Having just used RDP to update a handful of machines from home
Installed Xp SP3 and did recommended restart now cant get rdp to them again.
Looks like it turns firewall back on again (goggled the error)
Any ideas that don't involve driving 30 miles to work would be gratefully received
You have two choices really. Either by create a firewall exception or disable the firewall altogether. Generally speaking if all your workstations are on a large network, then chances are they're behind a router too (which is a firewall in itself).
Computer Config > Admin Templates > Network > Network Connections > Firewall > Domain Profile
Windows Firewall: Protect all network connections - Disable
On a few machines try running the following command from the Run menu:
If you'd rather make an exception (which is a little more complex, let me know).Code:gpupdate /force
We have a group policy that disables the firewall
I think sp3 has over written this setting
cant do gpupdate without driving 30 miles (was hopping the gpupdate would have happened in the 90min timeframe)
Are you sure Remote Desktop is enabled by GPO too?
Computer Config > Admin Templates > Windows Components > Terminal Services
Allow users to connect remotely using Terminal Services - Enable
When updating GPOs it's recommended machines are restarted to take effect. I presume you can still RDP into your server?
The Windows policy that allows you to disable the Internet Connection Firewall for all users including administrators is at the following location in the Windows policy tree:
Local Computer Policy/Computer Configuration/Administrative Templates/Network/Network Connections
On the right hand side, you will see "Prohibit use of Internet Connection Firewall on your DNS Domain." That's where you get to play with it and the of course run the GPUPDATE /FORCE""
I previously had only the GP set at "Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall: Protect all network connections" as disabled, which worked fine with Service Pack 2, but apparently Service Pack 3 ignores this setting.
so did an upgrade to sp3 ran the gpupdate before restarting and its worked on that one
Will wait and see if the others become available after the group policy is updated.
will report back results later
SP3 is just rolled up patches, the firewall is enabled if you upgrade from SP1, or earlier, invoking SP2's party trick.
Doesn't help with your problem but just thought i'd mention it!
You can restart the machines remotely which will help apply the policies that you have reconfigured to allow access. It should also help the machines 'clear their heads' as sometimes they are a little screwy after the first reboot from a SP install.
cmd: shutdown -r -f -m \\computername
From a different machine that is logged in as a domain admin ie a server.
You cant shutdown as with the firewall on you cant do anything
no ping
no rdp
no remote registry
Google throws up a couple of possibilities one is Nvidia driver problem
suggestion roll back to previous version of driver.
and the
I previously had only the GP set at "Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall: Protect all network connections" as disabled, which worked fine with Service Pack 2, but apparently Service Pack 3 ignores this setting.
so did an upgrade to sp3 ran the gpupdate before restarting and its worked on that one
after i realized problem the second fix and a gpupdate /force before the restart at end of sp3 install has kept the 4 machines i did later on working so that seams to be the fix
I thought the broken ones would now be ok as a gpupdate happens evry Min's maximum but they are still not working on rdp.
Just had a call from work and the owners of the afected mahines have logged on ok but still got firewall on.
I will get them to do a resart at lunch time se if that fixes it
Would SpecOps work Specops Gpupdate - Remote gpupdate / Wake on lan (WOL) / restart / shutdown ?
We use it to force a gpupdate rather than manually logging onto each machine.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote