Hi,
My users are software developers and support engineers who need to be able to run and test an undefined amount of different versions of our software which is a network distributed system. They need to be able to run the software from their own devices, which
has the windows firewall prompt for permissions whenever they run the software from a new location (which happens up to multiple times a day).
I do not want to disable the Windows firewall, as it adds an extra layer of security to the systems, and I also do not want to give users local administrator rights for obvious reasons either.
So there is two approaches that I tried but couldn't find a solution to (and they may not be possible?):
a.) give the users permission to modify and/or disable the firewall at need or alternatively allow them to confirm the UAC permission dialogue for firewall related issues only
b.) set firewall rules globally via GPO that allow all programs in a specific directory and its sub-directories through the firewall (by using wildcards like "*") so user will just have to copy their test versions there or alternatively allow all
programs with a specific name or other means of general identification that works for all versions through the firewall by GPO. This will also have to work on UNC paths as software may be located on network shares
I cannot just allow a port range for this to work as the software uses dynamic ports with a very wide-span range which wouldn't be much different from disabling the firewall in the first place.
I am aware that granting users the ability to disable the firewall is just as well a security risk, but that isn't a very good point if it means they cannot do their job.
