It's probably to do with apply GPO over slow links, the troiuble is the spead is measured as the speed of the NIC not the speed of the link. Unless you dial up from the PC directly. I have had great fun with this and VPNs over ADSL and dial up. -----Original Message----- From: "Joe Pochedley" <[EMAIL PROTECTED]> Date: Tue, 6 Sep 2005 14:39:31 To:<[email protected]> Subject: [ActiveDir] XP SP2 Firewall - Domain vs Standard Policy
I've done some googling and searched the MS site a bit, but cannot find an answer... The question I have is this: How does an XP computer determine whether it's connected to the domain in order to decide which firewall policy (standard or domain) to enforce? The reason I ask is this: I see this most often with machines that come in over the WAN, though I've seen it a few times on machines on our local LAN too. A machine will start up and the firewall will be enabled. Normally that would be expected as that is the default behavior of the XP firewall. However, I do have a GPO that turns off the firewall for the domain profile. If I do a GPRESULT on these machine, the GPO is applied, yet the firewall is still on. If I do a "netsh fi show state" the current active profile is the standard profile, and the Firewall GPO that I have set displays as the Group Policy Version (so I know the machine has the settings).... My only guess is that, for some reason when these machines start, they don't realize they're on the domain, but I can't explain why. Latency for the remote sites is about 60 to 100 ms and there are no DC's at many of the small (2-4 people) remote sites. If it were only remotes sites, then I might be convinced that the latency was an issue. But as I mentioned, I've seen it happen to machines on our LAN too. Any insights or other things to check would be much appreciated. Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
