Howdy, new to COMODO and dumping ZA (Hate the nags). At home I have recently switched from a Workgroup type setup to a true Server (Intranet Domain) environment for me, my wife and 8 kids. During the process (web research) I came upon COMODO. I started from scratch with fresh copies of XP on each client so there are no old ZA files on anything in my network. I am still learning, but with home networks becoming more prevalent I figured others will run into this same problem eventually.
Problem:
System hangs at login screen when a user of “Roaming Profiles” with “Redirected Folders” attempts to log in.
The symptoms are the same whether the user has an established “Roaming Profile” on the server or is establishing one for the first time at initial login.
For example, I’ve tried this on several clients; during the login for a new “Roaming Profile” each client appears to be trying to process something because I see the login animation still moving, but that’s it. 5 minutes into this, the login window disappears and I am left with just a blank blue Windows screen (not BSOD). I’ve waited up to 20 more minutes just to see what may happen, but nothing.
I then have to force a powered re-boot. I’ll go in as local admin, and find that no aspect of the new profile has been started. I then change CPF to “Allow All” and attempt the new user login again which then gets set up just fine on any client. All aspects of each users’ profile functions flawlessly thereafter on every client machine. But any time the firewall is set back to “Custom” again, users are no longer able to login. When testing the same CPF settings logged in using a local profile as “admin” or “user” on any client, COMODO works fine (Internet/Server access good). It just won’t allow network “Roaming Profiles” to login or become established.
I’m certain it’s my lack of knowledge configuring the firewall to allow the necessary communications/packets needed between my local server and each client for “Roaming Profiles".
So I ask that someone please provide a step-by-step guide for this particular setup when networking using “Roaming Profiles” with “Redirected Folders”. No, I have not extensively tested different COMODO settings as I don’t want to ■■■■■ anything up. Yes, I have read many other posts on configuring filter rules, but have not found any topics specifically regarding servers using “Roaming Profiles” in a local server/networked environment. Any help is appreciated.
My network details…
Server: Win 2000 Server SP4 (Latest Security Updates)
Using Active Directory configured as the only Domain Controller, DNS and DHCP.
Clients: Win XP Pro SP2 (Latest Security Updates)
COMODO Firewall version 2.4.18.184 running on each XP client.
COMODO is configured at each client to the “Set it and leave it” instructions from this forum. COMODO is not installed on the server.
Anti-Virus: Norton AV Corp 10.0.2.2000 (All clients managed/pushed from server).
Each XP user profile is set from the server to use server stored “Roaming Profiles” with “Redirected Folders”. I currently have a very simple security setup on the network shares and will tighten it up later after I get COMODO figured out…
Each user’s roaming profile points to a network share as:
\server\profiles$%username%\
The root share on the server for roaming profile permissions are:
“Everyone” (Full), “System” (Full), and “Administrator” (Full).
NTFS Security on the share is the same.
Each user’s redirected folders are on a network share as:
\server\data$%username%\Application Data
\server\data$%username%\Desktop
\server\data$%username%\My Documents
\server\data$%username%\Start Menu
The root share on the server for redirected folders permissions are:
“Everyone” (Full), “System” (Full), and “Administrator” (Full).
NTFS Security on the share is the same.
Infrastructure:
Primary Router: Vonage (Motorola) wired Router w/Basic default config. Acts as Internet Gateway for all clients and internal network traffic. Internet access for each client is not controlled by the server other than passing on Internet DNS queries to the WAN through this router.
Secondary Internal Router: Linksys Wireless Router-Basic default config. Used only for wireless connections on 2 laptop clients within the network.
3 Trendnet switches extends the wired network throughout our home to all other clients.
WAN:COX Broadband Modem (12MB Service).
All routers, servers, clients and NICs are properly configured within the same subnet running at 100Mbps. Routers and Servers configured with static IPs. All clients configured for DHCP IPs assigned through AD from the server.
I have 2 other boxes in this network running WinXP Pro, but they are not used as clients but rather as a stand-alone print server and a file server. I do not think they have anything to do with this problem and function fine with CPF.
Note: I have set new user profiles to be created from a pre-configured default profile located on the server from the standard SYSVOL…/scripts/Default User. Profiles are set through GPO to be deleted from the client each time a user logs off. None of the accounts/profiles are ever established/created on the local machines, they all come from the server. I want them all to remain purely roaming because I never know which of my kids will need to be on which computer at any given time.
And finally… Go easy on me. No, I am not a Sys Admin. I learned all this from the Internet and fix/build PCs as a hobby.
Again, any help is greatly appreciated.
