XP Service Pack 2 / Windows 2000 GPO

[shakim]

Can someone please confirm that Microsoft have made it
impossible for me to manage XPSP2 Firewall settings using
GPO in only a Windows 2000 Domain.
From what I have read and experienced, I need a Windows
2003 server (License)

 

[Mark Williams [MSFT]]

This is not correct. You can manage clients in a Windows 2000 domain from
GPMC, which can be run on Windows Server 2003 or Windows Professional.
Originally, the GPMC license DID require a Windows Server 2003 license but
we modified this when we shipped GPMC with Service Pack 1, which allows can
be used to manage either Windows 2000 or Windows Server 2003 domains.

If you have a pointer to online documentation that incorrectly indicates a
Windows Server 2003 license is needed (and it exists on the Microsoft.com
site) please let me know so that I can work to get that updated.

One qualifier to this (unrelated to licensing) is that a small subset of the
new policy settings in Windows XP Service Pack 2 (those that use the LISTBOX
ADDITIVE keywords) can only be managed from a Windows XP or Windows Server
2003 machine.

Thanks.
--
Mark Williams
Program Manager, Group Policy
http://www.microsoft.com/technet/grouppolicy

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Thankyou Mark for you prompt reply.

I have A windows 2000 Domain. I downloads GPMC SP1 and
installed it on my 2000DC only to be alerted that I need XP
or 2003.

Is there, from Microsoft, a GPO update or addin, which
allows me to disable the Firewall on my XPSP2 machines from
my Windows2000DC ?? (With spending money)

 

[shakim]

Thankyou Mark for you prompt reply.

I have A windows 2000 Domain. I downloads GPMC SP1 and
installed it on my 2000DC only to be alerted that I need XP
or 2003.

Is there, from Microsoft, a GPO update or addin, which
allows me to disable the Firewall on my XPSP2 machines from
my Windows2000DC ?? (WITHOUT spending money)

 

[Torgeir Bakken \(MVP\)]

Thankyou Mark for you prompt reply.

I have A windows 2000 Domain. I downloads GPMC SP1 and
installed it on my 2000DC only to be alerted that I need XP
or 2003.

Is there, from Microsoft, a GPO update or addin, which
allows me to disable the Firewall on my XPSP2 machines from
my Windows2000DC ?? (WITHOUT spending money)

Hi

The GPO setting "Prohibit use of Internet Connection Firewall
on your DNS domain network" will disable the firewall. This
GPO applies also for pre-SP2 WinXP.

More here
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/33_xpape.mspx

and here
http://www.jsiinc.com/SUBP/tip7900/rh7909.htm


If you have loaded the WinXP SP2 adm file, you will find the
setting here:

Computer Configuration\Administrative Templates\Network
\Network Connections\Windows Firewall

If not, you will find it here:

Computer Configuration\Administrative Templates\Network
\Network Connections

 

[Mark Williams [MSFT]]

Hello again,

GPMC will run on either Windows XP (with at least SP1) or Windows Server
2003. It is recommended to manage Group Policy from an administrative
machine, rather than on the domain controllers themselves. Since you are
running Windows 2000 domain controllers you will not be able to load GPMC on
those servers. However, if you can fully manage Group Policy from a Windows
XP machine acting as an administrative workstation. Since you appear to be
wanting to managing XP SP2 machines I am hopefulyl that your administrative
machines are in fact XP.

Yes, you can disable the Windows Firewall, through the .adm files we ship
with XP SP2. Checkout the following policy setting:

Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile\Windows Firewall: Protect all network connections

Disabling this policy setting will turn off the Windows Firewall.
Unless you have a compelling reason to do so (for example, you already have
a different Firewall installed) we would recommend that you look at some of
the other policy settings associated with the WIndows Firewall to open only
those porgrams or ports you need, rather than disable it altogether.

BTW, I should add that the Windows Firewall and ICF are two very
different beasts In Windows XP SP2 you need to be using the Windows
Firewall (not ICF) policy settings.


I hope this helps.

--
Mark Williams
Program Manager, Group Policy
http://www.microsoft.com/technet/grouppolicy

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Mark Williams [MSFT]]

Hi Torgeir,

Please see my previous response in this thread. The ICF policy setting has
no impact on Windows XP Service Pack 2 machines - the new Windows Firewall
settings manage firewall functionality. The ICF policy settings do apply to
pre-XP SP2 machines, though, as you say.

Thanks.

--
Mark Williams
Program Manager, Group Policy
http://www.microsoft.com/technet/grouppolicy

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Torgeir Bakken \(MVP\)]

Hi Torgeir,

Please see my previous response in this thread. The ICF policy setting has
no impact on Windows XP Service Pack 2 machines - the new Windows Firewall
settings manage firewall functionality. The ICF policy settings do apply to
pre-XP SP2 machines, though, as you say.

Hi

Thanks for clearing up my misunderstanding on this issue