:

> http://support.microsoft.com/?kbid=842933 documents this problem and has a
> patch available.
>
> --
> Bruce Sanderson MVP
>
> It's perfectly useless to know the right answer to the wrong question.
>
>
> "Hunter" <anonymous@discussions.microsoft.com> wrote in message
> news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
> > You might try gathering up the XP .adm templates, copying
> > them to temp folder on the 2000 DC. Then opening the A/D
> > Group policy on the 2000 box right click on the
> > Admisitrative templates container, choose add snap-in.
> >
> > It'll show the ones currently in use in the wnnt/inf
> > folder, Browse over to the new ones in the temp folder
> > and select add, it should ask you about overwriting etc.
> >
> > Choose yes.
> >
> > Once the new ones are copied in you will probably get a
> > bunch messages stating the new ones are too long or
> > something, but you'll have to hunt down an update for this
> > I think I found it at microsoft tech experts page on XP,
> > but it didn't seem to want to be found with search.
> >
> > Anyways, maybe that will help.
> >
> > Regards
> >
> > Hunter
> >
> >
> >
> >>-----Original Message-----
> >>I updated our GPO on our Windows 2000 domain controllers
> > with the latest ADM
> >>files from XP SP2. I did this by opening up the GPO on a
> > Windows XP Pro
> >>workstation with SP2 and it automatically replicated the
> > ADM files to our
> >>domain controllers. See document at
> >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
> > tain/mangxpsp2/mngdepgp.mspx
> >>
> >>However, it seems like not all of the ADM files are
> > replicating to the
> >>Windows 2000 servers. For example, in the policy
> > path "Administrative
> >>Templates\Network\Network Connections\Windows
> > Firewall\Domain Profile" there
> >>are only 12 policies listed on the Windows 2000 Server
> > but on the XP SP2 box,
> >>there are 14 policies. The two that are missing are:
> >>
> >>Windows Firewall: Define program exceptions
> >>Windows Firewall: Define port exceptions
> >>
> >>Is this by design or is there something wrong with the
> > replication process?
> >>It would be nice to be able to define program exceptions
> > because there are a
> >>couple programs within our environment that won't work
> > unless we can exclude
> >>them. It would be preferable to do this through GP
> > instead of manually going
> >>to each machine and defining the program exceptions.
> >>
> >>Thanks,
> >>
> >>d mac
> >>.
> >>
>
>
>
Anonymous
September 23, 2004 9:33:03 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I imported the ADM files from the XP SP2 workstation and still some of the
policies are missing (as mentioned below). I even imported the ADM files
from the Microsoft website (at
http://www.microsoft.com/downloads/details.aspx?FamilyI...) and still there are some missing.

It seems like there might be certain policies that aren't compatible with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

"d mac" wrote:

> Hi there,
>
> I downloaded the 842933 patch before opening the GPO on the XP SP2
> workstation, so I haven't had any of the "The following entry in the
> [strings] section is too long and has been truncated" errors. But I still
> have the issue where not all the policies are showing up on the Windows 2000
> Server vs. the XP SP2 workstation. Is this a known issue?
>
> I will try Hunter's suggestion on manually importing the ADM files on the
> Windows 2000 server to see if that updates all the policies on the domain
> controllers to match the same amount showing on the XP SP2 workstation.
>
> I'll let you know how it goes.
>
> Thanks
>
> d mac
>
> "Bruce Sanderson" wrote:
>
> > http://support.microsoft.com/?kbid=842933 documents this problem and has a
> > patch available.
> >
> > --
> > Bruce Sanderson MVP
> >
> > It's perfectly useless to know the right answer to the wrong question.
> >
> >
> > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
> > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
> > > You might try gathering up the XP .adm templates, copying
> > > them to temp folder on the 2000 DC. Then opening the A/D
> > > Group policy on the 2000 box right click on the
> > > Admisitrative templates container, choose add snap-in.
> > >
> > > It'll show the ones currently in use in the wnnt/inf
> > > folder, Browse over to the new ones in the temp folder
> > > and select add, it should ask you about overwriting etc.
> > >
> > > Choose yes.
> > >
> > > Once the new ones are copied in you will probably get a
> > > bunch messages stating the new ones are too long or
> > > something, but you'll have to hunt down an update for this
> > > I think I found it at microsoft tech experts page on XP,
> > > but it didn't seem to want to be found with search.
> > >
> > > Anyways, maybe that will help.
> > >
> > > Regards
> > >
> > > Hunter
> > >
> > >
> > >
> > >>-----Original Message-----
> > >>I updated our GPO on our Windows 2000 domain controllers
> > > with the latest ADM
> > >>files from XP SP2. I did this by opening up the GPO on a
> > > Windows XP Pro
> > >>workstation with SP2 and it automatically replicated the
> > > ADM files to our
> > >>domain controllers. See document at
> > >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
> > > tain/mangxpsp2/mngdepgp.mspx
> > >>
> > >>However, it seems like not all of the ADM files are
> > > replicating to the
> > >>Windows 2000 servers. For example, in the policy
> > > path "Administrative
> > >>Templates\Network\Network Connections\Windows
> > > Firewall\Domain Profile" there
> > >>are only 12 policies listed on the Windows 2000 Server
> > > but on the XP SP2 box,
> > >>there are 14 policies. The two that are missing are:
> > >>
> > >>Windows Firewall: Define program exceptions
> > >>Windows Firewall: Define port exceptions
> > >>
> > >>Is this by design or is there something wrong with the
> > > replication process?
> > >>It would be nice to be able to define program exceptions
> > > because there are a
> > >>couple programs within our environment that won't work
> > > unless we can exclude
> > >>them. It would be preferable to do this through GP
> > > instead of manually going
> > >>to each machine and defining the program exceptions.
> > >>
> > >>Thanks,
> > >>
> > >>d mac
> > >>.
> > >>
> >
> >
> >
September 24, 2004 12:08:05 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Short of the first suggestion I had I guess you could try
The Knowledge Base Article - 323639 ( how to create Custom
Adm templates in windows 2000)

H





>-----Original Message-----
>Hi there,
>
>I downloaded the 842933 patch before opening the GPO on
the XP SP2
>workstation, so I haven't had any of the "The following
entry in the
>[strings] section is too long and has been truncated"
errors. But I still
>have the issue where not all the policies are showing up
on the Windows 2000
>Server vs. the XP SP2 workstation. Is this a known issue?
>
>I will try Hunter's suggestion on manually importing the
ADM files on the
>Windows 2000 server to see if that updates all the
policies on the domain
>controllers to match the same amount showing on the XP
SP2 workstation.
>
>I'll let you know how it goes.
>
>Thanks
>
>d mac
>
>"Bruce Sanderson" wrote:
>
>> http://support.microsoft.com/?kbid=842933 documents
this problem and has a
>> patch available.
>>
>> --
>> Bruce Sanderson MVP
>>
>> It's perfectly useless to know the right answer to the
wrong question.
>>
>>
>> "Hunter" <anonymous@discussions.microsoft.com> wrote in
message
>> news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
>> > You might try gathering up the XP .adm templates,
copying
>> > them to temp folder on the 2000 DC. Then opening the
A/D
>> > Group policy on the 2000 box right click on the
>> > Admisitrative templates container, choose add snap-in.
>> >
>> > It'll show the ones currently in use in the wnnt/inf
>> > folder, Browse over to the new ones in the temp
folder
>> > and select add, it should ask you about overwriting
etc.
>> >
>> > Choose yes.
>> >
>> > Once the new ones are copied in you will probably get
a
>> > bunch messages stating the new ones are too long or
>> > something, but you'll have to hunt down an update for
this
>> > I think I found it at microsoft tech experts page on
XP,
>> > but it didn't seem to want to be found with search.
>> >
>> > Anyways, maybe that will help.
>> >
>> > Regards
>> >
>> > Hunter
>> >
>> >
>> >
>> >>-----Original Message-----
>> >>I updated our GPO on our Windows 2000 domain
controllers
>> > with the latest ADM
>> >>files from XP SP2. I did this by opening up the GPO
on a
>> > Windows XP Pro
>> >>workstation with SP2 and it automatically replicated
the
>> > ADM files to our
>> >>domain controllers. See document at
>>
>>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
n
>> > tain/mangxpsp2/mngdepgp.mspx
>> >>
>> >>However, it seems like not all of the ADM files are
>> > replicating to the
>> >>Windows 2000 servers. For example, in the policy
>> > path "Administrative
>> >>Templates\Network\Network Connections\Windows
>> > Firewall\Domain Profile" there
>> >>are only 12 policies listed on the Windows 2000 Server
>> > but on the XP SP2 box,
>> >>there are 14 policies. The two that are missing are:
>> >>
>> >>Windows Firewall: Define program exceptions
>> >>Windows Firewall: Define port exceptions
>> >>
>> >>Is this by design or is there something wrong with the
>> > replication process?
>> >>It would be nice to be able to define program
exceptions
>> > because there are a
>> >>couple programs within our environment that won't work
>> > unless we can exclude
>> >>them. It would be preferable to do this through GP
>> > instead of manually going
>> >>to each machine and defining the program exceptions.
>> >>
>> >>Thanks,
>> >>
>> >>d mac
>> >>.
>> >>
>>
>>
>>
>.
>
Anonymous
September 24, 2004 4:57:03 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I've been facing the EXACT same issue since yesterday. If you come up with a
solution, it would be great to post it here. I'll do the same.

billj

"d mac" wrote:

> I imported the ADM files from the XP SP2 workstation and still some of the
> policies are missing (as mentioned below). I even imported the ADM files
> from the Microsoft website (at
> http://www.microsoft.com/downloads/details.aspx?FamilyI...) and still there are some missing.
>
> It seems like there might be certain policies that aren't compatible with
> Windows 2000 Server. Does anyone know what I should try next?
>
> Thanks,
>
> d mac
>
> "d mac" wrote:
>
> > Hi there,
> >
> > I downloaded the 842933 patch before opening the GPO on the XP SP2
> > workstation, so I haven't had any of the "The following entry in the
> > [strings] section is too long and has been truncated" errors. But I still
> > have the issue where not all the policies are showing up on the Windows 2000
> > Server vs. the XP SP2 workstation. Is this a known issue?
> >
> > I will try Hunter's suggestion on manually importing the ADM files on the
> > Windows 2000 server to see if that updates all the policies on the domain
> > controllers to match the same amount showing on the XP SP2 workstation.
> >
> > I'll let you know how it goes.
> >
> > Thanks
> >
> > d mac
> >
> > "Bruce Sanderson" wrote:
> >
> > > http://support.microsoft.com/?kbid=842933 documents this problem and has a
> > > patch available.
> > >
> > > --
> > > Bruce Sanderson MVP
> > >
> > > It's perfectly useless to know the right answer to the wrong question.
> > >
> > >
> > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
> > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
> > > > You might try gathering up the XP .adm templates, copying
> > > > them to temp folder on the 2000 DC. Then opening the A/D
> > > > Group policy on the 2000 box right click on the
> > > > Admisitrative templates container, choose add snap-in.
> > > >
> > > > It'll show the ones currently in use in the wnnt/inf
> > > > folder, Browse over to the new ones in the temp folder
> > > > and select add, it should ask you about overwriting etc.
> > > >
> > > > Choose yes.
> > > >
> > > > Once the new ones are copied in you will probably get a
> > > > bunch messages stating the new ones are too long or
> > > > something, but you'll have to hunt down an update for this
> > > > I think I found it at microsoft tech experts page on XP,
> > > > but it didn't seem to want to be found with search.
> > > >
> > > > Anyways, maybe that will help.
> > > >
> > > > Regards
> > > >
> > > > Hunter
> > > >
> > > >
> > > >
> > > >>-----Original Message-----
> > > >>I updated our GPO on our Windows 2000 domain controllers
> > > > with the latest ADM
> > > >>files from XP SP2. I did this by opening up the GPO on a
> > > > Windows XP Pro
> > > >>workstation with SP2 and it automatically replicated the
> > > > ADM files to our
> > > >>domain controllers. See document at
> > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
> > > > tain/mangxpsp2/mngdepgp.mspx
> > > >>
> > > >>However, it seems like not all of the ADM files are
> > > > replicating to the
> > > >>Windows 2000 servers. For example, in the policy
> > > > path "Administrative
> > > >>Templates\Network\Network Connections\Windows
> > > > Firewall\Domain Profile" there
> > > >>are only 12 policies listed on the Windows 2000 Server
> > > > but on the XP SP2 box,
> > > >>there are 14 policies. The two that are missing are:
> > > >>
> > > >>Windows Firewall: Define program exceptions
> > > >>Windows Firewall: Define port exceptions
> > > >>
> > > >>Is this by design or is there something wrong with the
> > > > replication process?
> > > >>It would be nice to be able to define program exceptions
> > > > because there are a
> > > >>couple programs within our environment that won't work
> > > > unless we can exclude
> > > >>them. It would be preferable to do this through GP
> > > > instead of manually going
> > > >>to each machine and defining the program exceptions.
> > > >>
> > > >>Thanks,
> > > >>
> > > >>d mac
> > > >>.
> > > >>
> > >
> > >
> > >
Anonymous
September 28, 2004 9:53:02 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I'm glad I'm not the only one. I will definitely know if I find any fixes.
For the time being, I'm enabling the policy through the workstation that has
XP SP2 and it seems to be applying through the domain controllers, however
the programs don't show up on the list in the Windows Firewall like I would
expect. Can you see if this is the same experience for you? I'm guessing
it's doing this because the policy isn't listed on the servers but still
affects the machines as a policy.

d mac


"billj" wrote:

> I've been facing the EXACT same issue since yesterday. If you come up with a
> solution, it would be great to post it here. I'll do the same.
>
> billj
>
> "d mac" wrote:
>
> > I imported the ADM files from the XP SP2 workstation and still some of the
> > policies are missing (as mentioned below). I even imported the ADM files
> > from the Microsoft website (at
> > http://www.microsoft.com/downloads/details.aspx?FamilyI...) and still there are some missing.
> >
> > It seems like there might be certain policies that aren't compatible with
> > Windows 2000 Server. Does anyone know what I should try next?
> >
> > Thanks,
> >
> > d mac
> >
> > "d mac" wrote:
> >
> > > Hi there,
> > >
> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
> > > workstation, so I haven't had any of the "The following entry in the
> > > [strings] section is too long and has been truncated" errors. But I still
> > > have the issue where not all the policies are showing up on the Windows 2000
> > > Server vs. the XP SP2 workstation. Is this a known issue?
> > >
> > > I will try Hunter's suggestion on manually importing the ADM files on the
> > > Windows 2000 server to see if that updates all the policies on the domain
> > > controllers to match the same amount showing on the XP SP2 workstation.
> > >
> > > I'll let you know how it goes.
> > >
> > > Thanks
> > >
> > > d mac
> > >
> > > "Bruce Sanderson" wrote:
> > >
> > > > http://support.microsoft.com/?kbid=842933 documents this problem and has a
> > > > patch available.
> > > >
> > > > --
> > > > Bruce Sanderson MVP
> > > >
> > > > It's perfectly useless to know the right answer to the wrong question.
> > > >
> > > >
> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
> > > > > You might try gathering up the XP .adm templates, copying
> > > > > them to temp folder on the 2000 DC. Then opening the A/D
> > > > > Group policy on the 2000 box right click on the
> > > > > Admisitrative templates container, choose add snap-in.
> > > > >
> > > > > It'll show the ones currently in use in the wnnt/inf
> > > > > folder, Browse over to the new ones in the temp folder
> > > > > and select add, it should ask you about overwriting etc.
> > > > >
> > > > > Choose yes.
> > > > >
> > > > > Once the new ones are copied in you will probably get a
> > > > > bunch messages stating the new ones are too long or
> > > > > something, but you'll have to hunt down an update for this
> > > > > I think I found it at microsoft tech experts page on XP,
> > > > > but it didn't seem to want to be found with search.
> > > > >
> > > > > Anyways, maybe that will help.
> > > > >
> > > > > Regards
> > > > >
> > > > > Hunter
> > > > >
> > > > >
> > > > >
> > > > >>-----Original Message-----
> > > > >>I updated our GPO on our Windows 2000 domain controllers
> > > > > with the latest ADM
> > > > >>files from XP SP2. I did this by opening up the GPO on a
> > > > > Windows XP Pro
> > > > >>workstation with SP2 and it automatically replicated the
> > > > > ADM files to our
> > > > >>domain controllers. See document at
> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
> > > > > tain/mangxpsp2/mngdepgp.mspx
> > > > >>
> > > > >>However, it seems like not all of the ADM files are
> > > > > replicating to the
> > > > >>Windows 2000 servers. For example, in the policy
> > > > > path "Administrative
> > > > >>Templates\Network\Network Connections\Windows
> > > > > Firewall\Domain Profile" there
> > > > >>are only 12 policies listed on the Windows 2000 Server
> > > > > but on the XP SP2 box,
> > > > >>there are 14 policies. The two that are missing are:
> > > > >>
> > > > >>Windows Firewall: Define program exceptions
> > > > >>Windows Firewall: Define port exceptions
> > > > >>
> > > > >>Is this by design or is there something wrong with the
> > > > > replication process?
> > > > >>It would be nice to be able to define program exceptions
> > > > > because there are a
> > > > >>couple programs within our environment that won't work
> > > > > unless we can exclude
> > > > >>them. It would be preferable to do this through GP
> > > > > instead of manually going
> > > > >>to each machine and defining the program exceptions.
> > > > >>
> > > > >>Thanks,
> > > > >>
> > > > >>d mac
> > > > >>.
> > > > >>
> > > >
> > > >
> > > >
Anonymous
September 29, 2004 1:41:10 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I just checked this out and found the same behavior on my Win2K machine when
viewing an XP, SP2 policy--specifically those two Windows Firewall policies:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
that you've found. I can see no reason, in looking at the ADM file, why they
should not appear. Maybe someone on this NG from Microsoft can check into
it?



--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Whitepapers and Utilities for all things Group Policy-related



"d mac" <dmac@discussions.microsoft.com> wrote in message
news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
> I'm glad I'm not the only one. I will definitely know if I find any
> fixes.
> For the time being, I'm enabling the policy through the workstation that
> has
> XP SP2 and it seems to be applying through the domain controllers, however
> the programs don't show up on the list in the Windows Firewall like I
> would
> expect. Can you see if this is the same experience for you? I'm guessing
> it's doing this because the policy isn't listed on the servers but still
> affects the machines as a policy.
>
> d mac
>
>
> "billj" wrote:
>
>> I've been facing the EXACT same issue since yesterday. If you come up
>> with a
>> solution, it would be great to post it here. I'll do the same.
>>
>> billj
>>
>> "d mac" wrote:
>>
>> > I imported the ADM files from the XP SP2 workstation and still some of
>> > the
>> > policies are missing (as mentioned below). I even imported the ADM
>> > files
>> > from the Microsoft website (at
>> > http://www.microsoft.com/downloads/details.aspx?FamilyI...)
>> > and still there are some missing.
>> >
>> > It seems like there might be certain policies that aren't compatible
>> > with
>> > Windows 2000 Server. Does anyone know what I should try next?
>> >
>> > Thanks,
>> >
>> > d mac
>> >
>> > "d mac" wrote:
>> >
>> > > Hi there,
>> > >
>> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
>> > > workstation, so I haven't had any of the "The following entry in the
>> > > [strings] section is too long and has been truncated" errors. But I
>> > > still
>> > > have the issue where not all the policies are showing up on the
>> > > Windows 2000
>> > > Server vs. the XP SP2 workstation. Is this a known issue?
>> > >
>> > > I will try Hunter's suggestion on manually importing the ADM files on
>> > > the
>> > > Windows 2000 server to see if that updates all the policies on the
>> > > domain
>> > > controllers to match the same amount showing on the XP SP2
>> > > workstation.
>> > >
>> > > I'll let you know how it goes.
>> > >
>> > > Thanks
>> > >
>> > > d mac
>> > >
>> > > "Bruce Sanderson" wrote:
>> > >
>> > > > http://support.microsoft.com/?kbid=842933 documents this problem
>> > > > and has a
>> > > > patch available.
>> > > >
>> > > > --
>> > > > Bruce Sanderson MVP
>> > > >
>> > > > It's perfectly useless to know the right answer to the wrong
>> > > > question.
>> > > >
>> > > >
>> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
>> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
>> > > > > You might try gathering up the XP .adm templates, copying
>> > > > > them to temp folder on the 2000 DC. Then opening the A/D
>> > > > > Group policy on the 2000 box right click on the
>> > > > > Admisitrative templates container, choose add snap-in.
>> > > > >
>> > > > > It'll show the ones currently in use in the wnnt/inf
>> > > > > folder, Browse over to the new ones in the temp folder
>> > > > > and select add, it should ask you about overwriting etc.
>> > > > >
>> > > > > Choose yes.
>> > > > >
>> > > > > Once the new ones are copied in you will probably get a
>> > > > > bunch messages stating the new ones are too long or
>> > > > > something, but you'll have to hunt down an update for this
>> > > > > I think I found it at microsoft tech experts page on XP,
>> > > > > but it didn't seem to want to be found with search.
>> > > > >
>> > > > > Anyways, maybe that will help.
>> > > > >
>> > > > > Regards
>> > > > >
>> > > > > Hunter
>> > > > >
>> > > > >
>> > > > >
>> > > > >>-----Original Message-----
>> > > > >>I updated our GPO on our Windows 2000 domain controllers
>> > > > > with the latest ADM
>> > > > >>files from XP SP2. I did this by opening up the GPO on a
>> > > > > Windows XP Pro
>> > > > >>workstation with SP2 and it automatically replicated the
>> > > > > ADM files to our
>> > > > >>domain controllers. See document at
>> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
>> > > > > tain/mangxpsp2/mngdepgp.mspx
>> > > > >>
>> > > > >>However, it seems like not all of the ADM files are
>> > > > > replicating to the
>> > > > >>Windows 2000 servers. For example, in the policy
>> > > > > path "Administrative
>> > > > >>Templates\Network\Network Connections\Windows
>> > > > > Firewall\Domain Profile" there
>> > > > >>are only 12 policies listed on the Windows 2000 Server
>> > > > > but on the XP SP2 box,
>> > > > >>there are 14 policies. The two that are missing are:
>> > > > >>
>> > > > >>Windows Firewall: Define program exceptions
>> > > > >>Windows Firewall: Define port exceptions
>> > > > >>
>> > > > >>Is this by design or is there something wrong with the
>> > > > > replication process?
>> > > > >>It would be nice to be able to define program exceptions
>> > > > > because there are a
>> > > > >>couple programs within our environment that won't work
>> > > > > unless we can exclude
>> > > > >>them. It would be preferable to do this through GP
>> > > > > instead of manually going
>> > > > >>to each machine and defining the program exceptions.
>> > > > >>
>> > > > >>Thanks,
>> > > > >>
>> > > > >>d mac
>> > > > >>.
>> > > > >>
>> > > >
>> > > >
>> > > >
Anonymous
September 29, 2004 2:37:14 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Here's another good question late in the game... well, maybe not so good of
a question... how can I manage domain group policies from my XP machine?
When I go Start>Run>gpedit.msc, the window I get says "Local policy". I
can't seem to run what I would think is gpmc.mmc/msc

It's something probably really simple I'm missing...

