Thanks Andy - I was thinking that a template with the settings for best practices (sounds like one that uses the split config setup). Seems like you could apply this to the Computers OU or the OU that contains computers and/or laptops and then computers would always be protected because they should never "leave the network" (Domain) and laptops would be protected as well (Domain/Standard) whether they are on or off the network.
Don K ----- Original Message ---- From: Andy Ognenoff <[email protected]> To: NT System Admin Issues <[email protected]> Sent: Tuesday, June 16, 2009 3:23:17 PM Subject: RE: XP Workstation - Windows Firewall Settings in a domain Were you asking if it's capable of that split configuration or if there was a template with best practices? On the split config setup, you can apply Windows Firewall settings per profile (Domain or Standard) so when the laptop isn’t on a domain it uses a different set of firewall settings - both are present all the time but kick in when appropriate. http://technet.microsoft.com/en-us/library/cc776258(WS.10).aspx - Andy O. >-----Original Message----- >From: Don Kuhlman [mailto:[email protected]] >Sent: Tuesday, June 16, 2009 3:07 PM >To: NT System Admin Issues >Subject: Re: XP Workstation - Windows Firewall Settings in a domain > > >I wonder if there is a canned Group Policy template we could download that >contains the best settings for Windows Firewall that applies to the >internal computers to allow stuff like RDP, Mapped drive, Print Sharing, >etc. to meet your needs, but then also use the more locked down settings >for it when it leaves the network as a laptop would do. > > > > > >----- Original Message ---- >From: aci <[email protected]> >To: NT System Admin Issues <[email protected]> >Sent: Tuesday, June 16, 2009 2:17:57 PM >Subject: XP Workstation - Windows Firewall Settings in a domain > >I would love to hear some thoughts on the use of Windows Firewall in a >Domain Setting. I have never been a fan of the product as I feel it causes >more issues than it solves. I don't use it on my Personal computer or >laptop either. If a company has a properly configured firewall, and >properly installed and configured Enterprise level AntiVirus, is there >really a point. > >I am asking because I am consulting for a client that has it running on >their network. I have always disabled it, and need to provide some >justification to them either way. > >TIA, >Aci >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
