While doing some GPO work today and setting up some firewall inbound rules that I want distributed through GP I became confused between these two GPs. They function very similarly, yet I couldn't find any differences.
Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound Rules
and
Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Define Inbound Port Exception
So, what are their diffrences?
The two different Group Policy locations for Windows Firewall settings are due to feature differences in the Windows Firewall itself between older and newer Windows OS versions.
If you are using Windows Vista/Windows 7/Windows Server 2008 or newer operating systems, use this Group Policy path to configure Firewall policies, as these operating systems have the Windows Firewall "with Advanced Security":
Computer Configuration > Policies > Windows Settings > Security
Settings > Windows Firewall with Advanced Security > Inbound Rules
If you are using Windows XP or Windows Server 2003, use only the Group Policy path below to configure Firewall policies. Reason is because these older operating systems have the older Windows Firewall without the "Advanced Security", and only the Group Policy path shown below will work with these older systems.
Computer Configuration > Policies > Administrative Templates >Network>
Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Define Inbound Port Exception
I navigated through a ton of research and stumbled across the answer inside this Windows Server 2008 Firewall training video by ITFreeTraining (published on 9/05/2011), where it is explained at the 25:45 mark: Windows Server 2008 Firewall
Unrelated, but since this is a coding Q&A site, you might want to take a look at managing Group Policy through PowerShell.
Related
I am trying to access the SSRS web portal. I have SQL Server and Report Server installed on laptop with Windows 10. I want to access this from another laptop running windows 11 that is connected to the same home internet network.
The web portal works fine when I access it from the computer running Report Server:
But when I try to access the url from another the other computer on the same network, the page just doesn't load:
I tried to follow the instructions from this site: https://askgarth.com/blog/why-cant-i-access-my-ssrs-site-remotely/
I opened port 80 TCP protocol in windows firewall to allow connections.
I think that the issue may be the profile to which the rule applies:
The instructions I tried to follow said to open up the Domain. I also tried the Private option and still no luck.
I'm nervous about opening up ports on my firewall. But how can I set this up to access the Report Server from another computer on my network?
I've just checked my setup which is basically the same...
'Server' Desktop running Windows 10 Pro: Hosts SQL Server 2019 and SSRS
'Client' Desktop running Windows 11: Accessing SSRS from here
I checked the 'server' PC and the only SQL specific ports that are open are TCP port 1433 to allow me to access the database engine via SSMS etc from the 'client' PC and TCP port 80 (both are setup to domain + private although domain should be irrelevant)
I don't normally access the SSRS portal from the 'client' but it did work in as far as it said I do not have access to any reports, but it was showing the web portal page itself just fine.
You have probably done all this but here are a few things you could try...
Check if your version of Win10 is supported. If it's Win10 home for example it may not support everything required but this is just a guess.
Ping the server from the host and make sure you get a response (assuming PING response has not been turned off)
Check server firewall allows incoming on ports TCP 80 and TCP 1433 (1433 should not be required but you can always switch this off later)
Attempt access using the server ip e.g. http://192.168.1.123/Reports
If this all fails, turn off the windows firewall and test again. You can always disconnect your router from the internet whilst you do this to be safe. If this works then you at least know it's a firewall issue.
Check if you have any 3rd party anti-virus software that might be acting as a firewall - turn off and test again.
I'm new to the Hyper-V and trying to setup a lab. Here is my setup:
Cisco switch with a SPAN port (configured to mirror in/out, replicate the encapsulation, source port for the span is a trunk). I verified that I see all packets on the SPAN port
Server with Hyper-V VM that has two NICs. One is for general connectivity, the other is configured as a mirror destination. Vlan identification is disabled. Mapped to a virtual switch
Virtual switch is mapped to a dedicated server port connected to the Cisco SPAN port. OS sharing is allowed. VLAN identification is disabled. NDIS capture is enabled but NDIF also lists an errors in the window: "The Selected Extension is not operating correctly. Check the event logs for further information. If this is a non-Microsoft Extention, contact the vendor for further troubleshooting steps."
Server NIC is configured as a Hyper-V source as explained here: https://cloudbase.it/hyper-v-promiscuous-mode/
I can only see traffic from the server on the VM port. Nothing from the SPAN.
Is it even possible to setup what I'm trying to achieve? If so, am I missing something?
Thank you very much
VM NIC:
VSwitch:
My application that runs on machine in domain uses TransactionScope (that relies on MS DTC). SQL Server runs on machine not included in domain. How to enable cooperation of MS DTC on computers that are in domain and computers not running in a Windows domain?
MSDN
When Microsoft Distributed Transaction Coordinator (MS DTC) computers are not running in a Windows domain, distributed transactions fail by default because the remote procedure call (RPC) security that MS DTC uses cannot be used in this environment. The same condition applies to MS DTC computers that are in untrusted domains. In Windows Server 2003 and Windows Server 2008, RPC security is not turned off. Therefore, distributed transactions fail in a workgroup environment or in untrusted domains
Open dcomcnfg
In the Distributed Transaction Coordinator folder under My Computer, right-click Local DTC, and then click Properties
on Security tab select the Network DTC Access check box, and then select No Authentication Required
I'm having trouble connecting to a local server hosted on a MacBook/MAMP. My .NET application (running on a Windows computer) smoothly connects to another Windows machine (MySQL server) with the same connection string "server=[computer's name]; user id=xxxx; password=xxxx; database=xxxx" but when I use this MacBook's name, I get the following error:
"Unable to connect to any of the specified MySQL hosts"
Note: File Sharing is turned on
Please help.
For those who might experience the same issue, the problem was that my MacBook wasn't visible to Windows machines. Go to System Preferences > Sharing > File Sharing > Options and check your Account and Share files and folders using SMB.
I have a windows server 2003, I disabled the firewall with the remote desktop, enable it and I lost the access to my machine (and my sites). I was wondering if there is any backdoor to bypass firewall in situations like this, so if something goes wrong, I could fix it remotely.
In linux for example, there is ssh reverse tunneling which I have enable it and in similar situations I could connect anyway and fix any problem I created.
I don't know how much your firewall is configured, but in case WMI is still working, you can open your local "Services" Management Console, connect to your remote computer, and stop the Windows Firewall Service.
If you install e.g. Teamviewer, you can also connect to because Teamviewer usually creates the firewall rules on it's own.