TIA

K

"Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
> I just checked this out and found the same behavior on my Win2K machine
when
> viewing an XP, SP2 policy--specifically those two Windows Firewall
policies:
>
> Windows Firewall: Define program exceptions
> Windows Firewall: Define port exceptions
>
> do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
> that you've found. I can see no reason, in looking at the ADM file, why
they
> should not appear. Maybe someone on this NG from Microsoft can check into
> it?
>
>
>
> --
> Darren Mar-Elia
> MS-MVP-Windows Server--Group Policy
> Check out http://www.gpoguy.com -- The Windows Group Policy Information
Hub:
> FAQs, Whitepapers and Utilities for all things Group Policy-related
>
>
>
> "d mac" <dmac@discussions.microsoft.com> wrote in message
> news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
> > I'm glad I'm not the only one. I will definitely know if I find any
> > fixes.
> > For the time being, I'm enabling the policy through the workstation that
> > has
> > XP SP2 and it seems to be applying through the domain controllers,
however
> > the programs don't show up on the list in the Windows Firewall like I
> > would
> > expect. Can you see if this is the same experience for you? I'm
guessing
> > it's doing this because the policy isn't listed on the servers but still
> > affects the machines as a policy.
> >
> > d mac
> >
> >
> > "billj" wrote:
> >
> >> I've been facing the EXACT same issue since yesterday. If you come up
> >> with a
> >> solution, it would be great to post it here. I'll do the same.
> >>
> >> billj
> >>
> >> "d mac" wrote:
> >>
> >> > I imported the ADM files from the XP SP2 workstation and still some
of
> >> > the
> >> > policies are missing (as mentioned below). I even imported the ADM
> >> > files
> >> > from the Microsoft website (at
> >> >
http://www.microsoft.com/downloads/details.aspx?FamilyI...)
> >> > and still there are some missing.
> >> >
> >> > It seems like there might be certain policies that aren't compatible
> >> > with
> >> > Windows 2000 Server. Does anyone know what I should try next?
> >> >
> >> > Thanks,
> >> >
> >> > d mac
> >> >
> >> > "d mac" wrote:
> >> >
> >> > > Hi there,
> >> > >
> >> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
> >> > > workstation, so I haven't had any of the "The following entry in
the
> >> > > [strings] section is too long and has been truncated" errors. But
I
> >> > > still
> >> > > have the issue where not all the policies are showing up on the
> >> > > Windows 2000
> >> > > Server vs. the XP SP2 workstation. Is this a known issue?
> >> > >
> >> > > I will try Hunter's suggestion on manually importing the ADM files
on
> >> > > the
> >> > > Windows 2000 server to see if that updates all the policies on the
> >> > > domain
> >> > > controllers to match the same amount showing on the XP SP2
> >> > > workstation.
> >> > >
> >> > > I'll let you know how it goes.
> >> > >
> >> > > Thanks
> >> > >
> >> > > d mac
> >> > >
> >> > > "Bruce Sanderson" wrote:
> >> > >
> >> > > > http://support.microsoft.com/?kbid=842933 documents this problem
> >> > > > and has a
> >> > > > patch available.
> >> > > >
> >> > > > --
> >> > > > Bruce Sanderson MVP
> >> > > >
> >> > > > It's perfectly useless to know the right answer to the wrong
> >> > > > question.
> >> > > >
> >> > > >
> >> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
> >> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
> >> > > > > You might try gathering up the XP .adm templates, copying
> >> > > > > them to temp folder on the 2000 DC. Then opening the A/D
> >> > > > > Group policy on the 2000 box right click on the
> >> > > > > Admisitrative templates container, choose add snap-in.
> >> > > > >
> >> > > > > It'll show the ones currently in use in the wnnt/inf
> >> > > > > folder, Browse over to the new ones in the temp folder
> >> > > > > and select add, it should ask you about overwriting etc.
> >> > > > >
> >> > > > > Choose yes.
> >> > > > >
> >> > > > > Once the new ones are copied in you will probably get a
> >> > > > > bunch messages stating the new ones are too long or
> >> > > > > something, but you'll have to hunt down an update for this
> >> > > > > I think I found it at microsoft tech experts page on XP,
> >> > > > > but it didn't seem to want to be found with search.
> >> > > > >
> >> > > > > Anyways, maybe that will help.
> >> > > > >
> >> > > > > Regards
> >> > > > >
> >> > > > > Hunter
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > >>-----Original Message-----
> >> > > > >>I updated our GPO on our Windows 2000 domain controllers
> >> > > > > with the latest ADM
> >> > > > >>files from XP SP2. I did this by opening up the GPO on a
> >> > > > > Windows XP Pro
> >> > > > >>workstation with SP2 and it automatically replicated the
> >> > > > > ADM files to our
> >> > > > >>domain controllers. See document at
> >> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
> >> > > > > tain/mangxpsp2/mngdepgp.mspx
> >> > > > >>
> >> > > > >>However, it seems like not all of the ADM files are
> >> > > > > replicating to the
> >> > > > >>Windows 2000 servers. For example, in the policy
> >> > > > > path "Administrative
> >> > > > >>Templates\Network\Network Connections\Windows
> >> > > > > Firewall\Domain Profile" there
> >> > > > >>are only 12 policies listed on the Windows 2000 Server
> >> > > > > but on the XP SP2 box,
> >> > > > >>there are 14 policies. The two that are missing are:
> >> > > > >>
> >> > > > >>Windows Firewall: Define program exceptions
> >> > > > >>Windows Firewall: Define port exceptions
> >> > > > >>
> >> > > > >>Is this by design or is there something wrong with the
> >> > > > > replication process?
> >> > > > >>It would be nice to be able to define program exceptions
> >> > > > > because there are a
> >> > > > >>couple programs within our environment that won't work
> >> > > > > unless we can exclude
> >> > > > >>them. It would be preferable to do this through GP
> >> > > > > instead of manually going
> >> > > > >>to each machine and defining the program exceptions.
> >> > > > >>
> >> > > > >>Thanks,
> >> > > > >>
> >> > > > >>d mac
> >> > > > >>.
> >> > > > >>
> >> > > >
> >> > > >
> >> > > >
>
>
Anonymous
September 29, 2004 2:37:15 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

You might check to see that you have the latest copy of the GP Management
Console on your XP workstation:

http://www.microsoft.com/downloads/details.aspx?FamilyI...

"Ken B" wrote:

