Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows VistaWindows XPWindows MeWindows 98Windows 95Virtual PCInternet ExplorerOutlook ExpressWindows MediaSecurity
Related Topics
MS Server ProductsMS OfficePC HardwareMore Topics ...
Windows Forum / Windows XP / Security and Administration / January 2005

Tip: Looking for answers? Try searching our database.

NT 4.0 domain connected PC's use non-domain firewall settings

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
NetPIP - 31 Jan 2005 15:41 GMT
When we enable Windows Firewall on PC connected to our NT 4.0 domain, it uses
the non-domain settings.  How does Windows Firewall determine if it is
connected to a domain?  We have tested this on 5 different PC's with the same
results.  We are using WINS and DNS (running on NT4 servers).
Reply to this Message
Torgeir Bakken \(MVP\) - 31 Jan 2005 19:21 GMT
> When we enable Windows Firewall on PC connected to our NT 4.0 domain, it uses
> the non-domain settings.  How does Windows Firewall determine if it is
> connected to a domain?  We have tested this on 5 different PC's with the same
> results.  We are using WINS and DNS (running on NT4 servers).
Hi

The domain profile is only activated if you run a Active Directory
domain.

Here is how the SP2 firewall determines if it is to activate
the domain or standard profile:

If last-received Group Policy update DNS name match any of the
connection-specific DNS suffixes of the currently connected
connections (not PPP or SLIP-based) on the computer the FW's
domain settings will be used. There is no way to change this
behavior.

From
The Cable Guy - May 2004
Network Determination Behavior for Network-Related Group Policy Settings
http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx

<quote>
To apply this behavior to Windows Firewall settings:

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based (such as
an Ethernet or 802.11 wireless network adapter) matches the value
of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the domain profile.

() If the connection-specific DNS suffix of a currently connected
connection on the computer that is not PPP or SLIP-based does not
match the value of the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group
Policy\History\NetworkName registry entry, Windows Firewall uses
the standard profile.

You can determine the connection-specific DNS suffixes of the
currently connected connections on the computer from the display
of the ipconfig command issued from a command prompt.

</quote>

Read the Cable Guy article for more about this.

Signature

torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

Reply to this Message
NetPIP - 31 Jan 2005 20:13 GMT
Torgeir,

Thanks for your help.  That's what I needed to know.

"Torgeir Bakken (MVP)" wrote:

> > When we enable Windows Firewall on PC connected to our NT 4.0 domain, it uses
> > the non-domain settings.  How does Windows Firewall determine if it is
[quoted text clipped - 44 lines]
>
> Read the Cable Guy article for more about this.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.