It is a Terminal Server which is available from internet(our users can use
some of our intranet services through internet on that specific Terminal
Server). We want to limit access from that server to only certain cervices,
fom example some Intranet pages(because of our Security Policy).
We found that it has some issue with applying proxy settings managed by GPO
when it is in that isolated network on normal network before isolating GPO
settings were applied normally. We have opened some ports to Domain
Controllers so that users are for example able to authenticate with Domain
credentials.
Network analysator shows that Domain Controllers tries to communicate with
that server through ports 3179 tcp, 3180 tcp, 3242 tcp and 3243 tcp should
we open those port, are those ports necessary for group policies or for some
other reason?
Kind regards,
Petri Siiskonen
--
Petri S
"Steve Riley [MSFT]" wrote:
> Are you trying to protect that server from other computers in the network?
> Will any other computers in the network need to connect with this server?
> Give us an idea _why_ you've isolated this server.
>
> --
> Steve Riley
> (E-Mail Removed)
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
> "Petri S" <(E-Mail Removed)> wrote in message
> news:FDB79128-B9B3-44A1-B4B9-(E-Mail Removed)...
> > Point is to open only necessary ports between server and domain
> > controllers
> > needed the server to function correctry. It is totally isolated from
> > normal
> > workstations and servers.
> >
> > --
> > Petri S
> >
> >
> > "Bill Grant" wrote:
> >
> >> This all seems pretty pointless to me. What is the point of having a
> >> firewall at all if you just keep opening more and more ports?
> >>
> >> "Petri S" <(E-Mail Removed)> wrote in message
> >> news:06F7C7B6-494E-43CD-84D0-(E-Mail Removed)...
> >> > We have server that is partly isolated from domain network.
> >> > We have had problems with some gpo settings(proxy settings). Setting
> >> > are
> >> > fine until computer is moved to that isolated network. After computer
> >> > is
> >> > moved to that network it seem to lose proxy setting which are defined
> >> > per
> >> > computer using Group policy loop back processing mode.
> >> >
> >> > Network analysator shows that Domain Controllers tries to communicate
> >> > with
> >> > that server through ports 3179 tcp, 3180 tcp, 3242 tcp and 3243 tcp
> >> > should
> >> > we open those port? We have already opened port found from that list:
> >> > http://go.microsoft.com/fwlink/?linkid=21179
> >> >
> >> > Kind regards,
> >> >
> >> > Petri S
> >> >
> >> > --
> >> > Petri S
> >>
> >>
> >>
>
Similar Threads
Linear Mode
