Location: Mail List

Ads

Skyscraper

The GPTalk Mailing List

The GPTALK mailing list is where you can send and receive email related to Windows Group Policy. You must subscribe to the list to send and receive mail from the list. The purpose of the list is to provide a forum for asking and answering technical questions related to Group Policy. Any question is fair game as long as it is related to Windows Group Policy.  The Archives for this list can be found on this page.

 

List Posts

Forums >GPTalk >GPTalk Mailing List
Subject: RE: [gptalk] Add an advanced firewall rule (port/scope) in Windows firewall to multiple systems with different current settings
Prev Next
You are not authorized to post a reply.

AuthorMessages
omarUser is Offline

Posts:97

02/18/2011 9:14 PM  
I think you may be working within the two different sections of a GPO for firewall

The advanced firewall rules only apply to vista and up (including the systems you are targeting.

You can define a single rule- but do it at Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\ Windows firewall ...\Inbound Rules

Right-click inbound rules and create your rule as required.


So your define port exception- you do that for Win2k3 and XP under CC\Policies\Administrative Templates\Network\network connections\Firewall- and if you define port exceptions there- it will add to the firewall and not just hard code/overwrite by default unless you configure some of the other settings or if users are not local admins they cannot modify the firewall rules anyway.

But I suggest that you split your XP/2003 firewall GPOs from your Vista/Win7/Win2k8/win2k8R2 firewall GPOs and use a WMI filter for that separation.

Hope that helps.
Omar

From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Carol M. Chisholm
Sent: Friday, February 18, 2011 8:53 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Add an advanced firewall rule (port/scope) in Windows firewall to multiple systems with different current settings

I want to add a single line to multiple servers Advanced firewall rules. (Windows 2008 & 2008R2).
They all have different current firewall setting which I do not want to change.
It I add a "Define port exceptions" rule in a GPO, will this overwrite ALL the existing port exceptions on any given server, or add to them?

Carol Chisholm


You are not authorized to post a reply.
Forums >GPTalk >GPTalk Mailing List > RE: [gptalk] Add an advanced firewall rule (port/scope) in Windows firewall to multiple systems with different current settings



ActiveForums 3.7

Members

MembershipMembership:
Latest New UserLatest:carmicklec
New TodayNew Today:1
New YesterdayNew Yesterday:1
User CountOverall:1399
People OnlinePeople Online:
VisitorsVisitors:0
MembersMembers:0
TotalTotal:0
Online NowOnline Now:

Ads

Banner Inv
Copyright 2009 by GPOGUY.COM
Terms Of Use