I'm still trying to verify that the few policies we have as original 'default' policies were not altered. (verify _everything_) Where I don't believe the Default policies have been altered, I'm not "the only cook in the kitchen" and I'm having a hard time finding a document that spells out the original settings. I may have to set up a new domain on an old server and see what happens! ;)
I've never applied policies to the domain controllers via GPO, we are really just starting to think about doing that. So the only GPO objects the domain controllers get are: Default Domain Policy (_shouldn't_ be altered from original install) Default Domain Controllers Policy (_shouldn't_ be altered from original install) Our WSUS policy which points them to our WSUS server and sets the WSUS group) That's it, fairly straightforward. We try to run a fairly standard MS shop in case we ever need their help on something. I don't see anything in these policies that would have any affect on the network location awareness. I should mention we are a single forest single domain environment. (Keep It Simple S...) Thanks again! -Stephen On Wed, Mar 18, 2009 at 12:57 PM, Terry Jezewski < [email protected]> wrote: > Hmm mm.. > > I'd check the gpo on the sites and also the dc container first. > Let me think further on this. Got to love campus networks > > Terry > ------------------------------ > > * From: *riversidekid > * Sent: *03/18/2009 04:51 PM GMT > * To: *Terry Jezewski > * Subject: *Re: Re: Windows Firewall is using your non-domain settings... > On a Domain Controller??? > > The sites are logically separated with firewalls, not physically separated > by any great distance. All six domain controllers are located in two > buildings only a few hundred yards from each other and connected via a > robust network. All are behind corporate firewalls, BUT as an educational > environment we have a great deal of non-desirable network traffic within the > corporate firewall. We use the Windows Firewall to open ports to our systems > in order to block the unknown traffic. The domain controllers sync over > IPSEC. > > In our secure area the Windows Firewall is off, but in two other network > segments the windows firewall has come in helpful at times, so I need to > leave it on but I just don't get why it's listed as Non-Domain settings. > > > > On Mar 18, 2009 12:38pm, Terry Jezewski <[email protected]> > wrote: > > > > One of our new clients had this issue and since their sites are behind > Sonic WALL firewalls, we turned off the WFW. Are your sites connected via > VPN or point to point? > > > > From: Stephen Wimberly [[email protected]] > > Sent: 03/18/2009 12:00 PM AST > > To: "Active Directory Admin Issues" [email protected] > > > > Subject: Windows Firewall is using your non-domain settings... On a > Domain Controller??? > > > > > > I have six domain controllers, two in each of three AD sites. Two are > Windows Server 2008 and four are Windows Server 2003 R2. > > > > My 2003 DCs are all displaying "Windows Firewall is using your non-domain > settings" and I would much rather they use the domain settings. My 2008 DCs > show domain settings. > > > > > > I've poured over the following articles: > > Best practice for DNS Settings on Windows 2000 and 2003 Domain > Controllers: http://support.microsoft.com/default.aspx/kb/825036 > > > > > > Cable guy reports how it's decided upon: > http://technet.microsoft.com/en-us/library/bb878049.aspx > > > > > > I found that NLA Service must start up automatic to get going quick > enough, so that's done. I've also found that sync errors could cause an > issue with the NLA. > > > > Last resort was to demote a DC pull it from the domain and then add it > back to the domain and dcpromo it back to a DC. Just after doing that, the > DC showed domain settings, but after just one restart it went back to > non-domain settings. > > > > > > Has anyone seen this before, and better yet, know something that might > kick it back into gear??? > > > > Thanks! > > > > > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! > ~ > > ~ ~ > > > > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! > ~ > > ~ ~ > ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
