rkillcrazy
Member
- Joined
- Feb 26, 2009
- Messages
- 1
I have just set up a Server 2008 domain controller and am currently setting group policies for my XP clients and they are working out well. However, for the life of me I cannot get firewall settings "pushed out" to my client PCs. I could really use some help on this. I cannot deploy my anti-virus without tweaking these settings and I don't want to go seat-to-seat.
I was told to see this link:
Deploying Windows Firewall Settings With Group Policy
After reading the linked page, I played with this stuff for the better part of the day... It has not been a good day! I started playing around with it via the link provided but soon found out that it edits an area in the Group Policy Management Editor on my Server 2008 Standard server. So, I started directly editing that and started to see changes being reflected accordingly. This got my hopes up... However, while some policies take effect, others do not! Just as my luck would have it, the ones that I really need to take effect (the port-openings for my anti-virus) are the ones that don't seem to be working. For instance, I right-clicked my Default Domain Policy and clicked on EDIT. Then, I went to Computer Configuration\Administrative Templates: Policy definitions (ADMX files) retrieved from the local machine\Network\Network Connections\Windows Firewall. In there, I found Domain Profile & Standard Profile. Evidently, they both should be set the same in case a laptop leaves your network and cannot contact the DC for GP settings. I did all of this and, like I said, most of my policies took effect after I rebooted my client PC. The Windows Firewall: Define inbound port connections did not work and those are the most important ones! This is an example of one of the inbound ports...
As far as I know, that is the correct syntax but it doesn't seem to take effect. If it does, I'm not seeing where I can confirm it. Any ideas?
02-26-09
0748 EST
I was told to see this link:
Deploying Windows Firewall Settings With Group Policy
After reading the linked page, I played with this stuff for the better part of the day... It has not been a good day! I started playing around with it via the link provided but soon found out that it edits an area in the Group Policy Management Editor on my Server 2008 Standard server. So, I started directly editing that and started to see changes being reflected accordingly. This got my hopes up... However, while some policies take effect, others do not! Just as my luck would have it, the ones that I really need to take effect (the port-openings for my anti-virus) are the ones that don't seem to be working. For instance, I right-clicked my Default Domain Policy and clicked on EDIT. Then, I went to Computer Configuration\Administrative Templates: Policy definitions (ADMX files) retrieved from the local machine\Network\Network Connections\Windows Firewall. In there, I found Domain Profile & Standard Profile. Evidently, they both should be set the same in case a laptop leaves your network and cannot contact the DC for GP settings. I did all of this and, like I said, most of my policies took effect after I rebooted my client PC. The Windows Firewall: Define inbound port connections did not work and those are the most important ones! This is an example of one of the inbound ports...
Code:
16109:TCP:localsubnet:enable:Avast's apply-to port02-26-09
0748 EST