+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
O/S Deployment Thread, Move workstation to another OU in Technical; As I said extremely dense . That looks like it's from Wizard.log, so tells us what it was going to ...
  1. #16

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    As I said extremely dense.

    That looks like it's from Wizard.log, so tells us what it was going to try and do (comp name and other parameters you'd fed it) but tells us nothing about what it did next to get itself in a mess.

    Is that the only log you have? If not which ones have the newest modified dates?

  2. #17

    Join Date
    Jun 2008
    Posts
    718
    Thank Post
    119
    Thanked 64 Times in 52 Posts
    Rep Power
    31
    I've finally fixed it!!

    The firewall was causing all the problems. I've removed the GPO that had the firewall in it and started afresh with a clean one. Everything is configured apart from that one final bit.

    Has anyone configured their firewall to make it seemless and hassle free?

  3. #18

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Has anyone configured their firewall to make it seemless and hassle free?
    Yes, but which one? The workstation or the server they talk to?

    I have a firewall GPO on the OU all workstations get moved under somewhere by MDT, and it doesn't cause any issues. Again it's XP, but that GPO doesn't have a lot in it - mostly just lets all the necessary Windows stuff, including Remote Admin happen if the source address is the local subnet.

  4. #19

    Join Date
    Jun 2008
    Posts
    718
    Thank Post
    119
    Thanked 64 Times in 52 Posts
    Rep Power
    31
    For the workstations. I want to have the firewall enabled and located at the root of the workstation OU with sub OUs for each classroom/area.

    Could you tell me what you have enabled/disabled for programs/ports etc?

  5. #20

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    It's just XP again, Vista Win7 changes the firewall considerations a bit. They're kind of pragmatic in the sense that I thought about the risks and backed away from very serious security in favour of usability/administration/budget. Local subnet gets in to do:

    Ping
    File & Print,
    Remote Admin,
    Remote Desktop,
    Remote Disk Manglement,
    A few specific EXE exceptions I only vaguely recall having to make (but obviously did) for unsolicited Remote Assistance
    TCP port 135 which IIRC was so some remote WMI calls I make would work (might be included in one of the generic categories)

    For most I ought to change local subnet to an IP range containing boxes where remote admin happens, but that wouldn't slow down my idea of a Bad Guy[tm] who could exploit the current scenario very much.
    Last edited by PiqueABoo; 13th October 2010 at 11:21 PM. Reason: Ping

  6. #21

    Join Date
    Jun 2008
    Posts
    718
    Thank Post
    119
    Thanked 64 Times in 52 Posts
    Rep Power
    31
    Presumably you just enabled those that you listed and then added .EXE exceptions for your programs?

    I will give you this a try and see what happens because I'm sure I had done the same too with the previous firewall settings.

  7. #22

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Presumably you just enabled those that you listed and then added .EXE exceptions for your programs?
    Yep (strictly speaking they're MS programs I want to talk to e.g. Help & Support service etc.)

  8. #23

    Join Date
    Jun 2008
    Posts
    718
    Thank Post
    119
    Thanked 64 Times in 52 Posts
    Rep Power
    31
    OKay, so I've re-enabled the firewall in a complete new GPO and slowly enabled the following:

    Allow ICMP exceptions (enabled Allow inbound echo request)
    Allow inbound file and printer sharing exception
    Allow inbound remote administration exception
    Allow inbound remote desktop exception s
    Define inbound port exceptions
    Things like Virus, VNC etc
    Define inbound program exceptions
    I believe for this you really need to allow WMI (unsecapp.exe). I notice if I didn't the rebuild would fail. Just for good measure, and I have it enabled for XP for some years now, explorer.exe (Windows Explorer).

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. On the move
    By neilmc in forum General Chat
    Replies: 1
    Last Post: 12th March 2010, 02:10 PM
  2. No Workstation ID
    By button_ripple in forum MIS Systems
    Replies: 6
    Last Post: 10th July 2009, 11:12 AM
  3. Replies: 2
    Last Post: 16th April 2009, 11:40 AM
  4. Move DC from A to B
    By Gatt in forum Windows Server 2008
    Replies: 4
    Last Post: 25th February 2009, 12:45 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •