Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

No access into Vista RTM from Domain

microsoft.public.windows.vista.networking sharing






Speedup My PC
Reply
  #1 (permalink)  
Old 12-08-2006
=?Utf-8?B?RnJhbmtsaW4=?=
 

Posts: n/a
No access into Vista RTM from Domain
We have two clients running Windows Vista RTM. Both are joined to Windows
2003 domain. Both clients can ping XP and 2003 server stations as well as
browse their shares. However, a ping or share browsing from any server or XP
station to either of the Vista clients does not work. The ping will resolve
the name of the Vista client, but will timeout on the response. Firewall is
disabled on both clients by Group Policy. The users that are logged into the
Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
greatly appreciated.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 12-11-2006
=?Utf-8?B?U3R1YXJ0IFtNVlBd?=
 

Posts: n/a
RE: No access into Vista RTM from Domain
The new firewall in Vista disablew ICMP (ping) by default. I believe you
either have to use the firewall MMC (Admin tools) or a netsh command to
enable that as it's not exposed by the user-level firewall UI. Even if you
turn off the firewall I'd suspect you have to enable network discovery, file
and folder sharing in the Network and Sharing Center.

Stuart.
---------

"Franklin" wrote:

> We have two clients running Windows Vista RTM. Both are joined to Windows
> 2003 domain. Both clients can ping XP and 2003 server stations as well as
> browse their shares. However, a ping or share browsing from any server or XP
> station to either of the Vista clients does not work. The ping will resolve
> the name of the Vista client, but will timeout on the response. Firewall is
> disabled on both clients by Group Policy. The users that are logged into the
> Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
> greatly appreciated.

Reply With Quote
  #3 (permalink)  
Old 12-11-2006
=?Utf-8?B?RnJhbmtsaW4=?=
 

Posts: n/a
RE: No access into Vista RTM from Domain
Thanks for the response Stuart.

The firewall service is not running and Network Discovery, File Sharing, and
Printer Sharing are all set to On, but still have the same problem.

It is a very frustrating issue and I have seen other people run into it, but
no one has posted a resolution.

Thanks,
Franklin

"Stuart [MVP]" wrote:

> The new firewall in Vista disablew ICMP (ping) by default. I believe you
> either have to use the firewall MMC (Admin tools) or a netsh command to
> enable that as it's not exposed by the user-level firewall UI. Even if you
> turn off the firewall I'd suspect you have to enable network discovery, file
> and folder sharing in the Network and Sharing Center.
>
> Stuart.
> ---------
>
> "Franklin" wrote:
>
> > We have two clients running Windows Vista RTM. Both are joined to Windows
> > 2003 domain. Both clients can ping XP and 2003 server stations as well as
> > browse their shares. However, a ping or share browsing from any server or XP
> > station to either of the Vista clients does not work. The ping will resolve
> > the name of the Vista client, but will timeout on the response. Firewall is
> > disabled on both clients by Group Policy. The users that are logged into the
> > Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
> > greatly appreciated.

Reply With Quote
  #4 (permalink)  
Old 12-12-2006
=?Utf-8?B?RnJhbmtsaW4=?=
 

Posts: n/a
RE: No access into Vista RTM from Domain
RESOLUTION:
The sssue was caused by the Windows Firewall service not running (ie -
Stopped). When we manually attempted to start the service, we received error
1297.

We were able to narrow it down to one setting in Group Policy: User Rights
Assignment -> Adjust memory quotas for a process.

The security setting for this option is usually set to Local Service,
Network Service, Administrators. In our case, our domain policy edits this
setting to only include Administrattors.

By changing the policy so that this setting is not configured, it is
automatically set back to the default.

After a reboot of the pc and a gpupdate which we run at logon, we saw our
Firewall Service was started. Now we are able to Turn Off the firewall via
the Network Center, but leave the service running.

With this in place, we can ping and browse admin shares from any pc to our
vista clients.

