I have Windows 2000 DCs and Windows XP Pro SP2 clients. Can GPO on AD
control Windows Firewall Settings?

yes. You need to use the proper adm files:
http://download.microsoft.com/downlo...c#_Toc85246651

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader...lt2.asp?ref=au

"MA P" <(E-Mail Removed)> wrote in message
news:%23Y5yrg$(E-Mail Removed)...
>I have Windows 2000 DCs and Windows XP Pro SP2 clients. Can GPO on AD
>control Windows Firewall Settings?
>

I cant understand, I need to include new adm that is included on winxpsp2
machine?

"Andrei Ungureanu [MVP]" <contact me via www.itboard.ro> wrote in message
news:ux$(E-Mail Removed)...
> yes. You need to use the proper adm files:
> http://download.microsoft.com/downlo...c#_Toc85246651
>
> --
> Regards,
> Andrei Ungureanu
> www.eventid.net
> Test our new EventReader!
> http://www.altairtech.ca/eventreader...lt2.asp?ref=au
>
> "MA P" <(E-Mail Removed)> wrote in message
> news:%23Y5yrg$(E-Mail Removed)...
>>I have Windows 2000 DCs and Windows XP Pro SP2 clients. Can GPO on AD
>>control Windows Firewall Settings?
>>
>
>

Greetings,

There are firewall configuration options in the GPOs for your Windows XP
Machines. You need to installed the new System.adm template included in XP
SP2. This will add the Windows Firewall features to your GPO options.

For more on the new adm templates visit:
http://www.microsoft.com/resources/d....mspx?mfr=true

Hope this helps,

--
Louis Vitiello Jr.
MCSE +S, MCSA, MCP, A+/N+
ERCP XP Pro / Net Concepts



"MA P" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>I cant understand, I need to include new adm that is included on winxpsp2
>machine?
>
> "Andrei Ungureanu [MVP]" <contact me via www.itboard.ro> wrote in message
> news:ux$(E-Mail Removed)...
>> yes. You need to use the proper adm files:
>> http://download.microsoft.com/downlo...c#_Toc85246651
>>
>> --
>> Regards,
>> Andrei Ungureanu
>> www.eventid.net
>> Test our new EventReader!
>> http://www.altairtech.ca/eventreader...lt2.asp?ref=au
>>
>> "MA P" <(E-Mail Removed)> wrote in message
>> news:%23Y5yrg$(E-Mail Removed)...
>>>I have Windows 2000 DCs and Windows XP Pro SP2 clients. Can GPO on AD
>>>control Windows Firewall Settings?
>>>
>>
>>
>
>

Hi,

ADM files are Group Policy files. They are changed and modified with each OS
upgrade. The nice thing about them is they are all inclusive so you can run
Windows 2003 Service Pack 1 ADM's on a Windows 2000 Server.

You can download the most recent copy here
http://www.microsoft.com/downloads/d...DisplayLang=en

Copy the ADM's into the inf folder on ALL your DC's and any machines running
adminpak.msi to modify Group Policy.

Don't worry, any settings you have already won't change. However, Group
Policy will look a little different structure wise with a lot more policies.

Cheers,
Lara

"MA P" wrote:

> I have Windows 2000 DCs and Windows XP Pro SP2 clients. Can GPO on AD
> control Windows Firewall Settings?
>
>
>

In news:ux$(E-Mail Removed),
Andrei Ungureanu [MVP] <contact me via www.itboard.ro> typed:
> yes. You need to use the proper adm files:
> http://download.microsoft.com/downlo...c#_Toc85246651
>
>
> "MA P" <(E-Mail Removed)> wrote in message
> news:%23Y5yrg$(E-Mail Removed)...
>> I have Windows 2000 DCs and Windows XP Pro SP2 clients. Can GPO on AD
>> control Windows Firewall Settings?

<raises hand, shyly>

I have a question about this. I've got so few W2k domains left this is
rarely an issue for me, but am wondering - if I install GPMC on an XP SP2
client, and open it while logged in as a domain admin, all of this seems to
work. I've looked at that document, and I'm OK with the firewall policy
settings, which seems to be mainly what it's concerned with.

