AJR

Edward - Although you are probably aware of it - but Vista provides a
"Windows Firewall and Security" snap-in for the Management Console which
provides more options than control panel security center.

"Edward Ray" <ewray@newsgroup.nospam> wrote in message
news:3692A5FD-07BD-4BE1-B8C3-EA2C1400CB74@microsoft.com...
>I have had MANY problems since upgrading to Vista RC1 (now v5728) with
>connectivity in my Windows 2003 R2 native Ad domain. Windows time not
>working, netdiag crashing, not picking up Kerberos tickets for Vista
>machine...
>
> Once I disabled the firewall, things improved. Windows Time started
> automatically.
>
> Let me sasy first that the new Windows Firewall is a great leap forward,
> but it is very complex and difficult to configure. I suspect once
> adm/admx files are available that it may become easier. Third-party
> firewalls are much easier to configure than Vista Firewall. Complexity is
> the hobgoblin of security, and Microsoft has made the Windows Firewall
> very diffiuclt to understand an onerous to configure. Rules that I put in
> to open the firewall to domain connectivity appear not to work.
>
> I would recommend to anyone deploying Vista in a pre-existing domain
> infrastructure to disable Windows Firewall completely for the near term.
>
> --
> Edward Ray
> CCIE Security, CISSP, GCIA Gold, GCIH Gold, MCSE+Security, PE
>