> Here's another good question late in the game... well, maybe not so good of
> a question... how can I manage domain group policies from my XP machine?
> When I go Start>Run>gpedit.msc, the window I get says "Local policy". I
> can't seem to run what I would think is gpmc.mmc/msc
>
> It's something probably really simple I'm missing...
>
> TIA
>
> K
>
> "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
> news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
> > I just checked this out and found the same behavior on my Win2K machine
> when
> > viewing an XP, SP2 policy--specifically those two Windows Firewall
> policies:
> >
> > Windows Firewall: Define program exceptions
> > Windows Firewall: Define port exceptions
> >
> > do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
> > that you've found. I can see no reason, in looking at the ADM file, why
> they
> > should not appear. Maybe someone on this NG from Microsoft can check into
> > it?
> >
> >
> >
> > --
> > Darren Mar-Elia
> > MS-MVP-Windows Server--Group Policy
> > Check out http://www.gpoguy.com -- The Windows Group Policy Information
> Hub:
> > FAQs, Whitepapers and Utilities for all things Group Policy-related
> >
> >
> >
> > "d mac" <dmac@discussions.microsoft.com> wrote in message
> > news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
> > > I'm glad I'm not the only one. I will definitely know if I find any
> > > fixes.
> > > For the time being, I'm enabling the policy through the workstation that
> > > has
> > > XP SP2 and it seems to be applying through the domain controllers,
> however
> > > the programs don't show up on the list in the Windows Firewall like I
> > > would
> > > expect. Can you see if this is the same experience for you? I'm
> guessing
> > > it's doing this because the policy isn't listed on the servers but still
> > > affects the machines as a policy.
> > >
> > > d mac
> > >
> > >
> > > "billj" wrote:
> > >
> > >> I've been facing the EXACT same issue since yesterday. If you come up
> > >> with a
> > >> solution, it would be great to post it here. I'll do the same.
> > >>
> > >> billj
> > >>
> > >> "d mac" wrote:
> > >>
> > >> > I imported the ADM files from the XP SP2 workstation and still some
> of
> > >> > the
> > >> > policies are missing (as mentioned below). I even imported the ADM
> > >> > files
> > >> > from the Microsoft website (at
> > >> >
> http://www.microsoft.com/downloads/details.aspx?FamilyI...)
> > >> > and still there are some missing.
> > >> >
> > >> > It seems like there might be certain policies that aren't compatible
> > >> > with
> > >> > Windows 2000 Server. Does anyone know what I should try next?
> > >> >
> > >> > Thanks,
> > >> >
> > >> > d mac
> > >> >
> > >> > "d mac" wrote:
> > >> >
> > >> > > Hi there,
> > >> > >
> > >> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
> > >> > > workstation, so I haven't had any of the "The following entry in
> the
> > >> > > [strings] section is too long and has been truncated" errors. But
> I
> > >> > > still
> > >> > > have the issue where not all the policies are showing up on the
> > >> > > Windows 2000
> > >> > > Server vs. the XP SP2 workstation. Is this a known issue?
> > >> > >
> > >> > > I will try Hunter's suggestion on manually importing the ADM files
> on
> > >> > > the
> > >> > > Windows 2000 server to see if that updates all the policies on the
> > >> > > domain
> > >> > > controllers to match the same amount showing on the XP SP2
> > >> > > workstation.
> > >> > >
> > >> > > I'll let you know how it goes.
> > >> > >
> > >> > > Thanks
> > >> > >
> > >> > > d mac
> > >> > >
> > >> > > "Bruce Sanderson" wrote:
> > >> > >
> > >> > > > http://support.microsoft.com/?kbid=842933 documents this problem
> > >> > > > and has a
> > >> > > > patch available.
> > >> > > >
> > >> > > > --
> > >> > > > Bruce Sanderson MVP
> > >> > > >
> > >> > > > It's perfectly useless to know the right answer to the wrong
> > >> > > > question.
> > >> > > >
> > >> > > >
> > >> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
> > >> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
> > >> > > > > You might try gathering up the XP .adm templates, copying
> > >> > > > > them to temp folder on the 2000 DC. Then opening the A/D
> > >> > > > > Group policy on the 2000 box right click on the
> > >> > > > > Admisitrative templates container, choose add snap-in.
> > >> > > > >
> > >> > > > > It'll show the ones currently in use in the wnnt/inf
> > >> > > > > folder, Browse over to the new ones in the temp folder
> > >> > > > > and select add, it should ask you about overwriting etc.
> > >> > > > >
> > >> > > > > Choose yes.
> > >> > > > >
> > >> > > > > Once the new ones are copied in you will probably get a
> > >> > > > > bunch messages stating the new ones are too long or
> > >> > > > > something, but you'll have to hunt down an update for this
> > >> > > > > I think I found it at microsoft tech experts page on XP,
> > >> > > > > but it didn't seem to want to be found with search.
> > >> > > > >
> > >> > > > > Anyways, maybe that will help.
> > >> > > > >
> > >> > > > > Regards
> > >> > > > >
> > >> > > > > Hunter
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > >>-----Original Message-----
> > >> > > > >>I updated our GPO on our Windows 2000 domain controllers
> > >> > > > > with the latest ADM
> > >> > > > >>files from XP SP2. I did this by opening up the GPO on a
> > >> > > > > Windows XP Pro
> > >> > > > >>workstation with SP2 and it automatically replicated the
> > >> > > > > ADM files to our
> > >> > > > >>domain controllers. See document at
> > >> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
> > >> > > > > tain/mangxpsp2/mngdepgp.mspx
> > >> > > > >>
> > >> > > > >>However, it seems like not all of the ADM files are
> > >> > > > > replicating to the
> > >> > > > >>Windows 2000 servers. For example, in the policy
> > >> > > > > path "Administrative
> > >> > > > >>Templates\Network\Network Connections\Windows
> > >> > > > > Firewall\Domain Profile" there
> > >> > > > >>are only 12 policies listed on the Windows 2000 Server
> > >> > > > > but on the XP SP2 box,
> > >> > > > >>there are 14 policies. The two that are missing are:
> > >> > > > >>
> > >> > > > >>Windows Firewall: Define program exceptions
> > >> > > > >>Windows Firewall: Define port exceptions
> > >> > > > >>
> > >> > > > >>Is this by design or is there something wrong with the
> > >> > > > > replication process?
> > >> > > > >>It would be nice to be able to define program exceptions
> > >> > > > > because there are a
> > >> > > > >>couple programs within our environment that won't work
> > >> > > > > unless we can exclude
> > >> > > > >>them. It would be preferable to do this through GP
> > >> > > > > instead of manually going
> > >> > > > >>to each machine and defining the program exceptions.
> > >> > > > >>
> > >> > > > >>Thanks,
> > >> > > > >>
> > >> > > > >>d mac
> > >> > > > >>.
> > >> > > > >>
> > >> > > >
> > >> > > >
> > >> > > >
> >
> >
>
>
>
Anonymous
September 29, 2004 2:37:15 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi Ken

On your XP machine, go to Start > Run > type in MMC and hit enter. Go to
the File menu and select Add/Remove Snap-in. Click the Add button > scroll
through the list and select Group Policy > click Add. You can then click
Browse and look for the domain policy that you want to edit, select it, click
OK > Finish > Close > OK. Then you should see the Policy listed in the
management console.

d mac

"Ken B" wrote:

> Here's another good question late in the game... well, maybe not so good of
> a question... how can I manage domain group policies from my XP machine?
> When I go Start>Run>gpedit.msc, the window I get says "Local policy". I
> can't seem to run what I would think is gpmc.mmc/msc
>
> It's something probably really simple I'm missing...
>
> TIA
>
> K
>
> "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
> news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
> > I just checked this out and found the same behavior on my Win2K machine
> when
> > viewing an XP, SP2 policy--specifically those two Windows Firewall
> policies:
> >
> > Windows Firewall: Define program exceptions
> > Windows Firewall: Define port exceptions
> >
> > do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
> > that you've found. I can see no reason, in looking at the ADM file, why
> they
> > should not appear. Maybe someone on this NG from Microsoft can check into
> > it?
> >
> >
> >
> > --
> > Darren Mar-Elia
> > MS-MVP-Windows Server--Group Policy
> > Check out http://www.gpoguy.com -- The Windows Group Policy Information
> Hub:
> > FAQs, Whitepapers and Utilities for all things Group Policy-related
> >
> >
> >
> > "d mac" <dmac@discussions.microsoft.com> wrote in message
> > news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
> > > I'm glad I'm not the only one. I will definitely know if I find any
> > > fixes.
> > > For the time being, I'm enabling the policy through the workstation that
> > > has
> > > XP SP2 and it seems to be applying through the domain controllers,
> however
> > > the programs don't show up on the list in the Windows Firewall like I
> > > would
> > > expect. Can you see if this is the same experience for you? I'm
> guessing
> > > it's doing this because the policy isn't listed on the servers but still
> > > affects the machines as a policy.
> > >
> > > d mac
> > >
> > >
> > > "billj" wrote:
> > >
> > >> I've been facing the EXACT same issue since yesterday. If you come up
> > >> with a
> > >> solution, it would be great to post it here. I'll do the same.
> > >>
> > >> billj
> > >>
> > >> "d mac" wrote:
> > >>
> > >> > I imported the ADM files from the XP SP2 workstation and still some
> of
> > >> > the
> > >> > policies are missing (as mentioned below). I even imported the ADM
> > >> > files
> > >> > from the Microsoft website (at
> > >> >
> http://www.microsoft.com/downloads/details.aspx?FamilyI...)
> > >> > and still there are some missing.
> > >> >
> > >> > It seems like there might be certain policies that aren't compatible
> > >> > with
> > >> > Windows 2000 Server. Does anyone know what I should try next?
> > >> >
> > >> > Thanks,
> > >> >
> > >> > d mac
> > >> >
> > >> > "d mac" wrote:
> > >> >
> > >> > > Hi there,
> > >> > >
> > >> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
> > >> > > workstation, so I haven't had any of the "The following entry in
> the
> > >> > > [strings] section is too long and has been truncated" errors. But
> I
> > >> > > still
> > >> > > have the issue where not all the policies are showing up on the
> > >> > > Windows 2000
> > >> > > Server vs. the XP SP2 workstation. Is this a known issue?
> > >> > >
> > >> > > I will try Hunter's suggestion on manually importing the ADM files
> on
> > >> > > the
> > >> > > Windows 2000 server to see if that updates all the policies on the
> > >> > > domain
> > >> > > controllers to match the same amount showing on the XP SP2
> > >> > > workstation.
> > >> > >
> > >> > > I'll let you know how it goes.
> > >> > >
> > >> > > Thanks
> > >> > >
> > >> > > d mac
> > >> > >
> > >> > > "Bruce Sanderson" wrote:
> > >> > >
> > >> > > > http://support.microsoft.com/?kbid=842933 documents this problem
> > >> > > > and has a
> > >> > > > patch available.
> > >> > > >
> > >> > > > --
> > >> > > > Bruce Sanderson MVP
> > >> > > >
> > >> > > > It's perfectly useless to know the right answer to the wrong
> > >> > > > question.
> > >> > > >
> > >> > > >
> > >> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
> > >> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
> > >> > > > > You might try gathering up the XP .adm templates, copying
> > >> > > > > them to temp folder on the 2000 DC. Then opening the A/D
> > >> > > > > Group policy on the 2000 box right click on the
> > >> > > > > Admisitrative templates container, choose add snap-in.
> > >> > > > >
> > >> > > > > It'll show the ones currently in use in the wnnt/inf
> > >> > > > > folder, Browse over to the new ones in the temp folder
> > >> > > > > and select add, it should ask you about overwriting etc.
> > >> > > > >
> > >> > > > > Choose yes.
> > >> > > > >
> > >> > > > > Once the new ones are copied in you will probably get a
> > >> > > > > bunch messages stating the new ones are too long or
> > >> > > > > something, but you'll have to hunt down an update for this
> > >> > > > > I think I found it at microsoft tech experts page on XP,
> > >> > > > > but it didn't seem to want to be found with search.
> > >> > > > >
> > >> > > > > Anyways, maybe that will help.
> > >> > > > >
> > >> > > > > Regards
> > >> > > > >
> > >> > > > > Hunter
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > >>-----Original Message-----
> > >> > > > >>I updated our GPO on our Windows 2000 domain controllers
> > >> > > > > with the latest ADM
> > >> > > > >>files from XP SP2. I did this by opening up the GPO on a
> > >> > > > > Windows XP Pro
> > >> > > > >>workstation with SP2 and it automatically replicated the
> > >> > > > > ADM files to our
> > >> > > > >>domain controllers. See document at
> > >> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
> > >> > > > > tain/mangxpsp2/mngdepgp.mspx
> > >> > > > >>
> > >> > > > >>However, it seems like not all of the ADM files are
> > >> > > > > replicating to the
> > >> > > > >>Windows 2000 servers. For example, in the policy
> > >> > > > > path "Administrative
> > >> > > > >>Templates\Network\Network Connections\Windows
> > >> > > > > Firewall\Domain Profile" there
> > >> > > > >>are only 12 policies listed on the Windows 2000 Server
> > >> > > > > but on the XP SP2 box,
> > >> > > > >>there are 14 policies. The two that are missing are:
> > >> > > > >>
> > >> > > > >>Windows Firewall: Define program exceptions
> > >> > > > >>Windows Firewall: Define port exceptions
> > >> > > > >>
> > >> > > > >>Is this by design or is there something wrong with the
> > >> > > > > replication process?
> > >> > > > >>It would be nice to be able to define program exceptions
> > >> > > > > because there are a
> > >> > > > >>couple programs within our environment that won't work
> > >> > > > > unless we can exclude
> > >> > > > >>them. It would be preferable to do this through GP
> > >> > > > > instead of manually going
> > >> > > > >>to each machine and defining the program exceptions.
> > >> > > > >>
> > >> > > > >>Thanks,
> > >> > > > >>
> > >> > > > >>d mac
> > >> > > > >>.
> > >> > > > >>
> > >> > > >
> > >> > > >
> > >> > > >
> >
> >
>
>
>
Anonymous
November 3, 2004 10:03:09 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hmm. I see this also, even with the latest version of GPMC on Windows 2003
Enterprise Server (RTM), but after installing hotfix 842933, the two missing
settings show up in the Group Policy Editor.

