[gptalk] Re: Group Policy and Vista Firewall

  • From: "Jason Williams" <jasonwilliams74@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Thu, 13 Sep 2007 12:46:09 -0700

As far as the AV interacting with the software, not to my knowledge. We are
using Symantec Corporate, I believe 10.2.

Besides that, the all the other policies appear to be fine.

Thanks for the help.

Jason

On 9/13/07, Omar Droubi <omar@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
>  Jason,
>
>
>
> By any chance does the workstation antivirus software have any interaction
> with the firewall?  If so I would try the policy on a clean Vista machine
> with AV just to  get a controlled test to isolate the policy versus the
> desktop configuration
>
>
>
> Every other policy is getting applied fine to the Vista workstations?
>
>
>
>
>
>
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jason Williams
> *Sent:* Thursday, September 13, 2007 11:37 AM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Group Policy and Vista Firewall
>
>
>
> Looks like, even after recreating the policy on a Vista machine, still
> causes a problem. Its weird. I disable the Firewall policy, I can start the
> firewall on Vista. I enable it, it throws an errors.
>
> My next step would be to apply a WMI filter so the policy is only applied
> to XP machines (probably not a bad idea anyway).
>
>
>
> So just use:
>
>
>
> SELECT * from Win32_OperatingSystem WHERE Caption LIKE "%Microsoft Windows
> XP%"
>
>
>
> Should do the trick, correct?
>
>
>
> Thanks.
>
>
> JW
>
>
>
> On 9/11/07, *Delaney, Doug* <doug.delaney@xxxxxxx> wrote:
>
> For the WMI portion, I certainly prefer the Like "% Windows XP%" method
> since professional is spelled differently in some languages.
>
>
>
> working examples.
>
> SELECT * from Win32_OperatingSystem WHERE Caption LIKE "Microsoft Windows
> XP%"
>
> SELECT * from Win32_OperatingSystem WHERE Caption LIKE "%Windows Vista%"
>
>
>
> *Doug Delaney*
> EDS - Integration Engineering-GM
> GM Desktop Engineering
> 1075 W. Entrance Dr., MS 2B, Cube 2130
> Auburn Hills, MI 48326
> Lab:* **248-365-9187*
> Tel: 248-754-7917
> Pg: 248-870-0306 pager
> Mail: Doug.Delaney@xxxxxxx
> Note: The information in this email is intended solely for the addressee.
> Access to this email by anyone else is unauthorized. If you are not the
> intended recipient, any disclosure, copying, distribution or any action
> taken or omitted to be taken in reliance on it is prohibited.
>
>
>
>
>  ------------------------------
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto: gptalk-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *Jason Williams
> *Sent:* Tuesday, September 11, 2007 5:10 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Group Policy and Vista Firewall
>
>
>
> Hi Omar,
>
>
>
> The problems we are having is that we can not start the Vista Firewall.
> Just fails. yet, if we take a computer out of the domain, firewall starts
> up. My conclusion is that the GPO was causing the issue.
>
>
>
> Basically, i've been working to try and clear up the GPO's here and make
> them more efficient. Right now, they hvae the GPO's to allow RDP access to
> XP machines as well as a few other exceptions to access the machines. It
> does not really sit well with me that it is a "broad" brush stroke at the
> domain level with this policy.
>
>
>
> I'll recreating the policy on a Vista machine, see if that does anything.
>
>
>
> for the WMI portion, I can actually specifiy "Microsoft Windows XP
> Professional?"
> After I posted my thread, I thought, "It would be better if I specifically
> indicated a OS. More specific.
>
>
> Thanks.
>
>
> Jason
>
>
>
> On 9/11/07, *Omar Droubi* <omar@xxxxxxxxxxxxxxxxxxxxx > wrote:
>
> Well 1st- what issues are you having with the GPO and Vista?
>
>
>
> 2nd- What exactly are you doing in your FW policy? Just curious since it
> applying to all workstations and servers on your network
>
>
>
> 3rd- If placing the FW GPO is correct at the domain level, log on to the
> Vista machine, open GPMC and create the a new policy with the same settings
> and replace the existing one.
>
>
>
> Policies created on Vista workstations will be backward compatible as far
> as functionality goes- but you should not administer those policies using GP
> editor or GPMC from any other operating system except vista and Windows
> Server 2008.
>
>
> Creating the GPO on Vista may help resolve any compatibility issues you
> are having on the vista workstations- and it should continue to work on the
> XP machines as you have in place with the current policy.
>
>
>
> As far as WMI filter goes- I have had better luck with inclusions rather
> than exclusions. I would do something like:
>
>
>
> "Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP
> Professional"
>
>
>
> Hope that helps,
>
>
>
> Omar
>
>
>  ------------------------------
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx on behalf of Jason Williams
> *Sent:* Tue 9/11/2007 1:23 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Group Policy and Vista Firewall
>
>
>
> I seem to be having some issues with Vista and Group Policy. Looking at
> the policy in place, we have a Windows XP Firewall policy applied at the
> root of the domain. Not sure if that is the best way to apply, so im looking
> for alternatives.
>
>
>
> I thought about making a WMI filter to make this Group Policy only be
> applied to XP machines. Would that be a viable option? Here is what I have
> for my filter (Still learning on how to make WMI filters and script as well)
>
>
>
>
> root\CIMv2
>
>
>
> SELECT * FROM Win32_OperatingSystem WHERE BuildNumber !="6000"
>
>
>
> I was thinking to, can I make this better?
>
>
> I appreciate the help.
>
>
>
> Jason
>
>
>
>
>

Other related posts: