Will my WinXP SP2 firewall GP affect the Windows 2003 SP1 firewall

[Guest]

I'm about to define the domain wide group policy settings for the windows
firewall on our Windows XP SP2 clients.

Now I want to define this at the domain level so that it will affect all
XP SP2 computers when they join the domain .. without having to be moved to a
specific OU.

I'm worried that these settings will affect the firewall on my Windows 2003
SP1 Servers ..
how do I ensure my servers are not affected and or how do I define the GP
is for Win XP clients only ..

 

[Mark]

Hi Rory,

Windows Firewall is installed on both Windows XP SP2 and Windows 2003 SP1 so
the answer is yes - your GPO will affect Windows 2003 Server.

I beleive that on Windows 2003, the firewall service is disabled by default
though so this may not be a problem.

You can make a GPO "Win XP Only" using a WMI filter.

Mark

 

[Guest]

Hi Mark :

wrt :

"I beleive that on Windows 2003, the firewall service is disabled by default
though so this may not be a problem."

I will be ENABLING the firewall in my GP !

Please elaborate on this :

"You can make a GPO "Win XP Only" using a WMI filter."

thanks

Rory

 

[Mark]

Hi Rory,

Under Windows 2003 Server the "Windows Firewall/Internet Connection Sharing
(ICS)" service is disabled by default. This means that regardless of the
GPO enforced Windows Firewall settings, the firewall will remain switched
off.

Unless you enable the Firewall/ICS service in service manager you should not
have problems.

Out of interest, why don't you just create a separate OU for servers?


WMI (Windows Management Instrumentation) is essentially a database of most
of the settings and configuration information for a Windows computer.
A WMI Filter is something that you attach to GPO to restrict where it is
enforced based on the information in WMI.

For example, you can set up a WMI filter that causes the GPO only to be
applied to computers where the OS build is "2600" for Windows XP. I use the
following:

SELECT * FROM Win32_OperatingSystem WHERE BuildNumber = "2600"

Bear in mind that WMI filters only work on Windows XP and later. On Windows
2000, they are ignored and the GPO will be applied regardless.

If you're using the new Group Policy Management Console (highly recommended!
get it from download.microsoft.com) there is a good explanation of WMI
filters included in the help.
If you don't come from a programming/SQL background, WMI filters take a
little bit of bed time reading to get you're head around but once you're
confident with them they're incredibly useful.

Hope this helps,
Mark