Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows Firewall: Define port exceptions - Policy change not taking effect

Posted on 2006-07-14
6
Medium Priority
?
6,822 Views
Last Modified: 2010-03-09
SBS 2003 Domain with XP SP2 clients......

I need to open up port 10000 on all of my clients in order to support Backup Exec. I can go to each XP SP2 client and add 10000 as an exception in the firewall and this works. So basically, I've proven that if I open port 10000 on the clients, I can back them up.

However, I want to configure the port setting through a global server policy from my server. (I don't want to have to manage all of my client settings.) I went to Windows Firewall: Define port exceptions on the server, enabled the policy, and added the following entry:

10000:TCP:*:Enabled:Backup Exec

After rebooting the server and a test client, I expected to see this new exception in the list - I did NOT. Also, I cannot backup this client. It's like it didn't take effect.

How do I get this Global Policy change to take effect?

Thanks,
Greg
0
Comment
Question by:Chief_Architect
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17113382
Moved to SBS Small Business Server TA

TechSoEasy -- EE Page Editor
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17113385
They already are a few steps ahead of you.  :-)

http://support.microsoft.com/kb/873164

Jeff
TechSoEasy
0
 

Author Comment

by:Chief_Architect
ID: 17113686
Thanks Jeff, but I already tried that Microsoft post.

I tried their Method #1. It didn't work. I saw no client changes and I couldn't backup any clients.

Their #2 Method is what I'm trying to avoid. I don't want to have to go to each and every client to manage these firewall settings, individually. I think that's what the Group Policy Settings are for.

Ideally, I would use the Group Policy setting:  Define port exceptions.   But, I can't get it to do anything - Nothing is showing up on the clients.

Greg


0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:Chief_Architect
ID: 17119083
I believe my problem has nothing to do with Backup Exec. I'm just trying to add a port exception to all of my clients. (Any port will do.)

Basically, I'm trying to use the following Group Polciy Setting on my server:  Define port exceptions. In it, I want to define a port (any port), a protocol, etc. (As I listed above in my first post.)

I am expecting that this new port exception should appear in my client's firewall exceptions list. It does not. I see no change on the clients and it appears that the port is not opened.

Has anyone here ever succeeded in using this "Define port exceptions"? If so, what am I missing?

Thanks in advance for any help.

Greg
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 17119141
SBS has a GPO that defines the port exceptions, you just need to modify this GPO and it should work for you.

You'll find TWO GPOs in the GPMC, one is Pre-SP2 and the other is Post-SP2 which is titled "Small Business Server Windows Firewall".  Before doing anything, backup all of your GPOs.

Then open that policy and go to Computer Settings > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Define Port Exceptions.

Open that item and you'll see a "Show..." button to click.  This is where you would define the port exception.  

Once you've modified that, run a GPUPDATE /FORCE at the command line on the server.  Then log off and back onto a workstation to check.

If it doesn't work, then on the workstation, run this from the command line:  C:\>GPRESULT /Z >gpresult.txt

This will create a gpresult.txt file that you can post back here.

Jeff
TechSoEasy
0
 

Author Comment

by:Chief_Architect
ID: 17453017
Jeff,

You were exactly right. Thanks for the help.

I made the change in both places and it worked.

Greg
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question