No access into Vista RTM from Domain

We have two clients running Windows Vista RTM. Both are joined to Windows
2003 domain. Both clients can ping XP and 2003 server stations as well as
browse their shares. However, a ping or share browsing from any server or XP
station to either of the Vista clients does not work. The ping will resolve
the name of the Vista client, but will timeout on the response. Firewall is
disabled on both clients by Group Policy. The users that are logged into the
Vista clients are Domain Admins, Enterprise Admins, etc. Any help would be
greatly appreciated.

RESOLUTION:
The sssue was caused by the Windows Firewall service not running (ie -
Stopped). When we manually attempted to start the service, we received error
1297.

We were able to narrow it down to one setting in Group Policy: User Rights
Assignment -> Adjust memory quotas for a process.

The security setting for this option is usually set to Local Service,
Network Service, Administrators. In our case, our domain policy edits this
setting to only include Administrattors.

By changing the policy so that this setting is not configured, it is
automatically set back to the default.

After a reboot of the pc and a gpupdate which we run at logon, we saw our
Firewall Service was started. Now we are able to Turn Off the firewall via
the Network Center, but leave the service running.

With this in place, we can ping and browse admin shares from any pc to our
vista clients.

"Franklin" wrote:

Quote:

> Thanks for the response Stuart.
>
> The firewall service is not running and Network Discovery, File Sharing, and
> Printer Sharing are all set to On, but still have the same problem.
>
> It is a very frustrating issue and I have seen other people run into it, but
> no one has posted a resolution.
>
> Thanks,
> Franklin
>
> "Stuart [MVP]" wrote:
>

Quote:

Good to see you got your network working with Vista. A couple of questions
for my enlightenment:

1. Group policies are always refreshed during the Windows startup process,
so I'm puzzled by "a gpupdate which we run at logon". Is there a particular
problem that doing this in a startup script as well solves?

2. Vista (and XP SP2, Windows 2003 SP1) networking all works with the
Windows Firewall enabled - I do this on all my computers at home and also at
work If you take "special" action, you can also have the benefit of having
the Windows Firewall enabled on Windows 2003 SP1 Domain Controllers (see KB
article 555381), so I'm wondering why you want to disable it.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"Franklin" <Franklin@discussions.microsoft.com> wrote in message
news:6CC9042E-5B41-44F6-8E4C-AFF239F3613C@microsoft.com...

Quote:

> RESOLUTION:
> The sssue was caused by the Windows Firewall service not running (ie -
> Stopped). When we manually attempted to start the service, we received
> error
> 1297.
>
> We were able to narrow it down to one setting in Group Policy: User Rights
> Assignment -> Adjust memory quotas for a process.
>
> The security setting for this option is usually set to Local Service,
> Network Service, Administrators. In our case, our domain policy edits this
> setting to only include Administrattors.
>
> By changing the policy so that this setting is not configured, it is
> automatically set back to the default.
>
> After a reboot of the pc and a gpupdate which we run at logon, we saw our
> Firewall Service was started. Now we are able to Turn Off the firewall
> via
> the Network Center, but leave the service running.
>
> With this in place, we can ping and browse admin shares from any pc to our
> vista clients.
>
> "Franklin" wrote:
>

Quote:

I suspect what was meant is "Not Defined". Most GPO settings have "Not
Configured", "Enabled" or "Disabled" settings, but those in User Rights
Assignment are either "Defined" or "Not Defined".

Double click on "Adjust memory quotas for a process" and remove the check
mark from "Define these policy settings".

If you are looking at the "Local Security Policy" on a Vista workstation (as
opposed to a Group Policy in a Domain via Group Policy Management Console) -
e.g. Start, Administrative Tools, right click Local Security Policy, select
Run as Administrator - the only choice you have is to modify the group
list - there is no check box as there is with GPMC in a Domain.

The default groups with this "right" are:
Administrators
LOCAL SERVICE
NETWORK SERVICE

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"orph351" <orph351@discussions.microsoft.com> wrote in message
news:FC325631-643C-4C30-9CEC-BAE289E33376@microsoft.com...

Quote:

> Franklin,
>
> I am getting the error 1297 when trying to start the firewall service. I
> found the group policy object you mentioned, but have no option to change
> it
> to not configured.
>
> Where do you make the change?
>
> Or
>
>
> "Franklin" wrote:
>

Quote: