Jump to content

How do I set Windows Internet Connection Firewall using Group Policy


hamish

Recommended Posts

Hello

I have a server in the office running Windows Small Business Server 2003 and a dozen Windows XP machines with SP2. I would like to centralise the windows firewall, so that all of the machines have the same ports open and I don't want any of the users to be able to change anything.

The XP machines are part of a domain, and the SBS is the domain controller (domain is oca.local).

I believe there is a way to use Group Policy on the SBS to dicate the firewall settings on all the client machines. Can someone please tell me how to do this?

I have been into Start -> Admin Tools -> Group Policy Management

Have then gone into Forrest (oca.local) -> Domains -> (oca.local)

In here, I see GPOs like "SBS Client Computer" and "SBS WIndows Firewall". When I right click on each of these and press Edit, it opens up the Group Policy Object Editor. I have find the place in the editor to change the WIndows Fireall configuration, however, each of these GPOs looks the same in Group Policy Object Editor. They all have "Computer COnfiguration" and "User configuration" trees, with the name of the GPO at the very top.

In the Group Policy Management, how do I know which Policys are being appliend to the client PCs?

Do you know of a good webpage which gives a good overview of GPO management on a domain?

Thanks in advance for your help

Hamish

Link to comment
Share on other sites


Hey

I had alrady looked at http://www.microsoft.com/technet/prodtechn...t/wfsp2wgp.mspx

which is one of the links there and was confused. It seems to suggest that you manually configure the GPO on the XP client machine itself. If this is the case, then I need to do it for all my clients. I thought that I could somehow set it all up through the server.

Thanks

H

Link to comment
Share on other sites

you are reading it wrong. from an xp machine you can open the GPO objects (they live on the server) and edit them (providing you have the right access privileges). - you dont have to sit at the server to do it.

edit the "SBS Windows Firewall" GPO and put in you settings as described and then make sure the gpo is enforced.

Link to comment
Share on other sites

Hello

I have found out how to do it. However, for some reason it is the standard profile settings which get used, not the domain profile settings. When a user logs on, he select log onto oca domain, not log onto local PC.

Strangely, when I selected log onto local PC, I saw the firewall settings which are set on the Domain Profile.

Any idea why this would happen?

Hamish

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...