• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 879
  • Last Modified:

Group Policy for a firewall exception ports

Hi,

Is it possible to do a active dir group policy on a ou to allow certain ports open on windows firewall.

I want a policy that will leave the windows firewall on, but open up VNC port and the symantec corporate edition ports so the server can puch out the definitions etc.

Regards

R
0
supportsoft
Asked:
supportsoft
  • 3
1 Solution
 
Jay_Jay70Commented:
Hi supportsoft,

computer seetings\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Define port exceptions

Allows you to view and change the port exceptions list defined by Group Policy. Windows Firewall uses two port exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel.  If you enable this policy setting, you can view and change the port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Show button, click the Add button, and then type a definition string that uses the syntax format. To remove a port, click its definition, and then click the Remove button. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add ports to the local port exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the Windows Firewall: Allow local port exceptions policy setting.  If you disable this policy setting, the port exceptions list defined by Group Policy is deleted, but other policy settings can continue to open or block ports. Also, if a local port exceptions list exists, it is ignored unless you enable the Windows Firewall: Allow local port exceptions policy setting.  If you do not configure this policy setting, Windows Firewall uses only the local port exceptions list that administrators define by using the Windows Firewall component in Control Panel. Other policy settings can continue to open or block ports.  Note: If you type an invalid definition string, Windows Firewall adds it to the list without checking for errors, and therefore you can accidentally create multiple entries for the same port with conflicting Scope or Status values. Scope parameters are combined for multiple entries. If entries have different Status values, any definition with the Status set to disabled overrides all definitions with the Status set to enabled, and the port does not receive messages. Therefore, if you set the Status of a port to disabled, you can prevent administrators from using the Windows Firewall component in Control Panel to enable the port.  Note: The only effect of setting the Status value to disabled is that Windows Firewall ignores other definitions for that port that set the Status to enabled. If another policy setting opens a port, or if a program in the program exceptions list asks Windows Firewall to open a port, Windows Firewall opens the port.  Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions.




Cheers!
0
 
supportsoftAuthor Commented:
Works Ok, but do you know the syntax to open a range of ports.

I need to for symantec AV small business edition to push out updates etc.
0
 
Jay_Jay70Commented:
cant say i do - not with using GPO
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now