Hi Mark...
I've found that just by using the "older" policy setting.....Prohibit use
of Internet Connection Firewall on your DNS domain network. That you get
pretty much the behavior you're looking for.
You can prove this by just pulling out the patch, the firewall will come
on...Reconnect the patch, and it goes back off, in a few seconds.
Hope this helps some.
John
"Abbiss, Mark"
<[EMAIL PROTECTED]
.net> To
Sent by: <[email protected]>
[EMAIL PROTECTED] cc
ail.activedir.org
Subject
[ActiveDir] GPO's in AD (online and
03/24/2005 04:09 offline)
AM
Please respond to
[EMAIL PROTECTED]
tivedir.org
We are in the process of rolling out XP SP2 in our environment and I am
beginning to mess around a bit with the GPO settings for SP2, specifically
the firewall.
We have a mixture of laptop and desktop users, the desktops are no problem
as we disable the firewall on all of them as the corporate network they are
connected to handles all access rights. The laptop users however are a bit
of a headache.
What I need to be able to do is disable the firewall when the laptiops are
logging on locally to the network but ensure that the firewall is enabled
when they are working offline and perhaps making dialup connections to the
internet.
What I cant figure out is how I am supposed to get the firewall policy
settings to the laptops. If they are logging on to the domain the firewall
should be disabled and if they logon while disconnected from the domain
then they wont process the GPO and therefore won't get any settings ?!?
Just how can I solve this Catch 22 ?
Thanks for any help
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
