Re: WinFirewall setup throughout network

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I don't mean open ports to the outside. This is what I want to do. I
currently have a external firewall for incoming traffic from the net. But I
don't have an internal firewall setup to prevent an internal infection from
maybe a disk or cd someone installs. So all the doors and windows are closed.
I just want to close the inside a bit. Do I make sense with that? So like i
want to use windows firewall to help close the inside a bit but I want to be
able to configure the windows firewall on the clients from the domain. Is
that possible. Or am I just wasting time creating an internal firewall.
Because like you said and i know there are a lot of ports to open with domain
control and dhcp and dns...etc. What's the best way to give me security and
can I modify everything on a client from the server with out having to go to
each client one by one? That is what i am trying to find out.

thanks!

"Todd J Heron" wrote:

> You're going to have to configure so many exceptions through the firewall to
> allow client access that you may as well have no firewall enabled at all. I
> mean, why lock the front door to the house when you leave all the windows
> and the back door open? Think about that for a little bit. Regarding the
> Symantec ports, you'll need to get on their website to find out. Windows
> ports needed open will be found in the following article:
>
> How to Configure a Firewall for Domains and Trusts
> http://support.microsoft.com/default.aspx?scid=kb;en-us;179442
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no rights
>
> "Brandon E." <BrandonE@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:B3C3157A-BCAB-4B40-824A-B077262FD5AC@xxxxxxxxxxxxxxxx
> Can someone tell me if it is possible to configure client windows firewalls
> from a windows server 2003. I have a local domain setup. I noticed that the
> firewall on the server was disabled and when I enabled it, all clients lost
> connectivity. So I opened all the neccessary ports. But is there a way to
> configure a firewall setup that lists the ports that the clients need to
> have
> open and do that from the domain? I got symantec anitvirius and ports need
> to
> be opened otherwise the firewall blocks them. So i need to be able to open
> those ports on the clients from the domain. I looked through group policy
> but
> i didn't see anything as to listing ports (adding ports) for windows
> firewall
> clients. Suggestions?
>
> thanks!
>
>
.

Relevant Pages

  • Re: DCOM 10009 errors on SBS2008 with NAS
    ... make a specific GP rule that allows the ports to that NAS unit. ... The DCOM event id 10009 will occur when a client workstation has a miss-configured firewall or other issues affecting its network communications within the domain, for example if the workstation is not managed by an SBS GPO. ... Depending on your firewall solution this might be implemented or might require opening several ports. ... If the workstation is on a different subnet than the SBS server and it is running Windows XP SP2 or higher, the firewall exceptions provided by the SBS group policies will not properly allow the required connectivity. ...
    (microsoft.public.windows.server.sbs)
  • Re: XP SP2 and ports required to view a remote event log
    ... So for Windows XP SP2 with an enabled firewall, to handle this, ... Group Policy Settings Reference for Windows XP Professional Service Pack 2 ... Windows Firewall: Allow remote administration exception ... TCP ports 135 and 445. ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: [fw-wiz] how prevelant
    ... over the same few ports), and the tendency of script kiddies to run ... Windows attack tools, I tend to suggest that if you open your firewall up ... > it amazing they were passing domain information across the internet. ...
    (Firewall-Wizards)
  • Re: Windows Firewall on Domain Controllers
    ... Are you talking about Windows 2003 or Windows XP? ... confgured for all the AD ports and you do some voodoo with RPC ports. ... Don't use firewall on a DC, use a diferent machine, if you can don't join ... Global Catalog Server TCP 3269 ...
    (microsoft.public.windows.server.active_directory)
  • Re: NETFW.INF, Preconfigured Firewall settings and dialogs
    ... it is Windows Server 2003 SP1 firewall that i'm using. ... Using the document '832017 Port Requirements for the Microsoft Windows ... > to achieve the following goal: some ports are open by default and others ...
    (microsoft.public.windows.server.networking)