|
So I just moved to a new IT department within my existing company where I work and I am unable to remotely manage any computers using Computer Management nor can I access any of the hidden administration shares. I also tried by IP address rather than NetBIOS name. I'm thinking it's a group policy or a setting I am missing. As of now the group policies are pretty basic but Client Side Extensions was installed via our WSUS and I am going to eventually start customizing them a bit more. I enabled the Remote Administation Group Policy because it was previously not configured. These are the settings I used: Computer Configuration/Administative Templates/Network/Network Connections/Windows Firewall/Domain Profile Windows Firewall: Allow remote administation exception: Enabled Allow unsolicited incoming messages from: 100.12.204.0/24,100.12.206.0/24,100.12.55.0/24 My PCs are spread throughout about 3 subnets which I enabled by entering "100.12.204.0/24,100.64.206.0/24,100.12.55.0/24" (Note: These aren't my real subnets..) Checked on PCs -Windows firewall is enabled however it not set to Block File and Print Sharing. (Does this explicitly need to be enabled in a GPO for remote administration to work??) -Remote Registery Service is enabled -Computer Browser Service is disabled (Does this need to be enabled?) -I am in the Administrator group on all computers -I can ping computers and remote desktop into them fine. -Forced group policy by doing gpupdate /force numerous times. Any ideas?
|
#
¿
Apr 15, 2010 00:38
|
|
|
|
| # ¿ Apr 25, 2024 16:05 |
|
|
Is there any easy way to configure InPrivate browsing in Internet Explorer 8.0 for specific sites via Group Policy? I know you can turn it off and on. Right now I am using an Internet Explorer Group Policy for trusting local intranet sites but I would explore other options for more secure online banking. I dont want to enable it for all sites, just specific ones. I know I could add it as a Restricted Site and enable Protected Mode. I'd like to set it so cookies, usernames, passwords don't get saved for particular sites in the event the user's computer is compromised. This issue is I support the Finance department and they do a lot of online banking for releasing wire transfers and other transactions. Initially the suggestion was to setup dedicated banking PCs that are not on the domain and are limited to online banking only and setup in the user's office with a KVM switch. It wasn't my suggestion and I didn't like it since it requires setting up additional hardware that can be compromised and it is not centrally managed. We setup a few PCs to test but users had issues with the KVM switches, forgot the secondary computer passwords, etc. The other option I suggested was settings up a terminal server specifically for online banking that is locked down (overkill..I know) and disallowing all banking on their primary PCs. All PCs are running Windows XP SP3 with IE 8.0 and Group Policy Extensions or Windows 7 with Internet Explorer 8.0. I was curious if anyone else is doing something similar or had suggestions.
|
|
#
¿
Oct 14, 2010 23:57
|
|