+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Windows Thread, Windows Firewall in Technical; It has been one of those days ... We have discovered that Windows Firewall has decided to block the RPC ...
  1. #1

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    10,074
    Thank Post
    1,384
    Thanked 1,889 Times in 1,170 Posts
    Blog Entries
    19
    Rep Power
    614

    Windows Firewall

    It has been one of those days ...

    We have discovered that Windows Firewall has decided to block the RPC server and stop certain connections (unless the user logging on is a member of the local admin group). THis includes failing to load GPOs properly.

    What methods do people use for turning off the firewall? (simplest solution in the short term IMHO)

    Has anyone come across anything similar?

    Tony

  2. #2

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    Boston, MA
    Posts
    7,601
    Thank Post
    110
    Thanked 771 Times in 599 Posts
    Rep Power
    183

    Re: Windows Firewall

    Just turn off the Windows Firewall using a GPO!

    You can even set it to turn the firewall back on when the client is not connected to the domain!

    Easy as...

    BTW - you may need to update your ADMs to those that come with XP SP2.

  3. #3

    Join Date
    Jun 2005
    Location
    Elgin, Scotland
    Posts
    387
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    24

    Re: Windows Firewall

    netsh firewall /? should give you all the command line options for the Windows Firewall. I use this method for adding ports & exceptions quickly. I think you can do a complete reset of the firewall this way.

    Only downside being, if the firewall's gone crazy, you may have to run it locally on each comp...

  4. #4

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,442
    Thank Post
    701
    Thanked 2,302 Times in 1,063 Posts
    Blog Entries
    23
    Rep Power
    678

    Re: Windows Firewall

    I keep my XP Firewalls switched off in GP as it interers to much with some of the 'superior' educational software we use.

  5. #5
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    35

    Re: Windows Firewall

    @Dos_Box: It might be useful to start a list of software which is not compatible with the XP SP2 firewall. For myself, I have left the firewall enabled without any difficulties apart from having to open the occasional port or three.

  6. #6

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    Boston, MA
    Posts
    7,601
    Thank Post
    110
    Thanked 771 Times in 599 Posts
    Rep Power
    183

    Re: Windows Firewall

    If you have a firewall between your network and the outside world, there is no reason to switch the firewall on at client level.

    Using the GPO settings, you have it re-enable itself when offsite and jobs a good'n!

  7. #7
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    35

    Re: Windows Firewall

    Surely firewalls on individual PCs will help prevent the spread of viruses/worms within the site, should a silly member of staff be daft enough to bring one in on a floppy..?

  8. #8

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    Boston, MA
    Posts
    7,601
    Thank Post
    110
    Thanked 771 Times in 599 Posts
    Rep Power
    183

    Re: Windows Firewall

    Quote Originally Posted by ajbritton
    Surely firewalls on individual PCs will help prevent the spread of viruses/worms within the site, should a silly member of staff be daft enough to bring one in on a floppy..?
    But you properly maintained AV software will kill this anyway!

  9. #9

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    10,074
    Thank Post
    1,384
    Thanked 1,889 Times in 1,170 Posts
    Blog Entries
    19
    Rep Power
    614

    Re: Windows Firewall

    Quote Originally Posted by Ric_
    Quote Originally Posted by ajbritton
    Surely firewalls on individual PCs will help prevent the spread of viruses/worms within the site, should a silly member of staff be daft enough to bring one in on a floppy..?
    But you properly maintained AV software will kill this anyway!
    And this is one of the apps that is being blocked from installation by the firewall.

    Bloody typical really ... the firewall stops people connecting to your machine ... people like the SysAdmin ... and installing potentially harmful software ... like AV software.

    *sigh*

  10. #10
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    35

    Re: Windows Firewall

    @Ric : I take the view that the local network is now potentially a hostile environment. Once the network spreads school-wide, it's very difficult to control what is connected to it. Staff bring in laptops which may or may not have up to date AV on them. I figure the best I can do is to implement every security feature available to me; AV, WSUS and the firewall.

  11. #11
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    30

    Re: Windows Firewall

    I'd have to agree with abj - not that I'm saying either argument is correct...

    It's just what works for their particular network, and way of doing things - unless you have no firewall on at all ...anywere lol

    in abj's defense - have client f/w's on is handy - not against viruses, but other sorts of malicious things like spyware and other nasties.

    Also helps limit the chances of a user having some sort of program in their home dir (brought in by whatever means) and used against the system - at least with a client firewall, you can prevent a app from doing anything

    Just my two cents - i have more pressing matters tho (see a lovely possible-DNS-related-problem topic in a few moments appearing)...

    Regards
    Nath.

  12. #12

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    Boston, MA
    Posts
    7,601
    Thank Post
    110
    Thanked 771 Times in 599 Posts
    Rep Power
    183

    Re: Windows Firewall

    You guys need a large pointy stick to prod and hit these people with!

    It's your job to configure the AV updates so you just need a way to make sure that it's done automagically.

  13. #13

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,442
    Thank Post
    701
    Thanked 2,302 Times in 1,063 Posts
    Blog Entries
    23
    Rep Power
    678

    Re: Windows Firewall

    Quote Originally Posted by ajbritton
    Surely firewalls on individual PCs will help prevent the spread of viruses/worms within the site, should a silly member of staff be daft enough to bring one in on a floppy..?
    Not really. The Windows firewall is one way only; incoming. Which is negated by said infected floppy\CD.

  14. #14
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    35

    Re: Windows Firewall

    Quote Originally Posted by Dos_Box
    Quote Originally Posted by ajbritton
    Surely firewalls on individual PCs will help prevent the spread of viruses/worms within the site, should a silly member of staff be daft enough to bring one in on a floppy..?
    Not really. The Windows firewall is one way only; incoming. Which is negated by said infected floppy\CD.
    A fair point, but the firewalled PCs would have extra protection against rogue laptops which may be connected to the network from time to time. It only takes one careless member of staff...

  15. #15
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    30

    Re: Windows Firewall

    Quote Originally Posted by Dos_Box
    Quote Originally Posted by ajbritton
    Surely firewalls on individual PCs will help prevent the spread of viruses/worms within the site, should a silly member of staff be daft enough to bring one in on a floppy..?
    Not really. The Windows firewall is one way only; incoming. Which is negated by said infected floppy\CD.
    ? what about the ol' window that pops up asking whether to allow program xyz.exe to access the internet? (the one that has the [Unblock] button on it and is dark-blue colour)

    Isn't that part-and-parcel of Windows Firewall?

    It only takes one careless member of staff...
    So true - dont we all know it lol

    Just my two cents

    Nath.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Endian Firewall and Windows Updates
    By Craig_W in forum *nix
    Replies: 7
    Last Post: 6th December 2011, 04:05 PM
  2. Did MS do something windows firewall?
    By Teth in forum Windows
    Replies: 5
    Last Post: 20th September 2007, 10:15 AM
  3. no firewall etc
    By ptrainor1 in forum Wireless Networks
    Replies: 15
    Last Post: 22nd October 2006, 10:34 PM
  4. Windows XP SP2 firewall policies on Domain
    By Kyle in forum How do you do....it?
    Replies: 16
    Last Post: 25th September 2006, 06:51 PM
  5. Windows Firewall
    By Mintsoft in forum Windows
    Replies: 3
    Last Post: 22nd March 2006, 10:59 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •