Questions? Feedback? powered by Olark live chat software
Author Avatar

Specifying Network Profiles

Written by: on 27 February 2013 10:37 PM 27 February 2013 10:37 PM

Specify Network Profiles (Domain, Public, Private) associated with Windows Firewall settings for your Windows servers.

In Windows if you have an internal network adapter, and an external network adapter and make the server a domain controller, it will automatically make both NICs part of the domain profile (which allows everything in the firewall restrictions).

To stop this what we recommend is you make keep your internal network adapter as your domain profile, and make your external network adapter (the one that connects to the internet) a member of the public profile.

To do this go to the Windows Advanced Firewall and create a rule which blocks UDP on port 389 for the external subnet range (e.g. 203.143.x.x) both incoming and outgoing. This will prevent Windows from being able to resolve the NIC to a domain and therefore mark it as public.


(0 vote(s))
Not helpful