My real question is, if I subsequently open/close that particular GPO from
the W2k server, will it change the policy such that I won't get to see the
cool new stuff again if I view the policy again from an XP client? As in, is
there some sort of overwriting that takes place when one opens it on the
server?

I'm not sure I've gone about this the right way and would love to avoid
future headaches.

Hi,

Lanwench [MVP - Exchange] schrieb:
> My real question is, if I subsequently open/close that particular GPO from
> the W2k server, will it change the policy such that I won't get to see the
> cool new stuff again if I view the policy again from an XP client?

No.

> As in, is there some sort of overwriting that takes place when one opens
> it on the server?
> I'm not sure I've gone about this the right way and would love to avoid
> future headaches.

It only can cause errors, if the local existing ADM files are newer
than the ones inside the sysvol\...\{guidofPol}\ADM folder.
Perhaps you edit your system.adm on the 2000 DC to extend
the nodrives feature.

There is a automatic update feature, that is enabled by default. Thats
the MS way to update the GPO, if you are using a client with a new SP.

This can be disabled. Take a look at:
Userconf\Admtempl\Sytem\Group Policy
"Deactivate automatic update of adm templates"

Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
extend GPO: www.desktopstandard.com
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.

Hi,

To fix this Manually copy ALL the ADM files from the Windows XP SP2
C:\Windows\inf folder to the C:\Winnt\inf Folder on ALL your DC's and
overwrite the old Windows 2000 ones. The ADM's are accumulative and the new
ones run perfectly well on Windows 2000.

Personally I think that Microsoft should always recommend the Manual Copying
of the ADM's to the DC's rather than this "run GPMC on a Windows XP machine
etc"

I think that with the Newest Version of Windows Server to come out they
should figure out a way to have only ONE system.adm for all the policies
instead of redundantly copying a system.adm into EACH policy folder so you
end up with about 50 copies in the SYSVOL. I know when my Server HD's were
filling up, everytime I created another policy it would add 1.5MB of ADM
copies to the Harddrive.

Cheers,
Lara

"Lanwench [MVP - Exchange]" wrote:

> In news:ux$(E-Mail Removed),
> Andrei Ungureanu [MVP] <contact me via www.itboard.ro> typed:
> > yes. You need to use the proper adm files:
> > http://download.microsoft.com/downlo...c#_Toc85246651
> >
> >
> > "MA P" <(E-Mail Removed)> wrote in message
> > news:%23Y5yrg$(E-Mail Removed)...
> >> I have Windows 2000 DCs and Windows XP Pro SP2 clients. Can GPO on AD
> >> control Windows Firewall Settings?
>
> <raises hand, shyly>
>
> I have a question about this. I've got so few W2k domains left this is
> rarely an issue for me, but am wondering - if I install GPMC on an XP SP2
> client, and open it while logged in as a domain admin, all of this seems to
> work. I've looked at that document, and I'm OK with the firewall policy
> settings, which seems to be mainly what it's concerned with.
>
> My real question is, if I subsequently open/close that particular GPO from
> the W2k server, will it change the policy such that I won't get to see the
> cool new stuff again if I view the policy again from an XP client? As in, is
> there some sort of overwriting that takes place when one opens it on the
> server?
>
> I'm not sure I've gone about this the right way and would love to avoid
> future headaches.
>
>
>

Per your comments at the end of your post - you will be seeing
changes that address much of what you have indicated.


"lforbes" <(E-Mail Removed)> wrote in message
news:1F71961A-99CC-4D80-B0C1-(E-Mail Removed)...
> Hi,
>
> To fix this Manually copy ALL the ADM files from the Windows XP SP2
> C:\Windows\inf folder to the C:\Winnt\inf Folder on ALL your DC's and
> overwrite the old Windows 2000 ones. The ADM's are accumulative and the
> new
> ones run perfectly well on Windows 2000.
>
> Personally I think that Microsoft should always recommend the Manual
> Copying
> of the ADM's to the DC's rather than this "run GPMC on a Windows XP
> machine
> etc"
>
> I think that with the Newest Version of Windows Server to come out they
> should figure out a way to have only ONE system.adm for all the policies
> instead of redundantly copying a system.adm into EACH policy folder so you
> end up with about 50 copies in the SYSVOL. I know when my Server HD's
> were
> filling up, everytime I created another policy it would add 1.5MB of ADM
> copies to the Harddrive.
>
> Cheers,
> Lara
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> In news:ux$(E-Mail Removed),
>> Andrei Ungureanu [MVP] <contact me via www.itboard.ro> typed:
>> > yes. You need to use the proper adm files:
>> > http://download.microsoft.com/downlo...c#_Toc85246651
>> >
>> >
>> > "MA P" <(E-Mail Removed)> wrote in message
>> > news:%23Y5yrg$(E-Mail Removed)...
>> >> I have Windows 2000 DCs and Windows XP Pro SP2 clients. Can GPO on AD
>> >> control Windows Firewall Settings?
>>
>> <raises hand, shyly>
>>
>> I have a question about this. I've got so few W2k domains left this is
>> rarely an issue for me, but am wondering - if I install GPMC on an XP SP2
>> client, and open it while logged in as a domain admin, all of this seems
>> to
>> work. I've looked at that document, and I'm OK with the firewall policy
>> settings, which seems to be mainly what it's concerned with.
>>
>> My real question is, if I subsequently open/close that particular GPO
>> from
>> the W2k server, will it change the policy such that I won't get to see
>> the
>> cool new stuff again if I view the policy again from an XP client? As in,
>> is
>> there some sort of overwriting that takes place when one opens it on the
>> server?
>>
>> I'm not sure I've gone about this the right way and would love to avoid
>> future headaches.
>>
>>
>>

Glad to hear. I always thought using multiple copies of the ADM's made no
sense especially when they were identical duplicates.

Cheers,
Lara

"Roger Abell [MVP]" wrote:

> Per your comments at the end of your post - you will be seeing
> changes that address much of what you have indicated.
>
>
> "lforbes" <(E-Mail Removed)> wrote in message
> news:1F71961A-99CC-4D80-B0C1-(E-Mail Removed)...
> > Hi,
> >
> > To fix this Manually copy ALL the ADM files from the Windows XP SP2
> > C:\Windows\inf folder to the C:\Winnt\inf Folder on ALL your DC's and
> > overwrite the old Windows 2000 ones. The ADM's are accumulative and the
> > new
> > ones run perfectly well on Windows 2000.
> >
> > Personally I think that Microsoft should always recommend the Manual
> > Copying
> > of the ADM's to the DC's rather than this "run GPMC on a Windows XP
> > machine
> > etc"
> >
> > I think that with the Newest Version of Windows Server to come out they
> > should figure out a way to have only ONE system.adm for all the policies
> > instead of redundantly copying a system.adm into EACH policy folder so you
> > end up with about 50 copies in the SYSVOL. I know when my Server HD's
> > were
> > filling up, everytime I created another policy it would add 1.5MB of ADM
> > copies to the Harddrive.
> >
> > Cheers,
> > Lara
> >
> > "Lanwench [MVP - Exchange]" wrote:
> >
> >> In news:ux$(E-Mail Removed),
> >> Andrei Ungureanu [MVP] <contact me via www.itboard.ro> typed:
> >> > yes. You need to use the proper adm files:
> >> > http://download.microsoft.com/downlo...c#_Toc85246651
> >> >
> >> >
> >> > "MA P" <(E-Mail Removed)> wrote in message
> >> > news:%23Y5yrg$(E-Mail Removed)...
> >> >> I have Windows 2000 DCs and Windows XP Pro SP2 clients. Can GPO on AD
> >> >> control Windows Firewall Settings?
> >>
> >> <raises hand, shyly>
> >>
> >> I have a question about this. I've got so few W2k domains left this is
> >> rarely an issue for me, but am wondering - if I install GPMC on an XP SP2
> >> client, and open it while logged in as a domain admin, all of this seems
> >> to
> >> work. I've looked at that document, and I'm OK with the firewall policy
> >> settings, which seems to be mainly what it's concerned with.
> >>
> >> My real question is, if I subsequently open/close that particular GPO
> >> from
> >> the W2k server, will it change the policy such that I won't get to see
> >> the
> >> cool new stuff again if I view the policy again from an XP client? As in,
> >> is
> >> there some sort of overwriting that takes place when one opens it on the
> >> server?
> >>
> >> I'm not sure I've gone about this the right way and would love to avoid
> >> future headaches.
> >>
> >>
> >>
>
>
>