Posts Tagged ‘Server’

Windows Firewall via GPO

Monday, March 12th, 2012

Setting up the Windows Firewall to run on Windows client systems can be tedious when done en masse. But using a Group Policy (GPO) to centrally manage systems can be a fairly straight forward process. First, decide which firewall rules you want to implement. Then, manually configure them and test themĀ  out on a workstation to verify it works the way you want it to. This process has been documented at http://techjournal.318.com/?p=1092.

Once you know the exact settings you’d like to deploy, create an Organizational Unit and put computer accounts (or other OUs/security groups) to be governed by this policy in the new OU. Once you have all of your objects where you’d like them, it’s time to create a GPO of the settings (which should be applied to one machine and tested before going wide across a large contingent of systems). To do so, go to the policy server and Features from within Server Manager to expand Group Policy Management.

From Group Policy Management, expand the appropriate Forest and Domain and then right-click Group Policy Objects, clicking New at the contextual menu. Then provide a name for the new GPO (e.g. Windows Firewall Policy) and click on OK. In the Group Policy Management screen, click on Group Policy Objects and then right-click on Firewall Settings for Windows Clients. Click on Edit to bring up the Group Policy Management Editor.

At the Group Policy Management Editor, right-click Firewall Settings for Windows Clients policy, and select its Properties. Click on the Disable User Configuration settings check box and at the Confirm Disable dialog box, click on the Yes button and click OK when prompted.

In the Group Policy Management Editor open Policies from Computer Configuration. Then expand on Windows Settings and then on Security Settings and finally Windows Firewall with Advanced Security. Here, click on Windows Firewall with Advanced Security for the LDAP GUID for your domain. Then open Overview to verify that each network location profile lists the Windows Firewall state as not configured.

Click on Windows Firewall Properties and under the Domain Profile tab, use the drop-down list to set the Firewall state to On. Then, click on OK and verify the Windows Firewall is listed as On.

Once you’ve created the GPO, go to the OU and click on Link an Existing GPO. Here (the list of GPOs), select the new GPO and test it on a client by running gpupdate or rebooting the client. To verify that the GPO was applied, open the Windows Firewall with Advanced Security snap-in and right-click on Windows Firewall with Advanced Security on Local Computer, selecting Properties from the contextual menu. If the setting is listed as On then the policy was created properly!

Mac OS X 10.7.3 and 10.7.3 Server Now Available

Wednesday, February 1st, 2012

Mac OS X 10.7.3 and Mac OS X Server 10.7.3 are now available for download through software update:


The update comes with fixes to better language, smart card ServerBackup, Profile Manager, opendirectoryd/directory images, file sharing and support for a number of other aspects of the OS. Some specific aspects include disconnecting specific users w/ Server.app, more ACL information in Server.app, setting login greetings, etc.

The client update and available information is available at OS X Lion Update 10.7.3 (Client)

The client combo update and available information is available at OS X Lion Update 10.7.3 (Client Combo)

The server update is available at OS X Lion Update 10.7.3 (Server)

The server combo update is available at OS X Lion Update 10.7.3 (Server) Combo

The Server Admin Tools are available at Server Admin Tools 10.7.3

Also, ARD has been revved up to 3.5.2. It is available at Apple Remote Desktop 3.5.2 Client

Also, of note, AirPort Utility also got an update yesterday. It is available at AirPort Utility 6.0 for Mac OS X Lion

Mac OS X 10.6.2 Server Available

Tuesday, November 10th, 2009

Mac OS X 10.6.2 Server is now available. This update represents a great step for environments that have either already made to, or are preparing/planning the upgrade to, Snow Leopard Server. In this update, Apple addresses the following issues (from Apple.com):

  • adding and removing imported users in Server Preferences
  • synchronizing Portable Home Directory content
  • using iCal web interface within select time zones
  • previewing and capturing dual-source video in Podcast Capture
  • server-side filtering of incoming mail messages
  • using chained digital certificates for mail services
  • creating images with System Image Utility
  • automating installation of NetRestore images
  • preventing brute force password attacks
  • using sudo command with authenticated Open Directory binding
  • binding to Active Directory domains with invalid service records
  • creation of mobile accounts for Active Directory users
  • correcting a problem that would cause the Software Update cache to grow excessively

Leopard Server: Documentation Released

Saturday, October 27th, 2007

To answer all those questions like “How do I create a share point now?” Apple has been kind enough to post the documentation for Leopard Server at: http://www.apple.com/server/macosx/resources/

All of the new services are documented per Apple standards, so happy reading!