[gptalk] Re: Domain controller firewall setttings...

  • From: "Michael Pietrzak" <mpietrzak@xxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 17 Nov 2006 22:26:53 -0800


Wow, this is really wierd. Well, on my home domain, adding in my domain to the 
DNS connection suffix did not make a difference. I took the following steps...

1. I was able to replicate here at home. Create a new GPO at the domain 
controller OU. In the standard profile, enabled the firewall, gpudpate, reboot, 
the firewall was on. Then I turned it off.
2. Tried to do the same with the domain profile and as expected, no joy. The 
firewall did not turn on when set to enabled in the domain profile.

3. In my TCP\IP settings, I added my domain suffix to both the "DNS suffix for 
this connection:" and Append these DNS suffixes in order. Tried again with the 
GPO enabling the firewall with the domain profile and again, nothing.

Well, at least I am able to replicate it. As best as I can tell, adding the DNS 
suffix on my DC made no change. Did it work for you in that manner?

Thanks again,


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx on behalf of Darren Mar-Elia
Sent: Fri 11/17/2006 4:04 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Domain controller firewall setttings...
Tell him to make sure he has a DNS connection suffix set on the DC's
TCP/IP properties. I'll bet its blank now. That will probably get him the 
domain profile.

The Hauppage card is great! Thanks again. I'm using it wth Vista MCE and it 
-----Original Message-----
From: "Michael Pietrzak" <mpietrzak@xxxxxxxxxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx
Sent: 11/17/2006 3:49 PM
Subject: [gptalk] Re: Domain controller firewall setttings...

HI Darren,
He indicates that he has a new GPO liked at the domain controllers OU.
He has not modified the default domain controller gpo. In his new GPO,
when he sets it for "domain profile", the settings do not take hold on
the DC. But, when he sets the profile to Standard, they are applied.
Not sure if he can change them locally when he states the settings are
applied. I will ask now.
ps, how is your happaugue card working out?


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Friday, November 17, 2006 3:40 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Domain controller firewall setttings...

Normally when you deliver WF settings via Group Policy, the ability to
manually change the firewall settings at the client machine is grayed
out (i.e. unavailable) regardless of which profile is in effect. It
sounds like you're saying that is only true if the DC is operating in
domain profile mode. But, when a standard profile is detected, he is
able to change them locally? Correct? 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Pietrzak
Sent: Friday, November 17, 2006 2:19 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Domain controller firewall setttings...

A co-worker of mine is trying to control his domain controllers firewall
settings via group policies. He has enabled the server 2003 firewall and
is unable to modify the DC's firewall settings when the policy is set at
"domain profile". He is able to modify the firewall when it is set to
standard profile.
Has anyone seen anything like this before and\or can anyone confirm if
this is standard?
Michael Pietrzak

[truncated by sender]
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/

Other related posts: