Windows SBS Client - Windows XP Policy
Data collected on: 5/29/2009 7:14:43 PM
General
Details
Domainsmallbusiness.local
OwnerSMALLBUSINESS\Domain Admins
Created 5/29/2009 6:43:30 PM
Modified 5/29/2009 6:43:32 PM
User Revisions 0 (AD), 0 (sysvol)
Computer Revisions 17 (AD), 17 (sysvol)
Unique ID {0BAEDF85-4721-49CA-89BE-E2D01155C52B}
GPO Status Enabled
Links
LocationEnforced Link Status Path
SBSComputersYes Enabledsmallbusiness.local/MyBusiness/Computers/SBSComputers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name Windows SBS Client - Windows XP
Description None
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS ReadNo
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
SMALLBUSINESS\Domain Admins Edit settings, delete, modify security No
SMALLBUSINESS\Enterprise Admins Edit settings, delete, modify security No
Computer Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the local machine.
Network/Network Connections/Windows Firewall/Domain Profile
Policy SettingComment
Windows Firewall: Allow inbound file and printer sharing exception Enabled
Allow unsolicited incoming messages from these IP addresses: localsubnet
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySetting Comment
Windows Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses: localsubnet
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySetting Comment
Windows Firewall: Allow inbound Remote Desktop exceptions Enabled
Allow unsolicited incoming messages from these IP addresses: localsubnet
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySetting Comment
Windows Firewall: Allow local port exceptions Enabled
Windows Firewall: Allow local program exceptions Enabled
Windows Firewall: Define inbound port exceptions Enabled
Define port exceptions:
135:TCP:*:Enabled:Offer Remote Assistance - Port
Specify the port to open or block.
Syntax:
<Port>:<Transport>:<Scope>:<Status>:<Name>
<Port> is a decimal port number
<Transport> is either "TCP" or "UDP"
<Scope> is either "*" (for all networks) or
a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
<Status> is either "enabled" or "disabled"
<Name> is a text string
Example:
The following definition string adds TCP port 80
to the port exceptions list and allows it to
receive messages from 10.0.0.1, 10.0.0.2, or any
system on the 10.3.4.x subnet:
80:TCP:10.0.0.1,10.0.0.2,10.3.4.0/24:enabled:Web service
PolicySetting Comment
Windows Firewall: Define inbound program exceptions Enabled
Define program exceptions:
%windir%\system32\sessmgr.exe:*:Enabled:Remote Assistance
%windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance
%windir%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice
Specify the program to allow or block.
Syntax:
<Path>:<Scope>:<Status>:<Name>
<Path> is the program path and file name
<Scope> is either "*" (for all networks) or
a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
<Status> is either "enabled" or "disabled"
<Name> is a text string
Example:
The following definition string adds the
TEST.EXE program to the program exceptions list
and allows it to receive messages from 10.0.0.1,
or any system on the 10.3.4.x subnet:
%programfiles%\test.exe:10.0.0.1,10.3.4.0/24:enabled:Test program
Network/Network Connections/Windows Firewall/Standard Profile
User Configuration (Enabled)
No settings defined.