Right, they are called Domain and Standard, and Neil is correct--if you define both profiles, both reg settings are delivered to the machine when it processes GP and then the Windows Firewall decides which to apply based on a network state determination process--which is explained reasonably well here:
http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Thursday, March 24, 2005 4:33 AM To: '[email protected]' Subject: RE: [ActiveDir] GPO's in AD (online and offline) One further clarification - GPO settings are stored in the registry and *are* active even if the machine is disconnected from the domain or network. neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: 24 March 2005 11:31 To: [email protected] Subject: RE: [ActiveDir] GPO's in AD (online and offline) There are two profiles for the firewall settings. The one is external and the other one is internal. I can't recall their exact names but the one operates when the firewall is aware that it's connect to it's domain and the other operates in all other scenarios. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark Sent: 24 March 2005 12:09 PM To: [email protected] Subject: [ActiveDir] GPO's in AD (online and offline) We are in the process of rolling out XP SP2 in our environment and I am beginning to mess around a bit with the GPO settings for SP2, specifically the firewall. We have a mixture of laptop and desktop users, the desktops are no problem as we disable the firewall on all of them as the corporate network they are connected to handles all access rights. The laptop users however are a bit of a headache. What I need to be able to do is disable the firewall when the laptiops are logging on locally to the network but ensure that the firewall is enabled when they are working offline and perhaps making dialup connections to the internet. What I cant figure out is how I am supposed to get the firewall policy settings to the laptops. If they are logging on to the domain the firewall should be disabled and if they logon while disconnected from the domain then they wont process the GPO and therefore won't get any settings ?!? Just how can I solve this Catch 22 ? Thanks for any help List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ======================================================================== ====== This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ======================================================================== ====== List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
