system can't log on because the domain(name)is not available

[LOUD]

when ever the server firewall is turned on all workstations show the message 'system can't log on because the domain is not available' when a user tries to log on.

Server is windows 2003
workstation xp sp2

[acrobson]

when ever the server firewall is turned on all workstations show the message 'system can't log on because the domain is not available' when a user tries to log on.

Server is windows 2003
workstation xp sp2

Is the windows firewall or a corporate third party firewall which you have on the server?

[LOUD]

its windows firewall

[NetworkGeezer]

The clients initiate connections to the server so if all the ports are blocked on the firewall then they won't be able to connect to the server.

From what I have read here most people don't bother with software firewalls for PCs on their school LAN. They rely on good security practices e.g. permissions and patching and a perimeter firewall on their broadband connection.

If you are certain you need software firewall on your server then make exceptiosn for common protocols such as CIFS/SMB, DNS, DHCP, ADS

[ICTNUT]

@LOUD: Why do you want the firewall turned on??

It is a major pain in the rear to configure correctly so that all users/services and communicate correctly. As long as your desktops are locked down correctly and execute access removed from various files and programs then all should be ok.

I personally really wouldn't bother with it on both desktop or server.

[acrobson]

The clients initiate connections to the server so if all the ports are blocked on the firewall then they won't be able to connect to the server.

From what I have read here most people don't bother with software firewalls for PCs on their school LAN. They rely on good security practices e.g. permissions and patching and a perimeter firewall on their broadband connection.

If you are certain you need software firewall on your server then make exceptiosn for common protocols such as CIFS/SMB, DNS, DHCP, ADS

I agree with the previous statement. Surely your school goes through your LEA firewall, all of the schools in my neck of the woods certainly do and as stated above we rely upon good security practices etc. Therefore that wouldmean your protected from the outside world getting in and the little "darlings" getting out.

[tosca925]

Our is turned off here, shoul dnot need tobe on really, like mentioned above if you lock desktops down through GPO there is no need fo it to be on.

[witch]

TURN IT OFF!!!
More trouble than it is worth
See tosca925 post - job done

[PiqueABoo]

RM manage to make systems that work with the f/w on, so I guess you Vanilla's just can't hack it? ;b

It's the defence in depth thing. I'm a bit sceptical about the advantages when you have to punch so many holes through the f/w, but I think you may have to start getting used to that e.g. try pinging a longhorn/2008 beta 3 server core.

[StewartKnight]

open the ports on the firewall to let the clients through, if you REALLY MUST have the firewall on!

[StewartKnight]

open the ports on the firewall to let the clients through, if you REALLY MUST have the firewall on!

[metalmonkey]

I'm curious to know how you deal with internal threats if the firewall is turned off?

Your LEA might protect external threats, but what about infected PC's with malware ect that are internal? You can't possibly guarentee infected laptops ect are not plugged in to the network, or malware downloaded by staff.

I'm not trying to start a flaming war but I am just curious to know how you deal with internal threats?

[mrcrazy04]

I'm currently trying to setup a Linux machine with Packetfence to sort out the malware issue, as I'm pretty sure it can kill anything it sees as a threat!