"Franklin" wrote:

> Thanks for the response Stuart.
>
> The firewall service is not running and Network Discovery, File Sharing, and
> Printer Sharing are all set to On, but still have the same problem.
>
> It is a very frustrating issue and I have seen other people run into it, but
> no one has posted a resolution.
>
> Thanks,
> Franklin
>
> "Stuart [MVP]" wrote:
>
> > The new firewall in Vista disablew ICMP (ping) by default. I believe you
> > either have to use the firewall MMC (Admin tools) or a netsh command to
> > enable that as it's not exposed by the user-level firewall UI. Even if you
> > turn off the firewall I'd suspect you have to enable network discovery, file
> > and folder sharing in the Network and Sharing Center.
> >
> > Stuart.
> > ---------
> >
> > "Franklin" wrote:
> >
> > > We have two clients running Windows Vista RTM. Both are joined to Windows
> > > 2003 domain. Both clients can ping XP and 2003 server stations as well as
> > > browse their shares. However, a ping or share browsing from any server or XP
> > > station to either of the Vista clients does not work. The ping will resolve
> > > the name of the Vista client, but will timeout on the response. Firewall is
> > > disabled on both clients by Group Policy. The users that are logged into the
> > > Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
> > > greatly appreciated.

Reply With Quote
  #5 (permalink)  
Old 12-18-2006
Bruce Sanderson
 

Posts: n/a
Re: No access into Vista RTM from Domain
Good to see you got your network working with Vista. A couple of questions
for my enlightenment:

1. Group policies are always refreshed during the Windows startup process,
so I'm puzzled by "a gpupdate which we run at logon". Is there a particular
problem that doing this in a startup script as well solves?

2. Vista (and XP SP2, Windows 2003 SP1) networking all works with the
Windows Firewall enabled - I do this on all my computers at home and also at
work If you take "special" action, you can also have the benefit of having
the Windows Firewall enabled on Windows 2003 SP1 Domain Controllers (see KB
article 555381), so I'm wondering why you want to disable it.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"Franklin" <Franklin@discussions.microsoft.com> wrote in message
news:6CC9042E-5B41-44F6-8E4C-AFF239F3613C@microsoft.com...
> RESOLUTION:
> The sssue was caused by the Windows Firewall service not running (ie -
> Stopped). When we manually attempted to start the service, we received
> error
> 1297.
>
> We were able to narrow it down to one setting in Group Policy: User Rights
> Assignment -> Adjust memory quotas for a process.
>
> The security setting for this option is usually set to Local Service,
> Network Service, Administrators. In our case, our domain policy edits this
> setting to only include Administrattors.
>
> By changing the policy so that this setting is not configured, it is
> automatically set back to the default.
>
> After a reboot of the pc and a gpupdate which we run at logon, we saw our
> Firewall Service was started. Now we are able to Turn Off the firewall
> via
> the Network Center, but leave the service running.
>
> With this in place, we can ping and browse admin shares from any pc to our
> vista clients.
>
> "Franklin" wrote:
>
>> Thanks for the response Stuart.
>>
>> The firewall service is not running and Network Discovery, File Sharing,
>> and
>> Printer Sharing are all set to On, but still have the same problem.
>>
>> It is a very frustrating issue and I have seen other people run into it,
>> but
>> no one has posted a resolution.
>>
>> Thanks,
>> Franklin
>>
>> "Stuart [MVP]" wrote:
>>
>> > The new firewall in Vista disablew ICMP (ping) by default. I believe
>> > you
>> > either have to use the firewall MMC (Admin tools) or a netsh command to
>> > enable that as it's not exposed by the user-level firewall UI. Even if
>> > you
>> > turn off the firewall I'd suspect you have to enable network discovery,
>> > file
>> > and folder sharing in the Network and Sharing Center.
>> >
>> > Stuart.
>> > ---------
>> >
>> > "Franklin" wrote:
>> >
>> > > We have two clients running Windows Vista RTM. Both are joined to
>> > > Windows
>> > > 2003 domain. Both clients can ping XP and 2003 server stations as
>> > > well as
>> > > browse their shares. However, a ping or share browsing from any
>> > > server or XP
>> > > station to either of the Vista clients does not work. The ping will
>> > > resolve
>> > > the name of the Vista client, but will timeout on the response.
>> > > Firewall is
>> > > disabled on both clients by Group Policy. The users that are logged
>> > > into the
>> > > Vista clients are Domain Admins, Enterprise Admins, etc. Any help
>> > > would be
>> > > greatly appreciated.


