In group policy there are several settings that configure the Windows firewall. By default these settings only allow members of the local subnet to talk to one another. If you have more than 1 subnet in your domain you will need to make the following changes to Group Policy.
- Windows SBS Client – Windows XP Policy
– Computer Configuration/Administrative Template/Network/Network Connections/Windows Firewall/Domain Profile
– edit Windows Firewall: Allow Inbound Remote Desktop exceptions (should be enabled)
change the value from "localsubnet" to ‘*’
– edit Windows Firewall: Allow inbound remote administration exception (should be enabled)
change the value from "localsubnet" to ‘*’
– edit Windows Firewall: Allow inbound file and printer sharing exception (should be enabled)
change the value from "localsubnet" to ‘*’
***thanks to Kevin Royalty for the detailed list.
—
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support 
Blog 
Twitter 
Facebook 
LinkedIN
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support 
Blog 
Twitter 
Facebook 
LinkedIN
My only problem with that fix is that it completely opens up those ports instead of locking them down to just the original and additional subnets. To be fair, almost everyone is or should be protected behind a good router/firewall. I wonder if that asterick can be changed to multiple subnets?
Phil – SInce we’re only dealing with the domain profile, and since the firewall is smart enough to dynamically open and close ports as needed we haven’t completely opened things up with this configuration.