Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 5261 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall policy changes when disjoining domain computers

JasonO

Hello,

My Firewall changes when I disjoin a computer from the domain.  It changes to "Block by Default" . 

Where does it get this information?  Where is the policy that is in place when the computer is not able to see the DNS server? 

Thanks,

Jason

:4722


This thread was automatically locked due to age.
Parents
  • 0

    We have 250 clients in AD but I decided against AD sync as the group structure is convoluted. On a second management server is "all the rest" (about 3000 clients). We use several methods:

    • We do have install packages for computers not administered by us (about two thirds). Users download the package which is built every two or three months from a live CID and contains an updating policy and mrinit.conf in the \rms subfolder (the reason is that by pointing the client to a different CID it can be "moved" to the other  management server and/or directed to use a message relay). The installer puts the client in a group so it receives custom policies for all components shortly after install. Once a client appears in SEC it's moved to the correct group to get it's "final" policies.   
    • On computers set up by us we simply call setup.exe from the CID using the appropriate switches at a certain point during setup.
    • Same procedure for clients which will join the domain (which also happens during setup - don't ask me for details, that's what you have subordinates for :smileywink:). From time to time I also search AD as sometimes a machine is joined which hasn't been set up by the normal process. I then use Protect computers to install Sophos. 

    Christian

    :4765
Reply
  • 0

    We have 250 clients in AD but I decided against AD sync as the group structure is convoluted. On a second management server is "all the rest" (about 3000 clients). We use several methods:

    • We do have install packages for computers not administered by us (about two thirds). Users download the package which is built every two or three months from a live CID and contains an updating policy and mrinit.conf in the \rms subfolder (the reason is that by pointing the client to a different CID it can be "moved" to the other  management server and/or directed to use a message relay). The installer puts the client in a group so it receives custom policies for all components shortly after install. Once a client appears in SEC it's moved to the correct group to get it's "final" policies.   
    • On computers set up by us we simply call setup.exe from the CID using the appropriate switches at a certain point during setup.
    • Same procedure for clients which will join the domain (which also happens during setup - don't ask me for details, that's what you have subordinates for :smileywink:). From time to time I also search AD as sometimes a machine is joined which hasn't been set up by the normal process. I then use Protect computers to install Sophos. 

    Christian

    :4765
Children
No Data