[gptalk] Re: Group Policy and Vista Firewall

• From: "Jason Williams" <jasonwilliams74@xxxxxxxxx>
• To: gptalk@xxxxxxxxxxxxx
• Date: Thu, 13 Sep 2007 11:36:58 -0700

Looks like, even after recreating the policy on a Vista machine, still
causes a problem. Its weird. I disable the Firewall policy, I can start the
firewall on Vista. I enable it, it throws an errors.
My next step would be to apply a WMI filter so the policy is only applied to
XP machines (probably not a bad idea anyway).

So just use:

SELECT * from Win32_OperatingSystem WHERE Caption LIKE "%Microsoft Windows
XP%"

Should do the trick, correct?

Thanks.

JW


On 9/11/07, Delaney, Doug <doug.delaney@xxxxxxx> wrote:
>
>  For the WMI portion, I certainly prefer the Like "%Windows XP%" method
> since professional is spelled differently in some languages.
>
> working examples.
> SELECT * from Win32_OperatingSystem WHERE Caption LIKE "Microsoft Windows
> XP%"
> SELECT * from Win32_OperatingSystem WHERE Caption LIKE "%Windows Vista%"
>
>
> *Doug Delaney***
> EDS - Integration Engineering-GM
> GM Desktop Engineering
> 1075 W. Entrance Dr., MS 2B, Cube 2130
> Auburn Hills, MI 48326
> Lab:*** 248-365-9187***
> Tel: 248-754-7917
> Pg: 248-870-0306 pager
> Mail: ***Doug.Delaney@xxxxxxx* <Doug.Delaney@xxxxxxx>
> Note: The information in this email is intended solely for the addressee.
> Access to this email by anyone else is unauthorized. If you are not the
> intended recipient, any disclosure, copying, distribution or any action
> taken or omitted to be taken in reliance on it is prohibited.
>
>
>  ------------------------------
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jason Williams
> *Sent:* Tuesday, September 11, 2007 5:10 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Group Policy and Vista Firewall
>
>
>  Hi Omar,
>
> The problems we are having is that we can not start the Vista Firewall.
> Just fails. yet, if we take a computer out of the domain, firewall starts
> up. My conclusion is that the GPO was causing the issue.
>
> Basically, i've been working to try and clear up the GPO's here and make
> them more efficient. Right now, they hvae the GPO's to allow RDP access to
> XP machines as well as a few other exceptions to access the machines. It
> does not really sit well with me that it is a "broad" brush stroke at the
> domain level with this policy.
>
> I'll recreating the policy on a Vista machine, see if that does anything.
>
> for the WMI portion, I can actually specifiy "Microsoft Windows XP
> Professional?"
> After I posted my thread, I thought, "It would be better if I specifically
> indicated a OS. More specific.
>
> Thanks.
>
> Jason
>
>
> On 9/11/07, Omar Droubi <omar@xxxxxxxxxxxxxxxxxxxxx> wrote:
> >
> >  Well 1st- what issues are you having with the GPO and Vista?
> >
> > 2nd- What exactly are you doing in your FW policy? Just curious since it
> > applying to all workstations and servers on your network
> >
> > 3rd- If placing the FW GPO is correct at the domain level, log on to the
> > Vista machine, open GPMC and create the a new policy with the same settings
> > and replace the existing one.
> >
> > Policies created on Vista workstations will be backward compatible as
> > far as functionality goes- but you should not administer those policies
> > using GP editor or GPMC from any other operating system except vista and
> > Windows Server 2008.
> >
> > Creating the GPO on Vista may help resolve any compatibility issues you
> > are having on the vista workstations- and it should continue to work on the
> > XP machines as you have in place with the current policy.
> >
> > As far as WMI filter goes- I have had better luck with inclusions rather
> > than exclusions. I would do something like:
> >
> > "Select * from Win32_OperatingSystem where Caption = "Microsoft Windows
> > XP Professional"
> >
> > Hope that helps,
> >
> > Omar
> >
> > ------------------------------
> > *From:* gptalk-bounce@xxxxxxxxxxxxx on behalf of Jason Williams
> > *Sent:* Tue 9/11/2007 1:23 PM
> > *To:* gptalk@xxxxxxxxxxxxx
> > *Subject:* [gptalk] Group Policy and Vista Firewall
> >
> >
> >  I seem to be having some issues with Vista and Group Policy. Looking at
> > the policy in place, we have a Windows XP Firewall policy applied at the
> > root of the domain. Not sure if that is the best way to apply, so im looking
> > for alternatives.
> >
> > I thought about making a WMI filter to make this Group Policy only be
> > applied to XP machines. Would that be a viable option? Here is what I have
> > for my filter (Still learning on how to make WMI filters and script as well)
> >
> >
> > root\CIMv2
> >
> > SELECT * FROM Win32_OperatingSystem WHERE BuildNumber !="6000"
> >
> > I was thinking to, can I make this better?
> >
> > I appreciate the help.
> >
> > Jason
> >
>
>

• Follow-Ups:
  • [gptalk] Re: Group Policy and Vista Firewall
    • From: Omar Droubi

• References:
  • [gptalk] Group Policy and Vista Firewall
    • From: Jason Williams
  • [gptalk] Re: Group Policy and Vista Firewall
    • From: Omar Droubi
  • [gptalk] Re: Group Policy and Vista Firewall
    • From: Jason Williams
  • [gptalk] Re: Group Policy and Vista Firewall
    • From: Delaney, Doug

Other related posts:

• » [gptalk] Group Policy and Vista Firewall
• » [gptalk] Re: Group Policy and Vista Firewall
• » [gptalk] Re: Group Policy and Vista Firewall
• » [gptalk] Re: Group Policy and Vista Firewall
• » [gptalk] Re: Group Policy and Vista Firewall
• » [gptalk] Re: Group Policy and Vista Firewall
• » [gptalk] Re: Group Policy and Vista Firewall
• » [gptalk] Re: Group Policy and Vista Firewall

1. Home
2. gptalk
3. Archive
4. 09-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---