Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Active firewall profile incorrect

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 12-14-2006
=?Utf-8?B?TWljaw==?=
 

Posts: n/a
Active firewall profile incorrect
On an SBS 2003 domain with a vanilla RTM Vista, the default firewall
configuration works fine but as soon as I set Outbound to block and then
reboot, things start breaking. The Network is seen as Public so discovery and
sharing are all disabled and Network shares are all disconnected.

Can I manually override the Active Firewall Profile and set it to Domain?
Is there a simple connection or Outbound rule I'm missing?

The logs show plenty being blocked but the profile is public so I'm
reluctant to start creating rules until I get the active profile right.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 12-15-2006
=?Utf-8?B?TWljaw==?=
 

Posts: n/a
RE: Active firewall profile incorrect
A little bit more research and I managed to sort out my own dramas. Possibly
shouldn't have posted but I thought someone out there could fast track a
solution.

For anyone in a similar boat, this is how I resolved it but it isn't
necessarily the best method. The bottom line is Vista's firewall is awesome
and highly configurable but does lack a few user friendly things. Many think
it should have a prompt to allow Outbound programs access on the fly but I
disagree now I've played with it. This is a problem with other firewalls in
so far as enyone can allow anything with a single click. Vista is far
superior, turn on Outbound blocking and it works, everything is blocked until
you specifically allow it - a real firewall - nice!

I personally think some more default rules should be applied so Domain
access still works when you do block Outbound access and that the logs should
say what programs requested access but apart from that, I have no complaints.
I'm not sure how you add rules on a Corporate Network using policies or
scripts but I'm sure it can be done.

Anyway, I digress. Turn on logging of dropped packets for all profiles. Note
the time and reboot. Check the logs and see what ports were blocked during
logon. Look up the common ports website and decide what should be allowed.

Unfortunately, I had to open the actual ports rather than a specific program
as I have no idea what process or program is using the port but all this is
manageable within the rule's properties. This means any program can also use
the ports but it's still better than no Outbound security.

To get the Domain logon working correctly, I opened the following ports
using All Ports for the Local Port and Specific Port for the Remote Port.

DNS - Port 53 UDP
DCE Endpoint Resolution - Port 135 TCP
NETBIOS - Ports 137, 138, 139 TCP and UDP

I rebooted as I added each rule and after adding the above rules, I could no
longer logon to the Domain at all. The Trusted connection between Vista and
the SBS Server failed! I nearly gave up at this stage but perservered, logged
on as the local administrator and added the last rule required to make
everything work.

Kryptolan - Port 389 TCP and UDP

Vista rocks but I've burnt plenty of valuable drinking time ****ing with
it...hope this helps someone.

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vista / XP firewall =?Utf-8?B?TWlrZSBILg==?= microsoft.public.windows.vista.networking sharing 1 03-01-2007 07:28
RE: Disable Windows Firewall when first joining Vista to an Ad domain =?Utf-8?B?QW5keSBQYXVs?= microsoft.public.windows.vista.networking sharing 1 02-28-2007 03:57
Windows Firewall Problem =?Utf-8?B?TWFya1NK?= microsoft.public.windows.vista.networking sharing 0 02-19-2007 20:34
Firewall Issue with Vista =?Utf-8?B?TG9ubmllZA==?= microsoft.public.windows.vista.networking sharing 0 02-09-2007 23:36
finding IP number or something else of network printer for firewall m j o microsoft.public.windows.vista.networking sharing 2 02-07-2007 21:45




All times are GMT +1. The time now is 18:22.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120