But, the corresponding version of the hotfix for Windows 2000 post SP3
(installed on a Windows 2000 Standard Server with SP4) DID NOT correct the
problem there.


--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.


"Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
>I just checked this out and found the same behavior on my Win2K machine
>when viewing an XP, SP2 policy--specifically those two Windows Firewall
>policies:
>
> Windows Firewall: Define program exceptions
> Windows Firewall: Define port exceptions
>
> do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
> that you've found. I can see no reason, in looking at the ADM file, why
> they should not appear. Maybe someone on this NG from Microsoft can check
> into it?
>
>
>
> --
> Darren Mar-Elia
> MS-MVP-Windows Server--Group Policy
> Check out http://www.gpoguy.com -- The Windows Group Policy Information
> Hub:
> FAQs, Whitepapers and Utilities for all things Group Policy-related
>
>
>
> "d mac" <dmac@discussions.microsoft.com> wrote in message
> news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
>> I'm glad I'm not the only one. I will definitely know if I find any
>> fixes.
>> For the time being, I'm enabling the policy through the workstation that
>> has
>> XP SP2 and it seems to be applying through the domain controllers,
>> however
>> the programs don't show up on the list in the Windows Firewall like I
>> would
>> expect. Can you see if this is the same experience for you? I'm
>> guessing
>> it's doing this because the policy isn't listed on the servers but still
>> affects the machines as a policy.
>>
>> d mac
>>
>>
>> "billj" wrote:
>>
>>> I've been facing the EXACT same issue since yesterday. If you come up
>>> with a
>>> solution, it would be great to post it here. I'll do the same.
>>>
>>> billj
>>>
>>> "d mac" wrote:
>>>
>>> > I imported the ADM files from the XP SP2 workstation and still some of
>>> > the
>>> > policies are missing (as mentioned below). I even imported the ADM
>>> > files
>>> > from the Microsoft website (at
>>> > http://www.microsoft.com/downloads/details.aspx?FamilyI...)
>>> > and still there are some missing.
>>> >
>>> > It seems like there might be certain policies that aren't compatible
>>> > with
>>> > Windows 2000 Server. Does anyone know what I should try next?
>>> >
>>> > Thanks,
>>> >
>>> > d mac
>>> >
>>> > "d mac" wrote:
>>> >
>>> > > Hi there,
>>> > >
>>> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
>>> > > workstation, so I haven't had any of the "The following entry in the
>>> > > [strings] section is too long and has been truncated" errors. But I
>>> > > still
>>> > > have the issue where not all the policies are showing up on the
>>> > > Windows 2000
>>> > > Server vs. the XP SP2 workstation. Is this a known issue?
>>> > >
>>> > > I will try Hunter's suggestion on manually importing the ADM files
>>> > > on the
>>> > > Windows 2000 server to see if that updates all the policies on the
>>> > > domain
>>> > > controllers to match the same amount showing on the XP SP2
>>> > > workstation.
>>> > >
>>> > > I'll let you know how it goes.
>>> > >
>>> > > Thanks
>>> > >
>>> > > d mac
>>> > >
>>> > > "Bruce Sanderson" wrote:
>>> > >
>>> > > > http://support.microsoft.com/?kbid=842933 documents this problem
>>> > > > and has a
>>> > > > patch available.
>>> > > >
>>> > > > --
>>> > > > Bruce Sanderson MVP
>>> > > >
>>> > > > It's perfectly useless to know the right answer to the wrong
>>> > > > question.
>>> > > >
>>> > > >
>>> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
>>> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
>>> > > > > You might try gathering up the XP .adm templates, copying
>>> > > > > them to temp folder on the 2000 DC. Then opening the A/D
>>> > > > > Group policy on the 2000 box right click on the
>>> > > > > Admisitrative templates container, choose add snap-in.
>>> > > > >
>>> > > > > It'll show the ones currently in use in the wnnt/inf
>>> > > > > folder, Browse over to the new ones in the temp folder
>>> > > > > and select add, it should ask you about overwriting etc.
>>> > > > >
>>> > > > > Choose yes.
>>> > > > >
>>> > > > > Once the new ones are copied in you will probably get a
>>> > > > > bunch messages stating the new ones are too long or
>>> > > > > something, but you'll have to hunt down an update for this
>>> > > > > I think I found it at microsoft tech experts page on XP,
>>> > > > > but it didn't seem to want to be found with search.
>>> > > > >
>>> > > > > Anyways, maybe that will help.
>>> > > > >
>>> > > > > Regards
>>> > > > >
>>> > > > > Hunter
>>> > > > >
>>> > > > >
>>> > > > >
>>> > > > >>-----Original Message-----
>>> > > > >>I updated our GPO on our Windows 2000 domain controllers
>>> > > > > with the latest ADM
>>> > > > >>files from XP SP2. I did this by opening up the GPO on a
>>> > > > > Windows XP Pro
>>> > > > >>workstation with SP2 and it automatically replicated the
>>> > > > > ADM files to our
>>> > > > >>domain controllers. See document at
>>> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
>>> > > > > tain/mangxpsp2/mngdepgp.mspx
>>> > > > >>
>>> > > > >>However, it seems like not all of the ADM files are
>>> > > > > replicating to the
>>> > > > >>Windows 2000 servers. For example, in the policy
>>> > > > > path "Administrative
>>> > > > >>Templates\Network\Network Connections\Windows
>>> > > > > Firewall\Domain Profile" there
>>> > > > >>are only 12 policies listed on the Windows 2000 Server
>>> > > > > but on the XP SP2 box,
>>> > > > >>there are 14 policies. The two that are missing are:
>>> > > > >>
>>> > > > >>Windows Firewall: Define program exceptions
>>> > > > >>Windows Firewall: Define port exceptions
>>> > > > >>
>>> > > > >>Is this by design or is there something wrong with the
>>> > > > > replication process?
>>> > > > >>It would be nice to be able to define program exceptions
>>> > > > > because there are a
>>> > > > >>couple programs within our environment that won't work
>>> > > > > unless we can exclude
>>> > > > >>them. It would be preferable to do this through GP
>>> > > > > instead of manually going
>>> > > > >>to each machine and defining the program exceptions.
>>> > > > >>
>>> > > > >>Thanks,
>>> > > > >>
>>> > > > >>d mac
>>> > > > >>.
>>> > > > >>
>>> > > >
>>> > > >
>>> > > >
>
>
Anonymous
November 19, 2004 1:53:50 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

See http://support.microsoft.com/?kbid=873449 for an explanation.

