The kb talks about configuring the RPC filter for a particular rule. What if I uncheck it in system policy configuration, under Authentication, Active Directory. Will this disable it for all rules since System Policy is higher up than Firewall Policy? Obviously I'm not getting how changing this setting in System Policy effects my RPC settings in firewall policy rules where I can still, say in the Internet access rule, have enforce strict RPC compliance checked even though in system policy it's unchecked. What's the interaction? Or is there any? Amy Harbor Computer Services Small Business Computer Specialists Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/ -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 8:07 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org http://support.microsoft.com/default.aspx?scid=kb;en-us;833704 talks about it a little. So long as you're not server publishing RPC (Exch MAPI), you haven't exposed your workstations to anything except the ISA itself. -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 2:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Restart a PC from the server. With Enforce Strict RPC Compliance checked in system policy you cannot remotely reboot a PC. If you uncheck it you can. PSS recommended unchecking it but I'm wondering what the security consequences are beyond you can now remotely reboot a PC. Amy ________________________________ From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Wednesday, September 14, 2005 5:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org I'm not understanding....you need to restart a pc, or you need to restart the sbs server. Or you need to restart a pc from the SBS server? S ________________________________ From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 6:08 PM To: ISA Mailing List Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org Yes, but if I uncheck that box, then I can bring down RPC. ________________________________ From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Wednesday, September 14, 2005 4:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Enforce Strict RPC Compliance Definition http://www.ISAserver.org I don't think so, because the workstation booted because you could bring down RPC, right? Since that's corrected there's no need to worry. Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. >>> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx 14/9/2005 17:41 >>> http://www.ISAserver.org In system policy if I uncheck Enforce strict RPC compliance, I'm told that you can now remotely shut down workstations. What else have I opened my workstations up to? Blaster? Amy Harbor Computer Services Small Business Computer Specialists Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp <http://www.isaserver.org/pages/newsletterasp> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ________________________________ The correct technical term for haggis stalking is "havering". <http://haggishunt.scotsman.com/haggisclopedia.cfm?part=5> ________________________________ All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx