|
Posted by Roger Abell [MVP] on August 21, 2007, 2:27 am
If you were Registered and logged in, you could reply and use other advanced thread options >
> Thanks for your insight..I want to find how each Windows Firewall GPO
> setting located in
> GROUP POLICY\Computer Configuration\Administrative Templates
> \Network Connections\Windows Firewall
> is configured [whether set to Enabled/Disabled] using a script that
> will read Registry values that store these.
>
> Couple of things -
> 1] The spreadsheet "PolicySettings.xls" [I mentioned in my 1st post]
> gives all the registry values associated with a Windows Firewall GPO
> Setting. Is there a source that gives which exactly which Registry
> value(s) store(s) each setting ?
>
I for one am having a hard time determining what you mean by that
last question. PolicySettings.xls collects together the policies that
may be set due to one of the adm/admx files. If you want the fully
detail as to the registry entry set or the predefined values gpedit
shows for selection (for some of the policies) then read the adm/admx
file as it is all in there.
> 2] Roger wrote "You know, the most quick way to answer these sorts
> of things is to
> set up a brief experiment. "
>
Yes, I did, but it also was a general comment.
At that point it was not clear to me that you were only concerned
about the Windows firewall.
If you are wanting to see the details of the current firewall config,
and see whether the domain or standalone policy is in use, then
for XP and later you should know about the firewall context of the
netsh command. There is also an API if you code.
> There are multiple interfaces using which Remote Desktop Exception can
> be configured. So, the effect of changing the Policy setting in GPO
> Editor is not readily visible.
??
That is not my experience, at least if you use gpudate to make
the altered GPO effective.
> These settings are available in the GPO Editor & the effect of Remote
> Desktop Exception is also possible through the My Computer>Properties-
> Remote Tab
>
The Remote tab in System properties only allow for enabling/disabling
Remote Desktop and for management of the members in the group called
Remote Desktop Users. These are not the firewall setting related to
Remote Desktop exception, but the Remote Desktop config itself .
However that dialog in System properties does tweak the firewall
exception so it is consistent with enabling RD usage.
But, are you not now changing the topic ?
Previously you were talking about the firewall remote management
exception, which, as far as I have noticed, is only initially available
via the group policy setting.
> I'm not aware if there are other interfaces that bring about the same
> effect as the other Windows Firewall GPO settings too
The main interface for the firewall? i.e. in the properties of the
network connectoids.
> Is there any way to see the effect of changing the GPO settings only
> without any influence from other places where they are set? Setting
What is that asking?
If there are multiple interfaces that impact the same settings,
how could they not be influencing the same thing ?
Again, for the Windows firewall try the show command in the
netsh firewall context. Start / run cmd and in the cmd window
enter netsh and then at the netsh prompt enter firewall. Then
at the netsh firewall context prompt enter show to see what
commands you can use to examine the run state and config of
the Windows firewall.
If you make a change in a GPO and use gpupdate to force the
application of the GPO so it is effective, then the netsh firewall
context will show that effect.
> up an experiment will be a lot easier then.
>
| 
XML site map