JSI Tip 10249. How do I create a Windows NT 4.0 system policy to manage Windows Firewall in a Windows NT 4.0 domain?
March 8, 2006
Microsoft Knowledge Base Article 897100 contains the following summary and introduction:
SUMMARY
Domain administrators typically use Group Policy to manage the Windows Firewall program that is included with Microsoft Windows XP Service Pack 2 (SP2). However, Microsoft Windows NT 4.0 does not support Group Policy. Administrators cannot manage Windows Firewall by using Group Policy in a Windows NT 4.0 domain. To resolve this issue, Microsoft provides a policy template that you can use with a Windows NT 4.0 system policy to manage Windows Firewall in a Windows NT 4.0 domain. This article discusses the following tasks:
• | How to create a Windows NT 4.0 system policy to manage Windows Firewall |
---|---|
• | How to replicate the new system policy from the primary domain controller (PDC) to all backup domain controllers (BDCs) in the domain |
• | How to apply the new system policy on Windows XP SP2-based client computers |
INTRODUCTION
This article discusses how to download the Windows Firewall policy template and how to create a Windows NT 4.0 system policy to manage Windows Firewall in a Windows NT 4.0 domain. The following concepts relate to these tasks:
• | In a Windows NT 4.0 domain, you cannot add computers togroups. You have to use one of the following methods to apply a system policyto computers: Note The procedures in this article use the Default Computer object to apply system policy settings to all computers in the domain. |
---|---|
• | Windows Firewall has two profiles, the domain profile andthe standard profile. These profiles can be managed by using system policies. In aWindows NT 4.0 domain, the computer always loads the standard profile.Note In Windows XP SP2, the Network Location Awareness servicedetermines whether the connection-specific Domain Name System (DNS) suffix andthe primary DNS suffix match. If these suffixes match, Windows Firewall loadsthe domain profile. Otherwise, Windows Firewall loads the standard profile. Ina Windows NT 4.0 domain, the connection-specific DNS suffix and the primary DNSsuffix do not match. Therefore, Windows Firewall always loads the standardprofile. |
• | When you set exceptions in Windows Firewall, you must setthe scope. The scope setting controls the IP addresses from which to acceptunsolicited traffic. Eachexception has its own scope setting. |
About the Author
You May Also Like