--
Bruce Sanderson MVP

It is perfectly useless to know the right answer to the wrong question.


"Bruce Sanderson" <Bruce.Sanderson@junk.junk> wrote in message
news:ur8oRrhwEHA.4004@tk2msftngp13.phx.gbl...
> Hmm. I see this also, even with the latest version of GPMC on Windows
> 2003 Enterprise Server (RTM), but after installing hotfix 842933, the two
> missing settings show up in the Group Policy Editor.
>
> But, the corresponding version of the hotfix for Windows 2000 post SP3
> (installed on a Windows 2000 Standard Server with SP4) DID NOT correct the
> problem there.
>
>
> --
> Bruce Sanderson MVP
>
> It's perfectly useless to know the right answer to the wrong question.
>
>
> "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
> news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
>>I just checked this out and found the same behavior on my Win2K machine
>>when viewing an XP, SP2 policy--specifically those two Windows Firewall
>>policies:
>>
>> Windows Firewall: Define program exceptions
>> Windows Firewall: Define port exceptions
>>
>> do not appear if I view the GPO from Win2K. Frankly, I think this is a
>> bug that you've found. I can see no reason, in looking at the ADM file,
>> why they should not appear. Maybe someone on this NG from Microsoft can
>> check into it?
>>
>>
>>
>> --
>> Darren Mar-Elia
>> MS-MVP-Windows Server--Group Policy
>> Check out http://www.gpoguy.com -- The Windows Group Policy Information
>> Hub:
>> FAQs, Whitepapers and Utilities for all things Group Policy-related
>>
>>
>>
>> "d mac" <dmac@discussions.microsoft.com> wrote in message
>> news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
>>> I'm glad I'm not the only one. I will definitely know if I find any
>>> fixes.
>>> For the time being, I'm enabling the policy through the workstation that
>>> has
>>> XP SP2 and it seems to be applying through the domain controllers,
>>> however
>>> the programs don't show up on the list in the Windows Firewall like I
>>> would
>>> expect. Can you see if this is the same experience for you? I'm
>>> guessing
>>> it's doing this because the policy isn't listed on the servers but still
>>> affects the machines as a policy.
>>>
>>> d mac
>>>
>>>
>>> "billj" wrote:
>>>
>>>> I've been facing the EXACT same issue since yesterday. If you come up
>>>> with a
>>>> solution, it would be great to post it here. I'll do the same.
>>>>
>>>> billj
>>>>
>>>> "d mac" wrote:
>>>>
>>>> > I imported the ADM files from the XP SP2 workstation and still some
>>>> > of the
>>>> > policies are missing (as mentioned below). I even imported the ADM
>>>> > files
>>>> > from the Microsoft website (at
>>>> > http://www.microsoft.com/downloads/details.aspx?FamilyI...)
>>>> > and still there are some missing.
>>>> >
>>>> > It seems like there might be certain policies that aren't compatible
>>>> > with
>>>> > Windows 2000 Server. Does anyone know what I should try next?
>>>> >
>>>> > Thanks,
>>>> >
>>>> > d mac
>>>> >
>>>> > "d mac" wrote:
>>>> >
>>>> > > Hi there,
>>>> > >
>>>> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
>>>> > > workstation, so I haven't had any of the "The following entry in
>>>> > > the
>>>> > > [strings] section is too long and has been truncated" errors. But
>>>> > > I still
>>>> > > have the issue where not all the policies are showing up on the
>>>> > > Windows 2000
>>>> > > Server vs. the XP SP2 workstation. Is this a known issue?
>>>> > >
>>>> > > I will try Hunter's suggestion on manually importing the ADM files
>>>> > > on the
>>>> > > Windows 2000 server to see if that updates all the policies on the
>>>> > > domain
>>>> > > controllers to match the same amount showing on the XP SP2
>>>> > > workstation.
>>>> > >
>>>> > > I'll let you know how it goes.
>>>> > >
>>>> > > Thanks
>>>> > >
>>>> > > d mac
>>>> > >
>>>> > > "Bruce Sanderson" wrote:
>>>> > >
>>>> > > > http://support.microsoft.com/?kbid=842933 documents this problem
>>>> > > > and has a
>>>> > > > patch available.
>>>> > > >
>>>> > > > --
>>>> > > > Bruce Sanderson MVP
>>>> > > >
>>>> > > > It's perfectly useless to know the right answer to the wrong
>>>> > > > question.
>>>> > > >
>>>> > > >
>>>> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
>>>> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
>>>> > > > > You might try gathering up the XP .adm templates, copying
>>>> > > > > them to temp folder on the 2000 DC. Then opening the A/D
>>>> > > > > Group policy on the 2000 box right click on the
>>>> > > > > Admisitrative templates container, choose add snap-in.
>>>> > > > >
>>>> > > > > It'll show the ones currently in use in the wnnt/inf
>>>> > > > > folder, Browse over to the new ones in the temp folder
>>>> > > > > and select add, it should ask you about overwriting etc.
>>>> > > > >
>>>> > > > > Choose yes.
>>>> > > > >
>>>> > > > > Once the new ones are copied in you will probably get a
>>>> > > > > bunch messages stating the new ones are too long or
>>>> > > > > something, but you'll have to hunt down an update for this
>>>> > > > > I think I found it at microsoft tech experts page on XP,
>>>> > > > > but it didn't seem to want to be found with search.
>>>> > > > >
>>>> > > > > Anyways, maybe that will help.
>>>> > > > >
>>>> > > > > Regards
>>>> > > > >
>>>> > > > > Hunter
>>>> > > > >
>>>> > > > >
>>>> > > > >
>>>> > > > >>-----Original Message-----
>>>> > > > >>I updated our GPO on our Windows 2000 domain controllers
>>>> > > > > with the latest ADM
>>>> > > > >>files from XP SP2. I did this by opening up the GPO on a
>>>> > > > > Windows XP Pro
>>>> > > > >>workstation with SP2 and it automatically replicated the
>>>> > > > > ADM files to our
>>>> > > > >>domain controllers. See document at
>>>> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
>>>> > > > > tain/mangxpsp2/mngdepgp.mspx
>>>> > > > >>
>>>> > > > >>However, it seems like not all of the ADM files are
>>>> > > > > replicating to the
>>>> > > > >>Windows 2000 servers. For example, in the policy
>>>> > > > > path "Administrative
>>>> > > > >>Templates\Network\Network Connections\Windows
>>>> > > > > Firewall\Domain Profile" there
>>>> > > > >>are only 12 policies listed on the Windows 2000 Server
>>>> > > > > but on the XP SP2 box,
>>>> > > > >>there are 14 policies. The two that are missing are:
>>>> > > > >>
>>>> > > > >>Windows Firewall: Define program exceptions
>>>> > > > >>Windows Firewall: Define port exceptions
>>>> > > > >>
>>>> > > > >>Is this by design or is there something wrong with the
>>>> > > > > replication process?
>>>> > > > >>It would be nice to be able to define program exceptions
>>>> > > > > because there are a
>>>> > > > >>couple programs within our environment that won't work
>>>> > > > > unless we can exclude
>>>> > > > >>them. It would be preferable to do this through GP
>>>> > > > > instead of manually going
>>>> > > > >>to each machine and defining the program exceptions.
>>>> > > > >>
>>>> > > > >>Thanks,
>>>> > > > >>
>>>> > > > >>d mac
>>>> > > > >>.
>>>> > > > >>
>>>> > > >
>>>> > > >
>>>> > > >
>>
>>
>
>
Anonymous
November 19, 2004 1:57:50 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

PS: a link to http://support.microsoft.com/?kbid=873449 has been added to KB
article 842933 (right near the end under More Information).

