none
Firewall exception via GPO.

    Question

  • How to deploy a GPO for firewall exception for below applications.

    Skype,Outlook, Neemetting, Remotedesktop.

    DCs are 2003:FLL:2003,DFL:2003.


    AliahMurfy
    Wednesday, June 01, 2011 7:19 AM

Answers

  • Hi Aliah,

    In windows 2003 server, please setup policy in Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain profile

    Enabled Allow Remote Desktop exception policy, set incoming messages from localsubnet like 10.0.0.0/24
    Enabled Allow file and printer sharing exception policy, set incoming messages from localsubnet like 10.0.0.0/24
    Enabled Define program exceptions policy, set program exceptions to %Promgramfiles%\NetMetting\conf.exe:10.0.0.0/24:enabled:NetMeeting

    Setup antivirus update exceptions policy like NetMeeting, run antivirus update on local, unblock firewall policy for antivirus update, setup program exceptions according to local exceptions policy.

    You could refer to this article for details.


    Regards,
    Rick Tan
    Wednesday, June 08, 2011 2:35 AM

All replies

  • For RemoteDesktop you have to open port tcp 3389, skype can work on https so tcp/443, exception for outlook it depends on which email server you are using and which ports your server is using and what protocol you are using.

    For windows xp yu can configure that in Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall

    For Windows 7 machines you can configure that in Computer Configuration/Policies/Windows Settings/Security Settings/Windows Firewall with Advanced Security


    With kind regards
    Krystian Zieja
    http://www.projectnenvision.com
    Follow me on twitter
    My Blog
    Wednesday, June 01, 2011 7:29 AM
  • When it comes to doing anything in Group Policy the version of the DC's or Functional level rarely make any difference...

    Here is a post i wrote that shows you how to do this for Skype on Windows Vista and Windows 7 computers... http://www.grouppolicy.biz/2010/07/how-to-manage-windows-firewall-settings-using-group-policy/

    Hope it helps


    Alan Burchill (MVP)
    http://www.grouppolicy.biz
    Follow me on twitter @alanburchill
    Wednesday, June 01, 2011 9:21 AM
  • How to add the exceptions? like outlook, netmetting,remore assistence,antivirus update, file print share?
    AliahMurfy
    Monday, June 06, 2011 9:03 AM
  • Hi Aliah,

    Thank you for your post.

    When you installed Outlook, antivirus software, configure net meeting, use remote assistance in your local system, they will auto add into the Firewall exception program list.
    As Alan post, please just export policy from WFAS to GPO or create GPO refer to WFAS inbound rules policy filter by policy group name.

    If there are more inquiries on this issue, please feel free to let us know.


    Regards,
    Rick Tan

    Tuesday, June 07, 2011 6:12 AM
  • mine is 2003 and xp not for 2008 and win7.
    AliahMurfy
    Tuesday, June 07, 2011 6:18 AM
  • Hi Aliah,

    In windows 2003 server, please setup policy in Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain profile

    Enabled Allow Remote Desktop exception policy, set incoming messages from localsubnet like 10.0.0.0/24
    Enabled Allow file and printer sharing exception policy, set incoming messages from localsubnet like 10.0.0.0/24
    Enabled Define program exceptions policy, set program exceptions to %Promgramfiles%\NetMetting\conf.exe:10.0.0.0/24:enabled:NetMeeting

    Setup antivirus update exceptions policy like NetMeeting, run antivirus update on local, unblock firewall policy for antivirus update, setup program exceptions according to local exceptions policy.

    You could refer to this article for details.


    Regards,
    Rick Tan
    Wednesday, June 08, 2011 2:35 AM