[Samba] XP SP2 firewall does not activate domain profile

Gunther Schlegel schlegel at riege.com
Tue Sep 7 09:55:44 GMT 2004


MS released the wfnt.adm policy template file to create NT4 system
policies that configure the firewall.

The XP SP2 firewall offers two profiles:
- "Domain profile" is used when the computer is connected to a managed
- "Standard profile" is used otherwise

In our totally Samba 3.0.6 based setup the XP SP2 firewall does not
recognize to be on the managed network, instead it always activates the
standard profile.

According to MS Documentation (CableGuy column May 2004) the firewall
decides based on the DNS name of the last domain it received a group
policy from. This name is compared to the DNS name of the network
connection and the domain profile of the firewall should be activated if
both values match.

As NT4 / Samba3 does not support Group Policies there is probably no
"Last group policy DNS domain name". ( At least gpresult gives "not
applicable" ). 

However there must be some way for the firewall to decide -- otherwise
the release of a policy file by MS would be quiet useless.

Does anyone use wfnt.adm with success?

regards, Gunther

Gunther Schlegel                    Riege Software International GmbH
Manager System Administration                            Mollsfeld 10
                                             40670 Meerbusch, Germany
Email: schlegel at riege.com                     Phone: +49-2159-9148-0
                                              Fax:   +49-2159-9148-11
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040907/c80cc061/attachment.bin

More information about the samba mailing list