Well, just applied the WMI filter and that seemed to fix it. Starts up fine now. On 9/13/07, Jason Williams <jasonwilliams74@xxxxxxxxx> wrote: > > As far as the AV interacting with the software, not to my knowledge. We > are using Symantec Corporate, I believe 10.2. > > Besides that, the all the other policies appear to be fine. > > Thanks for the help. > > Jason > > On 9/13/07, Omar Droubi <omar@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > > Jason, > > > > > > > > By any chance does the workstation antivirus software have any > > interaction with the firewall? If so I would try the policy on a clean > > Vista machine with AV just to get a controlled test to isolate the policy > > versus the desktop configuration > > > > > > > > Every other policy is getting applied fine to the Vista workstations? > > > > > > > > > > > > > > > > > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > *On Behalf Of *Jason Williams > > *Sent:* Thursday, September 13, 2007 11:37 AM > > *To:* gptalk@xxxxxxxxxxxxx > > *Subject:* [gptalk] Re: Group Policy and Vista Firewall > > > > > > > > Looks like, even after recreating the policy on a Vista machine, still > > causes a problem. Its weird. I disable the Firewall policy, I can start the > > firewall on Vista. I enable it, it throws an errors. > > > > My next step would be to apply a WMI filter so the policy is only > > applied to XP machines (probably not a bad idea anyway). > > > > > > > > So just use: > > > > > > > > SELECT * from Win32_OperatingSystem WHERE Caption LIKE "%Microsoft > > Windows XP%" > > > > > > > > Should do the trick, correct? > > > > > > > > Thanks. > > > > > > JW > > > > > > > > On 9/11/07, *Delaney, Doug* <doug.delaney@xxxxxxx> wrote: > > > > For the WMI portion, I certainly prefer the Like "% Windows XP%" method > > since professional is spelled differently in some languages. > > > > > > > > working examples. > > > > SELECT * from Win32_OperatingSystem WHERE Caption LIKE "Microsoft > > Windows XP%" > > > > SELECT * from Win32_OperatingSystem WHERE Caption LIKE "%Windows Vista%" > > > > > > > > > > *Doug Delaney* > > EDS - Integration Engineering-GM > > GM Desktop Engineering > > 1075 W. Entrance Dr., MS 2B, Cube 2130 > > Auburn Hills, MI 48326 > > Lab:* **248-365-9187* > > Tel: 248-754-7917 > > Pg: 248-870-0306 pager > > Mail: Doug.Delaney@xxxxxxx > > Note: The information in this email is intended solely for the > > addressee. Access to this email by anyone else is unauthorized. If you are > > not the intended recipient, any disclosure, copying, distribution or any > > action taken or omitted to be taken in reliance on it is prohibited. > > > > > > > > > > ------------------------------ > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto: gptalk-bounce@xxxxxxxxxxxxx] > > *On Behalf Of *Jason Williams > > *Sent:* Tuesday, September 11, 2007 5:10 PM > > *To:* gptalk@xxxxxxxxxxxxx > > *Subject:* [gptalk] Re: Group Policy and Vista Firewall > > > > > > > > Hi Omar, > > > > > > > > The problems we are having is that we can not start the Vista Firewall. > > Just fails. yet, if we take a computer out of the domain, firewall starts > > up. My conclusion is that the GPO was causing the issue. > > > > > > > > Basically, i've been working to try and clear up the GPO's here and make > > them more efficient. Right now, they hvae the GPO's to allow RDP access to > > XP machines as well as a few other exceptions to access the machines. It > > does not really sit well with me that it is a "broad" brush stroke at the > > domain level with this policy. > > > > > > > > I'll recreating the policy on a Vista machine, see if that does > > anything. > > > > > > > > for the WMI portion, I can actually specifiy "Microsoft Windows XP > > Professional?" > > After I posted my thread, I thought, "It would be better if I > > specifically indicated a OS. More specific. > > > > > > Thanks. > > > > > > Jason > > > > > > > > On 9/11/07, *Omar Droubi* <omar@xxxxxxxxxxxxxxxxxxxxx > wrote: > > > > Well 1st- what issues are you having with the GPO and Vista? > > > > > > > > 2nd- What exactly are you doing in your FW policy? Just curious since it > > applying to all workstations and servers on your network > > > > > > > > 3rd- If placing the FW GPO is correct at the domain level, log on to the > > Vista machine, open GPMC and create the a new policy with the same settings > > and replace the existing one. > > > > > > > > Policies created on Vista workstations will be backward compatible as > > far as functionality goes- but you should not administer those policies > > using GP editor or GPMC from any other operating system except vista and > > Windows Server 2008. > > > > > > Creating the GPO on Vista may help resolve any compatibility issues you > > are having on the vista workstations- and it should continue to work on the > > XP machines as you have in place with the current policy. > > > > > > > > As far as WMI filter goes- I have had better luck with inclusions rather > > than exclusions. I would do something like: > > > > > > > > "Select * from Win32_OperatingSystem where Caption = "Microsoft Windows > > XP Professional" > > > > > > > > Hope that helps, > > > > > > > > Omar > > > > > > ------------------------------ > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx on behalf of Jason Williams > > *Sent:* Tue 9/11/2007 1:23 PM > > *To:* gptalk@xxxxxxxxxxxxx > > *Subject:* [gptalk] Group Policy and Vista Firewall > > > > > > > > I seem to be having some issues with Vista and Group Policy. Looking at > > the policy in place, we have a Windows XP Firewall policy applied at the > > root of the domain. Not sure if that is the best way to apply, so im looking > > for alternatives. > > > > > > > > I thought about making a WMI filter to make this Group Policy only be > > applied to XP machines. Would that be a viable option? Here is what I have > > for my filter (Still learning on how to make WMI filters and script as well) > > > > > > > > > > root\CIMv2 > > > > > > > > SELECT * FROM Win32_OperatingSystem WHERE BuildNumber !="6000" > > > > > > > > I was thinking to, can I make this better? > > > > > > I appreciate the help. > > > > > > > > Jason > > > > > > > > > > > >