Active firewall profile incorrect

[Guest]

On an SBS 2003 domain with a vanilla RTM Vista, the default firewall
configuration works fine but as soon as I set Outbound to block and then
reboot, things start breaking. The Network is seen as Public so discovery and
sharing are all disabled and Network shares are all disconnected.

Can I manually override the Active Firewall Profile and set it to Domain?
Is there a simple connection or Outbound rule I'm missing?

The logs show plenty being blocked but the profile is public so I'm
reluctant to start creating rules until I get the active profile right.

 

[Guest]

A little bit more research and I managed to sort out my own dramas. Possibly
shouldn't have posted but I thought someone out there could fast track a
solution.

For anyone in a similar boat, this is how I resolved it but it isn't
necessarily the best method. The bottom line is Vista's firewall is awesome
and highly configurable but does lack a few user friendly things. Many think
it should have a prompt to allow Outbound programs access on the fly but I
disagree now I've played with it. This is a problem with other firewalls in
so far as enyone can allow anything with a single click. Vista is far
superior, turn on Outbound blocking and it works, everything is blocked until
you specifically allow it - a real firewall - nice!

I personally think some more default rules should be applied so Domain
access still works when you do block Outbound access and that the logs should
say what programs requested access but apart from that, I have no complaints.
I'm not sure how you add rules on a Corporate Network using policies or
scripts but I'm sure it can be done.

Anyway, I digress. Turn on logging of dropped packets for all profiles. Note
the time and reboot. Check the logs and see what ports were blocked during
logon. Look up the common ports website and decide what should be allowed.

Unfortunately, I had to open the actual ports rather than a specific program
as I have no idea what process or program is using the port but all this is
manageable within the rule's properties. This means any program can also use
the ports but it's still better than no Outbound security.

To get the Domain logon working correctly, I opened the following ports
using All Ports for the Local Port and Specific Port for the Remote Port.

DNS - Port 53 UDP
DCE Endpoint Resolution - Port 135 TCP
NETBIOS - Ports 137, 138, 139 TCP and UDP

I rebooted as I added each rule and after adding the above rules, I could no
longer logon to the Domain at all. The Trusted connection between Vista and
the SBS Server failed! I nearly gave up at this stage but perservered, logged
on as the local administrator and added the last rule required to make
everything work.

Kryptolan - Port 389 TCP and UDP

Vista rocks but I've burnt plenty of valuable drinking time dicking with
it...hope this helps someone.