--
Bruce Sanderson MVP

It is perfectly useless to know the right answer to the wrong question.


"Bruce Sanderson" <Bruce.Sanderson@junk.junk> wrote in message
news:ur8oRrhwEHA.4004@tk2msftngp13.phx.gbl...
> Hmm. I see this also, even with the latest version of GPMC on Windows
> 2003 Enterprise Server (RTM), but after installing hotfix 842933, the two
> missing settings show up in the Group Policy Editor.
>
> But, the corresponding version of the hotfix for Windows 2000 post SP3
> (installed on a Windows 2000 Standard Server with SP4) DID NOT correct the
> problem there.
>
>
> --
> Bruce Sanderson MVP
>
> It's perfectly useless to know the right answer to the wrong question.
>
>
> "Darren Mar-Elia" <dmanonymous@discussions.microsoft.com> wrote in message
> news:eBF6L6dpEHA.3592@TK2MSFTNGP14.phx.gbl...
>>I just checked this out and found the same behavior on my Win2K machine
>>when viewing an XP, SP2 policy--specifically those two Windows Firewall
>>policies:
>>
>> Windows Firewall: Define program exceptions
>> Windows Firewall: Define port exceptions
>>
>> do not appear if I view the GPO from Win2K. Frankly, I think this is a
>> bug that you've found. I can see no reason, in looking at the ADM file,
>> why they should not appear. Maybe someone on this NG from Microsoft can
>> check into it?
>>
>>
>>
>> --
>> Darren Mar-Elia
>> MS-MVP-Windows Server--Group Policy
>> Check out http://www.gpoguy.com -- The Windows Group Policy Information
>> Hub:
>> FAQs, Whitepapers and Utilities for all things Group Policy-related
>>
>>
>>
>> "d mac" <dmac@discussions.microsoft.com> wrote in message
>> news:5B50E731-E7C6-4743-A926-7B57C9A4B775@microsoft.com...
>>> I'm glad I'm not the only one. I will definitely know if I find any
>>> fixes.
>>> For the time being, I'm enabling the policy through the workstation that
>>> has
>>> XP SP2 and it seems to be applying through the domain controllers,
>>> however
>>> the programs don't show up on the list in the Windows Firewall like I
>>> would
>>> expect. Can you see if this is the same experience for you? I'm
>>> guessing
>>> it's doing this because the policy isn't listed on the servers but still
>>> affects the machines as a policy.
>>>
>>> d mac
>>>
>>>
>>> "billj" wrote:
>>>
>>>> I've been facing the EXACT same issue since yesterday. If you come up
>>>> with a
>>>> solution, it would be great to post it here. I'll do the same.
>>>>
>>>> billj
>>>>
>>>> "d mac" wrote:
>>>>
>>>> > I imported the ADM files from the XP SP2 workstation and still some
>>>> > of the
>>>> > policies are missing (as mentioned below). I even imported the ADM
>>>> > files
>>>> > from the Microsoft website (at
>>>> > http://www.microsoft.com/downloads/details.aspx?FamilyI...)
>>>> > and still there are some missing.
>>>> >
>>>> > It seems like there might be certain policies that aren't compatible
>>>> > with
>>>> > Windows 2000 Server. Does anyone know what I should try next?
>>>> >
>>>> > Thanks,
>>>> >
>>>> > d mac
>>>> >
>>>> > "d mac" wrote:
>>>> >
>>>> > > Hi there,
>>>> > >
>>>> > > I downloaded the 842933 patch before opening the GPO on the XP SP2
>>>> > > workstation, so I haven't had any of the "The following entry in
>>>> > > the
>>>> > > [strings] section is too long and has been truncated" errors. But
>>>> > > I still
>>>> > > have the issue where not all the policies are showing up on the
>>>> > > Windows 2000
>>>> > > Server vs. the XP SP2 workstation. Is this a known issue?
>>>> > >
>>>> > > I will try Hunter's suggestion on manually importing the ADM files
>>>> > > on the
>>>> > > Windows 2000 server to see if that updates all the policies on the
>>>> > > domain
>>>> > > controllers to match the same amount showing on the XP SP2
>>>> > > workstation.
>>>> > >
>>>> > > I'll let you know how it goes.
>>>> > >
>>>> > > Thanks
>>>> > >
>>>> > > d mac
>>>> > >
>>>> > > "Bruce Sanderson" wrote:
>>>> > >
>>>> > > > http://support.microsoft.com/?kbid=842933 documents this problem
>>>> > > > and has a
>>>> > > > patch available.
>>>> > > >
>>>> > > > --
>>>> > > > Bruce Sanderson MVP
>>>> > > >
>>>> > > > It's perfectly useless to know the right answer to the wrong
>>>> > > > question.
>>>> > > >
>>>> > > >
>>>> > > > "Hunter" <anonymous@discussions.microsoft.com> wrote in message
>>>> > > > news:1b9601c4a1a0$6a628fa0$a401280a@phx.gbl...
>>>> > > > > You might try gathering up the XP .adm templates, copying
>>>> > > > > them to temp folder on the 2000 DC. Then opening the A/D
>>>> > > > > Group policy on the 2000 box right click on the
>>>> > > > > Admisitrative templates container, choose add snap-in.
>>>> > > > >
>>>> > > > > It'll show the ones currently in use in the wnnt/inf
>>>> > > > > folder, Browse over to the new ones in the temp folder
>>>> > > > > and select add, it should ask you about overwriting etc.
>>>> > > > >
>>>> > > > > Choose yes.
>>>> > > > >
>>>> > > > > Once the new ones are copied in you will probably get a
>>>> > > > > bunch messages stating the new ones are too long or
>>>> > > > > something, but you'll have to hunt down an update for this
>>>> > > > > I think I found it at microsoft tech experts page on XP,
>>>> > > > > but it didn't seem to want to be found with search.
>>>> > > > >
>>>> > > > > Anyways, maybe that will help.
>>>> > > > >
>>>> > > > > Regards
>>>> > > > >
>>>> > > > > Hunter
>>>> > > > >
>>>> > > > >
>>>> > > > >
>>>> > > > >>-----Original Message-----
>>>> > > > >>I updated our GPO on our Windows 2000 domain controllers
>>>> > > > > with the latest ADM
>>>> > > > >>files from XP SP2. I did this by opening up the GPO on a
>>>> > > > > Windows XP Pro
>>>> > > > >>workstation with SP2 and it automatically replicated the
>>>> > > > > ADM files to our
>>>> > > > >>domain controllers. See document at
>>>> > > > >>http://www.microsoft.com/technet/prodtechnol/winxppro/m...
>>>> > > > > tain/mangxpsp2/mngdepgp.mspx
>>>> > > > >>
>>>> > > > >>However, it seems like not all of the ADM files are
>>>> > > > > replicating to the
>>>> > > > >>Windows 2000 servers. For example, in the policy
>>>> > > > > path "Administrative
>>>> > > > >>Templates\Network\Network Connections\Windows
>>>> > > > > Firewall\Domain Profile" there
>>>> > > > >>are only 12 policies listed on the Windows 2000 Server
>>>> > > > > but on the XP SP2 box,
>>>> > > > >>there are 14 policies. The two that are missing are:
>>>> > > > >>
>>>> > > > >>Windows Firewall: Define program exceptions
>>>> > > > >>Windows Firewall: Define port exceptions
>>>> > > > >>
>>>> > > > >>Is this by design or is there something wrong with the
>>>> > > > > replication process?
>>>> > > > >>It would be nice to be able to define program exceptions
>>>> > > > > because there are a
>>>> > > > >>couple programs within our environment that won't work
>>>> > > > > unless we can exclude
>>>> > > > >>them. It would be preferable to do this through GP
>>>> > > > > instead of manually going
>>>> > > > >>to each machine and defining the program exceptions.
>>>> > > > >>
>>>> > > > >>Thanks,
>>>> > > > >>
>>>> > > > >>d mac
>>>> > > > >>.
>>>> > > > >>
>>>> > > >
>>>> > > >
>>>> > > >
>>
>>
>
>
!