Re: Windows 2003 SP1 Firewall Control through Group Policy

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
• Date: Mon, 16 Oct 2006 16:04:31 +0100

---

Hi
also check
http://www.microsoft.com/downloads/details.aspx?FamilyID=4454e0e1-61fa-447a-bdcd-499f73a637d1&DisplayLang=en

--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator
"stosti" <stosti@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0C749158-3BD8-4BCF-AF70-A28E3573F499@xxxxxxxxxxxxxxxx

How do I get to "microsoft.public.windows.group_policy"? I would be happy
to
continue there.

Thanks!

"Trevor Sullivan" wrote:

Roger Abell [MVP] wrote:

You are really asking group policy questions, but not in
microsoft.public.windows.group_policy
which would be the best place.

What you ask in your follow-up post is a standard practice
in group policy of applying a GPO to a selected set of targets.
You may accomplish this by OU linkage of GPO or security
group filtering.

MS has extensive writeups on the firewall settings, if you were
to search the ms.com website.
One thing I might add is that you should carefully consider how
you use the domain vs standalone policies as the domain policy
tends to not be used by a domain member if there is any issue
with the network interface being unavailable during application.

Roger
"stosti" <stosti@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4AFC15A0-5080-438C-A301-FF62439D61C3@xxxxxxxxxxxxxxxx

Thank You!

Is there a way to turn on the firewall on some machines and not
others?
Currently my remote users have the firewall enabled. My internal
users
have
it disabled. I want to setup the GP to keep this the same. External
users
must have the firewall and internal users need it disabled...

Regards,
Scott

"Jerold Schulman" wrote:

On Sun, 15 Oct 2006 04:59:01 -0700, stosti
<stosti@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Hi,

How do I control the firewalls on my XP client machines through GP?
Can
I
exclude my 2003 servers? Can I exclude the firewalls on some XP
clients?
Can I set configure which ports I want open though GP? I need SMS,
Symantec,
Remote Desktop and alike to be able to function with the firewalls
enabled.

Thank You,
Scott

See the following in the 'Tips & Tricks' at http://www.jsifaq.com
JSI Tip 8378. Windows XP SP2 Firewall Update for Windows Small
Business
Server 2003.

JSI Tip 10218. How to Troubleshoot Windows Firewall settings in
Windows
XP Service Pack 2?

JSI Tip 8447. You cannot configure Windows Firewall settings, or
Security
Center settings, on Windows XP Service Pack 2 in a SBS 2003 domain?

JSI Tip 7907. How do I open port 445 for remote administration of
Windows
XP (SP2 or greater) with the Windows Firewall enabled?

JSI Tip 8866. GPMC in Windows XP SP2 displays some Group Policy
settings
in Extra Registry Settings?

JSI Tip 9254. How might you configure the Windows Firewall using the
Group Policy Management Console on your Windows Server 2003 SP1
computer?

JSI Tip 8203. The SMS Administrator console cannot display Event
Viewer,
Windows Diagnostics, or Performance Monitor for Windows XP Service
Pack 2
clients?

JSI Tip 8382. Managing Windows XP Service Pack 2 Features Using Group
Policy White Paper.



Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com

Roger,

Just FYI, I personally use the Standard and Domain firewall profiles in
my environment and haven't had any issues. It is good to be aware that
networking issues at boot-up could affect the application of this GPO,
however it has been in my experience that as long as users are aware of
the plugin-before-bootup concept, they've been fine.

Trevor Sullivan
MCP

.

---

• References:
  • Re: Windows 2003 SP1 Firewall Control through Group Policy
    • From: Jerold Schulman
  • Re: Windows 2003 SP1 Firewall Control through Group Policy
    • From: Roger Abell [MVP]
  • Re: Windows 2003 SP1 Firewall Control through Group Policy
    • From: Trevor Sullivan
  • Re: Windows 2003 SP1 Firewall Control through Group Policy
    • From: stosti

• Prev by Date: Insert All Users to a single Group without use Everyone
• Next by Date: Re: Permissions to Allow users to rename but not delete..
• Previous by thread: Re: Windows 2003 SP1 Firewall Control through Group Policy
• Next by thread: Re: Permissions to Allow users to rename but not delete..
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Guide to secure installtion of IIS 5 ... don't forget a well-configured firewall. ... Do not put the computer onto the network or the Internet until after the ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ... (microsoft.public.inetserver.iis.security) Re: Is secedit.exe left by a hacker? ... > tested on port 445. ... > I have a Linksys router that I use as a firewall to my ... Secedit.exe is the name of a legitimate Windows file, ... investigate the files on your computer - antivirus with the latest updates ... (microsoft.public.win2000.security) Re: Is secedit.exe left by a hacker? ... >> tested on port 445. ... >> I have a Linksys router that I use as a firewall to my ... >investigate the files on your computer - antivirus with ... >windows and everything else. ... (microsoft.public.win2000.security) Re: How to Maintain an IIS Server? ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ... (microsoft.public.inetserver.iis.security) Re: password protection ... and cable] and should really consider Windows 2000 / XP. ... sure you're also running antivirus and firewall, ... Internet] to bypass this security. ... (microsoft.public.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2006-10