network locations

[James Bond]

What is the go with network locations ?

It is stuffing up my firewall group policies from applying. How is
this all supposed to work ?

I am now connected as public.. how does it determine this ?

 

[Malke]

What is the go with network locations ?

It is stuffing up my firewall group policies from applying. How is
this all supposed to work ?

I am now connected as public.. how does it determine this ?

It would be helpful to know:

1. How your network is set up;
2. What error messages you get (quoted, not paraphrased);
3. What firewall you're running;
4. If this is a domain member workstation and if yes, what server OS you
have.

Basically, a private network is a Local Area Network that is trusted.
Private will allow you to share files/printers. A public network is one
that is exposed. For instance, you'd want to use "public" with a standalone
computer connected directly to a cable/dsl modem. If this is a home
computer on a network where you want to share files/printers with other
computers on the network or a domain member that must connect to the
server, set the properties on that network to "private".

Malke

 

[James Bond]

We are running AD 2003 functional, with Vista clients.

I am deploying firewalls via group policies. I am trying to prevent
users opening up ports for network games or other services on our LAN.

I believe users have the ability to select which profile they use. This
does not help me, as users then have the ability to choose the profile
with lax security while on our lan and still enjoying hosting games.

I have all 3 profiles set, domain, private and public. Domain and
private are set with same settings. No local settings are read.

Public profile also reads the local rules so users can setup and host
services while outside our lan. They own their computers and this is
seen as reasonable.


Anything I can do ?

 

[Malke]

We are running AD 2003 functional, with Vista clients.

I am deploying firewalls via group policies. I am trying to prevent
users opening up ports for network games or other services on our LAN.

I believe users have the ability to select which profile they use. This
does not help me, as users then have the ability to choose the profile
with lax security while on our lan and still enjoying hosting games.

I have all 3 profiles set, domain, private and public. Domain and
private are set with same settings. No local settings are read.

Public profile also reads the local rules so users can setup and host
services while outside our lan. They own their computers and this is
seen as reasonable.

The main problem here is that you've allowed users to have local
administrative privileges. You can't have it both ways. Either you set up
the laptops securely (recommended) or you will have problems. Having
unsecured laptops where users can install all sorts of malware at home and
then come and connect to your company network is the proverbial Recipe For
Disaster. So what is truly reasonable? Letting the users do what they want
or letting them trash your network workstations and servers? One solution
is to purchase company laptops which you will then configure correctly
(securely) and outlaw personal laptops completely.

As for blocking games, etc. you should have some sort of edge
security/firewall appliance. Even if you are a small business, you can
afford one of the lower-tier SonicWall boxen for example. Another option if
you have an older workstation lying around is to install something like
Untangle on it - http://www.untangle.com/.

I suggest you post in one of the server newsgroups to see how other
sysadmins manage this very common issue.

http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.windows.server.general

If you continue with your current setup, I strongly suggest you image a
clean workstation and your server regularly. Store the images on a
device/computer that is not regularly connected to the network where it can
become infected. I really like the Acronis enterprise programs for this
kind of work.

Best of luck to you,

Malke