Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies To: Windows Essential Business Server
This article applies to the following operating system:
- Windows® Essential Business Server (Windows EBS)°2008
The Change IP Address Settings Wizard in Windows EBS 2008 Management Server does not update the following System Center Essentials Group Policy objects:
SCE Managed Computers Group Policy
System Center Essentials All Computers Policy
As a result, the following actions are affected and they could potentially fail:
Deploying the System Center Essentials agent on new computers
Obtaining the proper access for connecting System Center Essentials to managed computers
When Windows EBS 2008 Management Server is configured, the Managed Computers Group Policy and the All Computers Group Policy should be configured when you deploy System Center Essentials.
SCE Managed Computers Group Policy. This policy defines firewall exceptions that apply to members of the System Center Essentials Managed Computers group. This policy defines which computers can access Remote Desktop. By default, only the IP address of Management Server is included.
System Center Essentials All Computers Policy. This policy, which applies to all computers in the domain, defines firewall exceptions based on the IP address of Management Server. Firewall settings that are defined by this policy affect which computers can access shared resources, and they enable administrators to remotely manage the computer where the policy is applied (by default, Management Server).
After you complete the Change IP Address Settings Wizard, follow these procedures to manually update the Group Policy objects with the correct IP address for Management Server.
To update Managed Computers Group Policy
On Management Server, click Start, click Run, type gpmc.msc, and then click OK.
Expand the Active Directory® forest, expand Domains, and then expand your domain.
Right-click SCE Managed Computers Group Policy (MGMT_MG), where MGMT is the name of Management Server, and then click Edit.
Expand Computer Configuration, expand Policies, expand Administrative templates, expand Network, expand Network Connections, expand Windows Firewall, and then click Domain Profile.
Right-click Windows Firewall: Allow inbound Remote Desktop exceptions, and then click Edit.
Type the IP address of Management Server, and then click OK.
Note
If you are allowing Remote Desktop Protocol (RDP) or Remote Web Workplace (RWW) connections from the Internet, consider changing this policy to allow a greater range of exceptions. Otherwise, this policy may cause conflicts.
To update All Computers Group Policy
On Management Server, click Start, click Run, type gpmc.msc, and then click OK.
Expand the Active Directory forest, expand Domains, and then expand your domain.
Right-click System Center Essentials All Computers Policy, and then click Edit.
Expand Computer Configuration, expand Policies, expand Administrative templates, expand Network, expand Network Connections, expand Windows Firewall, and then click Domain Profile.
Edit the following values with the new IP address of Management Server:
Windows Firewall: Allow inbound file and printer sharing exception
Windows Firewall: Allow inbound remote administration exception
Note
Be aware that these policies may be too restrictive for your environment. For example, in this case, only Management Server would be able to access shared resources on other computers.