Reply With Quote
  #6 (permalink)  
Old 01-04-2007
=?Utf-8?B?b3JwaDM1MQ==?=
 

Posts: n/a
RE: No access into Vista RTM from Domain
Franklin,

I am getting the error 1297 when trying to start the firewall service. I
found the group policy object you mentioned, but have no option to change it
to not configured.

Where do you make the change?

Or


"Franklin" wrote:

> RESOLUTION:
> The sssue was caused by the Windows Firewall service not running (ie -
> Stopped). When we manually attempted to start the service, we received error
> 1297.
>
> We were able to narrow it down to one setting in Group Policy: User Rights
> Assignment -> Adjust memory quotas for a process.
>
> The security setting for this option is usually set to Local Service,
> Network Service, Administrators. In our case, our domain policy edits this
> setting to only include Administrattors.
>
> By changing the policy so that this setting is not configured, it is
> automatically set back to the default.
>
> After a reboot of the pc and a gpupdate which we run at logon, we saw our
> Firewall Service was started. Now we are able to Turn Off the firewall via
> the Network Center, but leave the service running.
>
> With this in place, we can ping and browse admin shares from any pc to our
> vista clients.
>
> "Franklin" wrote:
>
> > Thanks for the response Stuart.
> >
> > The firewall service is not running and Network Discovery, File Sharing, and
> > Printer Sharing are all set to On, but still have the same problem.
> >
> > It is a very frustrating issue and I have seen other people run into it, but
> > no one has posted a resolution.
> >
> > Thanks,
> > Franklin
> >
> > "Stuart [MVP]" wrote:
> >
> > > The new firewall in Vista disablew ICMP (ping) by default. I believe you
> > > either have to use the firewall MMC (Admin tools) or a netsh command to
> > > enable that as it's not exposed by the user-level firewall UI. Even if you
> > > turn off the firewall I'd suspect you have to enable network discovery, file
> > > and folder sharing in the Network and Sharing Center.
> > >
> > > Stuart.
> > > ---------
> > >
> > > "Franklin" wrote:
> > >
> > > > We have two clients running Windows Vista RTM. Both are joined to Windows
> > > > 2003 domain. Both clients can ping XP and 2003 server stations as well as
> > > > browse their shares. However, a ping or share browsing from any server or XP
> > > > station to either of the Vista clients does not work. The ping will resolve
> > > > the name of the Vista client, but will timeout on the response. Firewall is
> > > > disabled on both clients by Group Policy. The users that are logged into the
> > > > Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
> > > > greatly appreciated.

Reply With Quote
  #7 (permalink)  
Old 01-06-2007
Bruce Sanderson
 

Posts: n/a
Re: No access into Vista RTM from Domain
I suspect what was meant is "Not Defined". Most GPO settings have "Not
Configured", "Enabled" or "Disabled" settings, but those in User Rights
Assignment are either "Defined" or "Not Defined".

Double click on "Adjust memory quotas for a process" and remove the check
mark from "Define these policy settings".

If you are looking at the "Local Security Policy" on a Vista workstation (as
opposed to a Group Policy in a Domain via Group Policy Management Console) -
e.g. Start, Administrative Tools, right click Local Security Policy, select
Run as Administrator - the only choice you have is to modify the group
list - there is no check box as there is with GPMC in a Domain.

