locked
2008R2 firewall: add rules to group / create new group RRS feed

  • Question

  • I'm wondering how I can achieve both of these firewall (management) tasks:

    1) Add a new rule aggregation "group", like the built-in "Core Networking" or "FTP Server". I know this is ultimately possible, as when we install the ssh daemon "WinSSHd" it adds its own rules for port 22 that are part of a new group, not a standard Windows group. The rule shows up as a "pre-defined" rule, so *maybe* I'm looking for a way to add one of those ...

    2) Add a rule (newly created or otherwise) *into* a named "group".

    I'm ideally looking for a scriptable way to do both of these tasks. I've found that "netsh advfirewall firewall" doesn't allow for a "group=" parameter in a "netsh advfirewall firewall add" invocation. Nor does "netsh advfirewall firewall set name='foobar' new group='newgroup'" work. "group=" is only allowed on the *old* side of that command.

    C:\Users\Administrator>netsh advfirewall firewall add rule name="Zabbix Monitoring" group="My Rules" protocol=TCP dir=in localport=10050 action=allow
    
    'group' is not a valid argument for this command.
    

    Please note, I'm using the word "group" here in a manner unrelated to "group p-olicy" or the concept of remote "groups" of computers that can access resources behind the firewall. I know both of these terms are used far more frequently in a Server firewall context, which is possibly why I've found no good hits on this topic.

    Wednesday, January 18, 2012 1:36 PM

Answers

  • Hi,

    Thank you for your post.

    1.Adding user's predefined firewall rules group is not possible.
    2.Adding a rule into a named firewall rule is also not possible.
    They are caused by design. You could do is to copy/paste the predefined firewall rules via MMC or GPO.

    If there are more inquiries on this issue, please feel free to let us know.

    Regards,


    Rick Tan

    TechNet Community Support



    • Edited by Rick Tan Thursday, January 19, 2012 8:29 AM
    • Marked as answer by Rick Tan Tuesday, January 24, 2012 7:57 AM
    Thursday, January 19, 2012 8:28 AM

All replies

  • Hello,

    I would recommend asking them here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads



    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. 

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Wednesday, January 18, 2012 8:29 PM
  • Hi,

    Thank you for your post.

    1.Adding user's predefined firewall rules group is not possible.
    2.Adding a rule into a named firewall rule is also not possible.
    They are caused by design. You could do is to copy/paste the predefined firewall rules via MMC or GPO.

    If there are more inquiries on this issue, please feel free to let us know.

    Regards,


    Rick Tan

    TechNet Community Support



    • Edited by Rick Tan Thursday, January 19, 2012 8:29 AM
    • Marked as answer by Rick Tan Tuesday, January 24, 2012 7:57 AM
    Thursday, January 19, 2012 8:28 AM