Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Can't ping Vista even file and printer sharing is enabled

Permissions, Group Policy, IPSec, Virus, Spam, Spyware, Malware.

Can't ping Vista even file and printer sharing is enabled

Postby chicagotech » Fri Nov 09, 2007 11:50 am

By design, if the file and printer sharing is enabled, you should be able to
ping. If not, you may need to modify the inbound rule. This how to may help.

Vista How toHow to enable ICMP to reply a ping · How to: Enable Remote
Desktop On Vista · How to: Enable telnet on Vista · How to: Enabling ICS on
Vista ...
www.howtonetworking.com/vista/vista.htm


--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com


"Bob" <86c6c2e6> wrote in message
news:Ov2vobsIIHA.4196@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> I have XP and Vista machines on a domain and all machines come under the
> same GPO's (which include firewall settings). These are the same GPO's
> that have been in place when only XP workstations were in the environment.
> i.e. I didn't make any modifications for Vista.
>
> When I enable certain GPO's and disable others (which the combination
> shuts off the workstation firewalls), I can ping all the machines.
>
> When I turn on the firewalls via policy, they all turn back on again, but
> I can no longer ping the Vista machines.
>
> "File and Printer Sharing" is opened as part of the policy and it is my
> impression that this is the one that allows me to ping the machines.
>
> Any idea why I can't ping the Vista machines when the firewall is turned
> on?
>
> ALSO: In Vista's firewall.cpl, they all state that the firewall is on, but
> the recommended settings are not in place. When I click the link "Update
> settings now", the warning goes away. What does "Update settings now" do?
> I wouldn't think it could do anything as the firewall is controlled by
> domain policy and all the settings are grayed out when the firewall is on.
>
> Thanks!
>
> ---
> Bob
>
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6466
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Postby chicagotech » Sat Nov 10, 2007 10:07 am

Okay, I did some more checking and this looks very strange.

First off, I've 5 Vista machines. Four are real and one is virtual. The
virtual has no problem, just the real ones do.

My GPO at "Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile\Windows Firewall: Allow file and printer sharing
exception" is enabled. I checked this with the old gpmc.msc in 2003 and the
new gpmc.msc in Vista. They both match, so I see no problem here.

On one of the failing Vista machines I confirmed that "File and Printer
Sharing" exeption is enabled per group policy by going to firewall.cpl. I
also ran rsop.msc and this looks fine too.

I viewed these two keys in the Vista machine:

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled,

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!RemoteAddresses

And I see "Enabled" is set to "1" and "RemoteAddresses" is blank.

I then manually changed "Enabled" to "0" and ran "GPUPDATE /FORCE" and it
was reset back to "1" again (as I would expect it to).

In summary: Everything I mention above is working as I would expect it to.

But here is where it gets strange.

Back at firewall.cpl in my Exceptions tab, I enabled the "File and Printer
Sharing" that is NOT controlled by group policy. When I do this, I can now
ping Vista!

I also checked the keys mentioned above, and I don't see them change when I
change the non-group policy version of "File and Printer Sharing".


So, it seems that the keys I mention above are controlled by group policy,
but Vista doesn't seem to care about them. When I change the non-group
policy version of "File and Printer Sharing" these keys are not changed with
it. Therefore I must conclude that the non-group policy version of "File
and Printer Sharing" is changing some other keys that I am unaware of.

Any ideas out there on what is going on?

Thanks,

Bob.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6466
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA


Return to Security

Your Ad Here

Who is online

Users browsing this forum: No registered users and 2 guests