GPO Firewall Policy

Posted on 2006-04-26
Last Modified: 2012-08-13
With the Firewall settings, Advanced tab, the PC's network connections are displays and you can enable or disable (via check) which connection has the firewall setting applied.  But, when running the firewall settings from a GPO, how can I designate which connection will get the policies.  For example, ActiveSync installs it's own local Mobil network.  I want to be able to excluse that connection from a GPO firewall policy.  Can I?  

Question by:mchristo63
    LVL 1

    Accepted Solution

    The following website has alot of good information on GPOs relating to the Windows Firewall :

    After reading all of the literature, Ive come to the conclusion that Windows / Microsoft does not allow you to pick different connections to apply the firewall to when using a GPO.  It looks like it is a all or nothing type thing.  You have two profiles to choose from when deciding when it will apply the GPO.  They are Domain and Standard.  The only setting under both of these areas that applies to what you are trying to do is the "Windows Firewall : Protect all network connections" setting.  Below is the properties for that setting :

    Turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP Service Pack 2.

    If you enable this policy setting, Windows Firewall runs and ignores the "Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting.

    If you disable this policy setting, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on locally cannot start it.

    If you do not configure this policy setting, administrators can use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides.

    Hope this helps...Im pretty sure that you want to do something that Microsoft just doesnt allow least as of yet!
    LVL 5

    Assisted Solution

    I had this same problem.   I decided to have the techs, as part of the VPN configuration process, disable the Windows firewall for the VPN interfaces.  I could find no Microsoft solution, and I was hesitant to make a custom ADM file that could possibly become obsolete or incorrect if VPN settings were changed.  

    I'll probably revisit the custom .ADM bits when I get a bit more time.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Introduction Often we come across situations wherein our batch files would be needing to reboot Windows for a variety of reasons. A few of them would be like: (1) Setup files have been updated whose changes can take effect only after a reboot …
    I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now