gale
08-19-2007, 06:06 AM
In PolicySettings.xls - a spreadsheet that lists all GPO settings available at http://www.microsoft.com/downloads/details.aspx?FamilyID=7821c32f-da15-438d-8e48-45915cd2bc14&displaylang=en, some
settings have multiple registry value paths associated with them.
[In GPO Editor , when enabling the settings listed below, a user must specify more than whether the setting is Enabled/Disabled ]
Are all these registry values required to store each Windows Firewall GPO Setting ? For instance::
1.For the policy setting - Windows Firewall: Allow remote administration exception;
there are 2 registry values associated :
1] HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\D omainProfile\RemoteAdminSettings!Enabled,
2] HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\D omainProfile\RemoteAdminSettings!RemoteAddresses
Are both neccessary for the GPO setting to be Enabled. To determine if the setting is Enabled, isn't the first 1 sufficient?
Similar case for :
Windows Firewall: Allow file and printer sharing exception
Its 2 registry values are:
1] HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\D omainProfile\Services\FileAndPrint!Enabled,
2] HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\D omainProfile\Services\FileAndPrint!RemoteAddresses
If the 1st Registry value is set to enabled, is it neccessary to check for the Address List.What will the behaviour be , if only the 1st registry value is present?
2. On enabling the Logging setting in gpedit.msc , 2 registry values get created - LogFileSize & LogFilePath & on disabling the setting, both registry values get deleted
If 1 registry value say LogFileSize is deleted, is Logging enabled/disabled effectively? In GPO Editor, the setting before the value was deleted is maintained.i.e. To check if logging is enabled using a script, are the values of both registry values[LogFileSize & LogFilePath] required?
settings have multiple registry value paths associated with them.
[In GPO Editor , when enabling the settings listed below, a user must specify more than whether the setting is Enabled/Disabled ]
Are all these registry values required to store each Windows Firewall GPO Setting ? For instance::
1.For the policy setting - Windows Firewall: Allow remote administration exception;
there are 2 registry values associated :
1] HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\D omainProfile\RemoteAdminSettings!Enabled,
2] HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\D omainProfile\RemoteAdminSettings!RemoteAddresses
Are both neccessary for the GPO setting to be Enabled. To determine if the setting is Enabled, isn't the first 1 sufficient?
Similar case for :
Windows Firewall: Allow file and printer sharing exception
Its 2 registry values are:
1] HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\D omainProfile\Services\FileAndPrint!Enabled,
2] HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\D omainProfile\Services\FileAndPrint!RemoteAddresses
If the 1st Registry value is set to enabled, is it neccessary to check for the Address List.What will the behaviour be , if only the 1st registry value is present?
2. On enabling the Logging setting in gpedit.msc , 2 registry values get created - LogFileSize & LogFilePath & on disabling the setting, both registry values get deleted
If 1 registry value say LogFileSize is deleted, is Logging enabled/disabled effectively? In GPO Editor, the setting before the value was deleted is maintained.i.e. To check if logging is enabled using a script, are the values of both registry values[LogFileSize & LogFilePath] required?