[gptalk] Re: Group Policy and Vista Firewall

  • From: "Jason Williams" <jasonwilliams74@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Tue, 11 Sep 2007 14:09:47 -0700

Hi Omar,

The problems we are having is that we can not start the Vista Firewall. Just
fails. yet, if we take a computer out of the domain, firewall starts up. My
conclusion is that the GPO was causing the issue.

Basically, i've been working to try and clear up the GPO's here and make
them more efficient. Right now, they hvae the GPO's to allow RDP access to
XP machines as well as a few other exceptions to access the machines. It
does not really sit well with me that it is a "broad" brush stroke at the
domain level with this policy.

I'll recreating the policy on a Vista machine, see if that does anything.

for the WMI portion, I can actually specifiy "Microsoft Windows XP
After I posted my thread, I thought, "It would be better if I specifically
indicated a OS. More specific.



On 9/11/07, Omar Droubi <omar@xxxxxxxxxxxxxxxxxxxxx> wrote:
>  Well 1st- what issues are you having with the GPO and Vista?
> 2nd- What exactly are you doing in your FW policy? Just curious since it
> applying to all workstations and servers on your network
> 3rd- If placing the FW GPO is correct at the domain level, log on to the
> Vista machine, open GPMC and create the a new policy with the same settings
> and replace the existing one.
> Policies created on Vista workstations will be backward compatible as far
> as functionality goes- but you should not administer those policies using GP
> editor or GPMC from any other operating system except vista and Windows
> Server 2008.
> Creating the GPO on Vista may help resolve any compatibility issues you
> are having on the vista workstations- and it should continue to work on the
> XP machines as you have in place with the current policy.
> As far as WMI filter goes- I have had better luck with inclusions rather
> than exclusions. I would do something like:
> "Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP
> Professional"
> Hope that helps,
> Omar
> ------------------------------
> *From:* gptalk-bounce@xxxxxxxxxxxxx on behalf of Jason Williams
> *Sent:* Tue 9/11/2007 1:23 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Group Policy and Vista Firewall
>  I seem to be having some issues with Vista and Group Policy. Looking at
> the policy in place, we have a Windows XP Firewall policy applied at the
> root of the domain. Not sure if that is the best way to apply, so im looking
> for alternatives.
> I thought about making a WMI filter to make this Group Policy only be
> applied to XP machines. Would that be a viable option? Here is what I have
> for my filter (Still learning on how to make WMI filters and script as well)
> root\CIMv2
> SELECT * FROM Win32_OperatingSystem WHERE BuildNumber !="6000"
> I was thinking to, can I make this better?
> I appreciate the help.
> Jason

Other related posts: