GPO Firewall Policy

With the Firewall settings, Advanced tab, the PC's network connections are displays and you can enable or disable (via check) which connection has the firewall setting applied.  But, when running the firewall settings from a GPO, how can I designate which connection will get the policies.  For example, ActiveSync installs it's own local Mobil network.  I want to be able to excluse that connection from a GPO firewall policy.  Can I?  

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The following website has alot of good information on GPOs relating to the Windows Firewall :

After reading all of the literature, Ive come to the conclusion that Windows / Microsoft does not allow you to pick different connections to apply the firewall to when using a GPO.  It looks like it is a all or nothing type thing.  You have two profiles to choose from when deciding when it will apply the GPO.  They are Domain and Standard.  The only setting under both of these areas that applies to what you are trying to do is the "Windows Firewall : Protect all network connections" setting.  Below is the properties for that setting :

Turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP Service Pack 2.

If you enable this policy setting, Windows Firewall runs and ignores the "Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting.

If you disable this policy setting, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on locally cannot start it.

If you do not configure this policy setting, administrators can use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides.

Hope this helps...Im pretty sure that you want to do something that Microsoft just doesnt allow least as of yet!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I had this same problem.   I decided to have the techs, as part of the VPN configuration process, disable the Windows firewall for the VPN interfaces.  I could find no Microsoft solution, and I was hesitant to make a custom ADM file that could possibly become obsolete or incorrect if VPN settings were changed.  

I'll probably revisit the custom .ADM bits when I get a bit more time.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.