> I believe the "domain" settings are only used when the machine can
> actually contact the domain. Otherwise, the stronger settings are used.
WinXP SP2 firewall check's the connection specific DNS-suffix from any
connection it has when connected. If the suffix is the same (in any connection)
from where GPO:s where last downloaded it thinks that it is connected to domain.
You can try it yourself. Change the connection spesific DNS-suffix from TCP/IP
properties and voila, Your firewall has changed the profile.
So it windows firewall is also very easy to cheat ;-)
> actually contact the domain. Otherwise, the stronger settings are used.
WinXP SP2 firewall check's the connection specific DNS-suffix from any
connection it has when connected. If the suffix is the same (in any connection)
from where GPO:s where last downloaded it thinks that it is connected to domain.
You can try it yourself. Change the connection spesific DNS-suffix from TCP/IP
properties and voila, Your firewall has changed the profile.
So it windows firewall is also very easy to cheat ;-)
Kind Regards
Mika Weckström
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]