As I said extremely dense.
That looks like it's from Wizard.log, so tells us what it was going to try and do (comp name and other parameters you'd fed it) but tells us nothing about what it did next to get itself in a mess.
Is that the only log you have? If not which ones have the newest modified dates?
I've finally fixed it!!
The firewall was causing all the problems. I've removed the GPO that had the firewall in it and started afresh with a clean one. Everything is configured apart from that one final bit.
Has anyone configured their firewall to make it seemless and hassle free?
Yes, but which one? The workstation or the server they talk to?Has anyone configured their firewall to make it seemless and hassle free?
I have a firewall GPO on the OU all workstations get moved under somewhere by MDT, and it doesn't cause any issues. Again it's XP, but that GPO doesn't have a lot in it - mostly just lets all the necessary Windows stuff, including Remote Admin happen if the source address is the local subnet.
For the workstations. I want to have the firewall enabled and located at the root of the workstation OU with sub OUs for each classroom/area.
Could you tell me what you have enabled/disabled for programs/ports etc?
It's just XP again, Vista Win7 changes the firewall considerations a bit. They're kind of pragmatic in the sense that I thought about the risks and backed away from very serious security in favour of usability/administration/budget. Local subnet gets in to do:
Ping
File & Print,
Remote Admin,
Remote Desktop,
Remote Disk Manglement,
A few specific EXE exceptions I only vaguely recall having to make (but obviously did) for unsolicited Remote Assistance
TCP port 135 which IIRC was so some remote WMI calls I make would work (might be included in one of the generic categories)
For most I ought to change local subnet to an IP range containing boxes where remote admin happens, but that wouldn't slow down my idea of a Bad Guy[tm] who could exploit the current scenario very much.
Last edited by PiqueABoo; 13th October 2010 at 11:21 PM. Reason: Ping
Presumably you just enabled those that you listed and then added .EXE exceptions for your programs?
I will give you this a try and see what happens because I'm sure I had done the same too with the previous firewall settings.
Yep (strictly speaking they're MS programs I want to talk to e.g. Help & Support service etc.)Presumably you just enabled those that you listed and then added .EXE exceptions for your programs?
OKay, so I've re-enabled the firewall in a complete new GPO and slowly enabled the following:
Allow ICMP exceptions (enabled Allow inbound echo request)
Allow inbound file and printer sharing exception
Allow inbound remote administration exception
Allow inbound remote desktop exception s
Define inbound port exceptions
Things like Virus, VNC etc
Define inbound program exceptions
I believe for this you really need to allow WMI (unsecapp.exe). I notice if I didn't the rebuild would fail. Just for good measure, and I have it enabled for XP for some years now, explorer.exe (Windows Explorer).
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote