Group Policy , XPSP2 Windows Firewall, 2000 Server

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

The new group policy adm files from XPSP2 imported to 2000 server gpo. Got
one minor problem, It seems all registry settings are avaible exept two of
them.

Computer Configuration\Administrative Templates\Network\Network
Connections\Windows Firewall\Domain Profile\Windows Firewall: Define program
exceptions and Windows Firewall: Define port exceptions

I can't manage them or see them when running from server (gpo edit), however
running from a client (XPSP2) via mmc it works.

Are this only edit able from XPSP2 ?
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

I assume you have installed the W2K fixes that allow your domain controller
to load the XP SP2 .adm files without the error messages. The good news is
that this fixes the appropriate bug in W2K. However, some of the new policy
settings (the ones you have mentioned, plus some for Internet Explorer) use
the LISTBOX ADDITIVE statement in their definition which are not associated
with "version 5" within the .adm file (for those of you familiar with that
syntax). Without going into the gory details (we plan a KB article to do
just that!!), this was the underlying issue we needed to fix. We were able
to do this "in full" for both XP and Windows Server 2003 (both fix the error
messages and make the LISTBOX ADDITIVE policy settings manageable from
GPEdit). However, for Windows 2000 we were able to fix the error messages
but this platform does not support management of the LISTBOX ADDITIVE policy
settings.

The net result of all this is as you state - these policy settings can be
edited from GPEdit running on Windows Server 2003 or Windows XP, but not
from Windows 2000. Just to avoid any possible confusion that does NOT mean
that there any issues managing XP SP2 clients (which support these Windows
Firewall policy settings) in a Windows 2000 domain - that works just fine.
It's the EDITING of the GPOs where you can't use Windows 2000. Our
recommendation remains to manage GPOs from an administrative workstation,
rather than from the server.

I hope that helps.

--
Mark Williams
Program Manager, Group Policy
http://www.microsoft.com/technet/grouppolicy

This posting is provided "AS IS" with no warranties, and confers no rights.
"nikl" <nikl@discussions.microsoft.com> wrote in message
news:E9446053-6AEE-40AF-9548-B7267CB96F50@microsoft.com...
> The new group policy adm files from XPSP2 imported to 2000 server gpo. Got
> one minor problem, It seems all registry settings are avaible exept two of
> them.
>
> Computer Configuration\Administrative Templates\Network\Network
> Connections\Windows Firewall\Domain Profile\Windows Firewall: Define
> program
> exceptions and Windows Firewall: Define port exceptions
>
> I can't manage them or see them when running from server (gpo edit),
> however
> running from a client (XPSP2) via mmc it works.
>
> Are this only edit able from XPSP2 ?
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks for fast information replay and help !

"Mark Williams [MSFT]" wrote:

> Hi,
>
> I assume you have installed the W2K fixes that allow your domain controller
> to load the XP SP2 .adm files without the error messages. The good news is
> that this fixes the appropriate bug in W2K. However, some of the new policy
> settings (the ones you have mentioned, plus some for Internet Explorer) use
> the LISTBOX ADDITIVE statement in their definition which are not associated
> with "version 5" within the .adm file (for those of you familiar with that
> syntax). Without going into the gory details (we plan a KB article to do
> just that!!), this was the underlying issue we needed to fix. We were able
> to do this "in full" for both XP and Windows Server 2003 (both fix the error
> messages and make the LISTBOX ADDITIVE policy settings manageable from
> GPEdit). However, for Windows 2000 we were able to fix the error messages
> but this platform does not support management of the LISTBOX ADDITIVE policy
> settings.
>
> The net result of all this is as you state - these policy settings can be
> edited from GPEdit running on Windows Server 2003 or Windows XP, but not
> from Windows 2000. Just to avoid any possible confusion that does NOT mean
> that there any issues managing XP SP2 clients (which support these Windows
> Firewall policy settings) in a Windows 2000 domain - that works just fine.
> It's the EDITING of the GPOs where you can't use Windows 2000. Our
> recommendation remains to manage GPOs from an administrative workstation,
> rather than from the server.
>
> I hope that helps.
>
> --
> Mark Williams
> Program Manager, Group Policy
> http://www.microsoft.com/technet/grouppolicy
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> "nikl" <nikl@discussions.microsoft.com> wrote in message
> news:E9446053-6AEE-40AF-9548-B7267CB96F50@microsoft.com...
> > The new group policy adm files from XPSP2 imported to 2000 server gpo. Got
> > one minor problem, It seems all registry settings are avaible exept two of
> > them.
> >
> > Computer Configuration\Administrative Templates\Network\Network
> > Connections\Windows Firewall\Domain Profile\Windows Firewall: Define
> > program
> > exceptions and Windows Firewall: Define port exceptions
> >
> > I can't manage them or see them when running from server (gpo edit),
> > however
> > running from a client (XPSP2) via mmc it works.
> >
> > Are this only edit able from XPSP2 ?
>
>
>
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

nikl wrote:

> The new group policy adm files from XPSP2 imported to 2000 server gpo. Got
> one minor problem, It seems all registry settings are avaible exept two of
> them.
>
> Computer Configuration\Administrative Templates\Network\Network
> Connections\Windows Firewall\Domain Profile\Windows Firewall: Define program
> exceptions and Windows Firewall: Define port exceptions
>
> I can't manage them or see them when running from server (gpo edit), however
> running from a client (XPSP2) via mmc it works.
>
> Are this only edit able from XPSP2 ?
Hi

You might find something here:

From: Mark Williams [MSFT] (markwill@online.microsoft.com)
Subject: Important information about XP SP2 .ADM Files
http://groups.google.com/groups?threadm=%233iFY5jfEHA.596%40TK2MSFTNGP11.phx.gbl

From: Mark Williams [MSFT] (markwill@online.microsoft.com)
Subject: XP SP2 ADM File-Related Fixes Available From PSS
http://groups.google.com/groups?threadm=utTaMLwfEHA.2592%40tk2msftngp13.phx.gbl

From: Mark Williams [MSFT] (markwill@online.microsoft.com)
Subject: XP SP2 Version of Group Policy Reference Spreadsheet available
http://groups.google.com/groups?threadm=%23bTLC%23jfEHA.3676%40TK2MSFTNGP12.phx.gbl

Known issues with the client administrative tools in Windows XP SP2
http://support.microsoft.com/default.aspx?scid=kb;en-us;870703


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx