Small Business Susan

Doing yourself in with Group Policy.

Doing yourself in with Group Policy.


I was setting up a new Vista 64bit on our network.  Install went fine.  One trick I had to to with the Vista 64bit that I didn’t have to do with the Vista 32bit was that I had to launch msconfig and Disable UAC and then click the launch button.



I then installed all my sucky old accounting apps and then when back and turned it on.  Once I did that all of my applications ran just fine. 


The only time I have UAC issues is only during install, never during running.


So then the next problem I has was in RDPing to this Vista 64bit workstation.  I would reboot and get locked out.  Grrrrr.


So then I poked around the firewall settings and realized that in both my Vista 32 bit and my Vista 64 bit I had these ‘blank’ rules at the top of my applied Vista firewall settings.  Hmmmmm…. that’s weird that they are blank like that, and then in addition I had these deny rules up at the top.  On the 32 bit version the deny was down a few lines, on the 64 bit it was at the top of the list.



If you looked at the rules, it was obvious to me that they were rules that I had added to the Windows “XP” firewall rule set for allowing ActiveSync to work (or so I thought).  I went into the group policy of the server and deleted them out and took the rules back to the default rules (comparing them to another SBS 2003 [always have a default SBS to look at..like a virtual machine somewhere].


I did a gpupdate /force and voila.  I can now RDP without a hitch and the group policy on the Vista now looks like it’s supposed to.



No deny rules, all approval.


The moral of this story is, just because something worked in 32bit doesn’t mean it will in 64bit, and if you added anything to those default firewall rules, start investigating there.


P.S. Thank you Kerry for the hint in the right direction.



1 comment so far ↓

  • #   Kerry Brown on 09.22.08 at 10:07 pm     

    You’re welcome but it really was more of a guess than a hint.