The default groups with this "right" are:
Administrators
LOCAL SERVICE
NETWORK SERVICE

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"orph351" <orph351@discussions.microsoft.com> wrote in message
news:FC325631-643C-4C30-9CEC-BAE289E33376@microsoft.com...
> Franklin,
>
> I am getting the error 1297 when trying to start the firewall service. I
> found the group policy object you mentioned, but have no option to change
> it
> to not configured.
>
> Where do you make the change?
>
> Or
>
>
> "Franklin" wrote:
>
>> RESOLUTION:
>> The sssue was caused by the Windows Firewall service not running (ie -
>> Stopped). When we manually attempted to start the service, we received
>> error
>> 1297.
>>
>> We were able to narrow it down to one setting in Group Policy: User
>> Rights
>> Assignment -> Adjust memory quotas for a process.
>>
>> The security setting for this option is usually set to Local Service,
>> Network Service, Administrators. In our case, our domain policy edits
>> this
>> setting to only include Administrattors.
>>
>> By changing the policy so that this setting is not configured, it is
>> automatically set back to the default.
>>
>> After a reboot of the pc and a gpupdate which we run at logon, we saw our
>> Firewall Service was started. Now we are able to Turn Off the firewall
>> via
>> the Network Center, but leave the service running.
>>
>> With this in place, we can ping and browse admin shares from any pc to
>> our
>> vista clients.
>>
>> "Franklin" wrote:
>>
>> > Thanks for the response Stuart.
>> >
>> > The firewall service is not running and Network Discovery, File
>> > Sharing, and
>> > Printer Sharing are all set to On, but still have the same problem.
>> >
>> > It is a very frustrating issue and I have seen other people run into
>> > it, but
>> > no one has posted a resolution.
>> >
>> > Thanks,
>> > Franklin
>> >
>> > "Stuart [MVP]" wrote:
>> >
>> > > The new firewall in Vista disablew ICMP (ping) by default. I believe
>> > > you
>> > > either have to use the firewall MMC (Admin tools) or a netsh command
>> > > to
>> > > enable that as it's not exposed by the user-level firewall UI. Even
>> > > if you
>> > > turn off the firewall I'd suspect you have to enable network
>> > > discovery, file
>> > > and folder sharing in the Network and Sharing Center.
>> > >
>> > > Stuart.
>> > > ---------
>> > >
>> > > "Franklin" wrote:
>> > >
>> > > > We have two clients running Windows Vista RTM. Both are joined to
>> > > > Windows
>> > > > 2003 domain. Both clients can ping XP and 2003 server stations as
>> > > > well as
>> > > > browse their shares. However, a ping or share browsing from any
>> > > > server or XP
>> > > > station to either of the Vista clients does not work. The ping will
>> > > > resolve
>> > > > the name of the Vista client, but will timeout on the response.
>> > > > Firewall is
>> > > > disabled on both clients by Group Policy. The users that are
>> > > > logged into the
>> > > > Vista clients are Domain Admins, Enterprise Admins, etc. Any help
>> > > > would be
>> > > > greatly appreciated.


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vista just doesn't do it Papa microsoft.public.windows.vista.general 27 03-04-2007 08:42
Is Vista crippled by DRM? Eddie Bauer microsoft.public.windows.vista.general 11 03-03-2007 03:50
Vista backup question for MVPs Malcolm H microsoft.public.windows.vista.general 13 03-02-2007 05:36
Dave Pogue Reviews Vista in the NYT "Vista Wins on Looks. As for lacks..." Chad Harris microsoft.public.windows.vista.general 28 03-01-2007 20:46
Re: can't access vista shares Brad microsoft.public.windows.vista.networking sharing 0 12-03-2006 07:35




All times are GMT +1. The time now is 02:41.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120