RE: How do I create a policy for a single computer?

Hi Sasha,

Thanks for posting here.

From your post, I understand that you want to know how to create the
security policy about Windows Firewall on single Windows XP Pro SP2
workstation. If I am off base, please feel free to let me know.

Based on my knowledge, I agree with Xavier's suggestion, you can refer the
following steps to apply GPO on a single workstation:

- create a new security group
- put the target computer account in this new security group
- create a new group policy for the SBS computers OU (assuming your
computers are defined in the default location) that contains your settings
- in the "security filtering" part of the UI, please delete the other
security group or user account, then make sure that it applies only to your
new security group.

In additional, when you configure Windows Firewall in an organization
network using Group Policy, some of the local Windows Firewall
configuration options can be grayed out and unavailable, even for local
administrators.

So if you already configured Windows Firewall for your Windows XP
workstations using Group Policy, you only return the all of Windows
Firewall configuration in Group Policy from Enabled to Not Configured. Then
the Windows XP workstation can control this configuration themselves. For
detail information, please refer the following technology article:

http://download.microsoft.com/download/6/8/a/68a81446-cd73-4a61-8665-8a67781
ac4e8/wf_xpsp2.doc#_Toc85246636

Note: please refer the following part in the above article:
Deploying Windows Firewall Settings with Group Policy
Step 2: Specifying Windows Firewall Settings for Your Group Policy Objects

I hope the above information helps.

Have a nice day.

Best Regards,

Steven Zhu
MCSE
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
updated on February 14, 2006.? Please complete a re-registration process
by entering the secure code mmpng06 when prompted. Once you have
entered the secure code mmpng06, you will be able to update your profile
and access the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================







.

Relevant Pages

  • Re: Group policy prevents Windows firewall running.
    ... You can not edit Group Policy in XP Home but it sounds like registry entries ... > to get the Windows Firewall to run. ... The Security Center could not turn on Windows Firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Group Policy wont update on workstation
    ... and it won't pick up the group policy (namely the security settings, ... I'd suspect either DNS problems or the workstation isn't in the right OU. ... The Windows firewall isn't the problem. ...
    (microsoft.public.windows.group_policy)
  • Re: Group Policy wont update on workstation
    ... and it won't pick up the group policy (namely the security settings, ... I'd suspect either DNS problems or the workstation isn't in the right OU. ... The Windows firewall isn't the problem. ...
    (microsoft.public.windows.group_policy)
  • Re: Cannot configure windows xp firewall settings in a sbs 2003 network...
    ... 872769 You cannot configure Windows Firewall settings or Security Center ... After this is done go into group policy and edit the policy for ... Small Business Server Windows Firewall ...
    (microsoft.public.windows.server.sbs)
  • RE: group policy
    ... We already manage our windows firewall settings on the local computers by ... group policy (Specifically the 'windows firewall' group policy in SBS ... Windows Firewall settings for computers running Windows XP with SP2 can be ...
    (microsoft.public.windows.server.sbs)