Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configure firewall through group policy on Win XP SP2

Status
Not open for further replies.
HansL

HansL

MIS
Feb 10, 2003
17
DE
Hi all,

I installed XP SP2 on a test computer. As the microsoft document states I should be able to regulate the firewall settings through group policy.


I have done everything they asked by still no:
computer configuration => admin templates => network

I do have this when I go to the local group policy on the XP SP2 test pc.

google :

Host: Mike (Microsoft)
Q: Still haven’t seen the ADM settings for the XP SP2. Final
A: When you install SP2 on a Windows XP machine it places an updated system.sdm (plus wuau.adm) file on the PC

So I assume nothing more has to be done to enable (and view) this group policy.


Who has done this or has more information ?

Tnx in advance

regards,
Hans
 
Sort by date Sort by votes
I downloaded the SP and installed it locally.

What do you mean exactly ?

tnx
 
Upvote 0 Downvote
Darniit,

I have been using Netsh.exe and not GPOs, so I am going to let some else deal with the issue. But did you also update your .ADM files? The Network install of SP2 should have handled this, unless there was a permissions issue.
 
Upvote 0 Downvote
Easy way - look at the policies using the WinXP SP2 machine. It will copy the updated .adm files up to your DC

********Caution**********
Make sure you are only opening one policy. There is a string in the new .adm files that is too long for older service packs. Unless you want to click past a bunch of error messages on your other policies I suggest you only open a test policy or one that deals explicitly w/ the settings for SP2
 
Upvote 0 Downvote
qti,

I don't understand what you mean with

"Easy way - look at the policies using the WinXP SP2 machine. It will copy the updated .adm files up to your DC"

I should look at the local policy and then do what ?

tnx

 
Upvote 0 Downvote
HansL,

if you install sp2 on a client, it is necessary that you log-in once as a domain-administrator (or at least with group policy edit rights) in order to automically update the new 'system.adm'. At least that's how it worked in my test-environment.

I only had one problem: the group policy editor of our w2k domain controller isn't capable of displaying the long descriptions supplied in the 'new system.adm' (although w2k SP4 is installed).
Thus, you need to install the new group policy editor (which itself requires NET 1.1) on a client (didn't work on the DC). Then, when logged into that client with group policy editing rights, you can make changes to the policy.
 
Upvote 0 Downvote
Gaudenz,

1. I log in as a domain admin
2. (when I open group policy editor on the local pc where SP2 is installed firewall settings are available)

when I open the default domain policy on the SP2 pc I still don't see the firewall settings. (only windows components)

Is it possible to send/import the new adm file ?

tnx
 
Upvote 0 Downvote
HansL,

I checked the default domain policy and it is actually as you say. I didn't notice because I added a second policy (named like 'xp sp2 testing') before logging in as domain admin. In this second policy, the firewall entries are there. If I try to add a new third policy, it is however based on the default one and again, the firewall settings are missing.

Maybe you try to add a second policy (which is then listed below the default one - important because of priority) and then log on again with the client as a domain admin - maybe sp2 just cannot change the default policy.

Otherwise, you can import the *.adm files. According to this document (the firewall settings are included in the system.adm file.
This file is on the client with the SP2 installed, in the folder %SYSTEMROOT%\inf\ (e.g. c:\windows\inf\system.adm); to see it, you must turn on 'show hidden files'.

I assume you are working with the management console, where you just add the templates for the local machine and the dc. if you right-click on the 'Administrative Templates' folder in the 'Computer Configuration' you can choose the option 'Add/Remove Templates...'. There you click on 'add' and browse for the system.adm file (you need to copy if from the client to the dc - however, I wouldn't overwrite the existing one on the dc. This should work.

Anyway, in my case, I need to use the xp client for viewing the policy. If I use the domain controller (w2k), i get errors as mentioned before.

Hope this helps.
 
Upvote 0 Downvote
tnx alot gaudenz

this is the sollution !

Have a nice weekend


Regards,
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
457
pjw001
pjw001
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
628
pjw001
pjw001
spamjim
  • Locked
  • Question
Sanitizing illegal filenames on NTFS volumes
Replies
2
Views
384
spamjim
spamjim
pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
727
pjw001
pjw001
K
  • Locked
  • Question
Recover Data Windows 10 1
Replies
2
Views
3K
Rick998
Rick998

Part and Inventory Search

Sponsor

Back
Top