Generally you don't configure the Windows Firewall on the domain controllers
on domain controllers or WSUS server but it should not interfere with Group
Policy if configured on domain client computers though often there is an
exception for file and print sharing and remote administration from
computers used for domain administration and domain controllers if you are
using Computer Management to manage computers, scanning with MBSA, or
running RSOP on them. One thing that often helps is to enable the firewall
log on a couple affected computers and then looking in the firewall logs for
dropped traffic that would show from what IP address/port/protocol. Group
Policy is pulled by domain computers when foreground or background refresh
is done and the Windows Firewall should not interfere since it is stateful
and traffic in response to what they initiated would not be blocked . ---
Steve


<striffy@gmail.com> wrote in message
news:1132543152.477776.243690@g44g2000cwa.googlegr oups.com...
> Hi All.
> In process of testing XP SP2 on Windows 2003 AD.
> Been testing with wireless XP machine with firewall on, default
> settings.
> Is there a knowledge base or recommended settings for the firewall to
> let AD work.
> Without configuration, Group Policies aren't being applied, WSUS also
> can't connect.
> I've enable all ICMP packets to be allowed, this seems to have helped
> somewhat but still unable to manage the computer from GPMC.
> If I turn off the firewall everything works fine.
>
>
> Thanks
>