Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6827
  • Last Modified:

Windows Firewall: Define port exceptions - Policy change not taking effect

SBS 2003 Domain with XP SP2 clients......

I need to open up port 10000 on all of my clients in order to support Backup Exec. I can go to each XP SP2 client and add 10000 as an exception in the firewall and this works. So basically, I've proven that if I open port 10000 on the clients, I can back them up.

However, I want to configure the port setting through a global server policy from my server. (I don't want to have to manage all of my client settings.) I went to Windows Firewall: Define port exceptions on the server, enabled the policy, and added the following entry:

10000:TCP:*:Enabled:Backup Exec

After rebooting the server and a test client, I expected to see this new exception in the list - I did NOT. Also, I cannot backup this client. It's like it didn't take effect.

How do I get this Global Policy change to take effect?

Thanks,
Greg
0
Chief_Architect
Asked:
Chief_Architect
  • 3
  • 3
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Moved to SBS Small Business Server TA

TechSoEasy -- EE Page Editor
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
They already are a few steps ahead of you.  :-)

http://support.microsoft.com/kb/873164

Jeff
TechSoEasy
0
 
Chief_ArchitectAuthor Commented:
Thanks Jeff, but I already tried that Microsoft post.

I tried their Method #1. It didn't work. I saw no client changes and I couldn't backup any clients.

Their #2 Method is what I'm trying to avoid. I don't want to have to go to each and every client to manage these firewall settings, individually. I think that's what the Group Policy Settings are for.

Ideally, I would use the Group Policy setting:  Define port exceptions.   But, I can't get it to do anything - Nothing is showing up on the clients.

Greg


0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Chief_ArchitectAuthor Commented:
I believe my problem has nothing to do with Backup Exec. I'm just trying to add a port exception to all of my clients. (Any port will do.)

Basically, I'm trying to use the following Group Polciy Setting on my server:  Define port exceptions. In it, I want to define a port (any port), a protocol, etc. (As I listed above in my first post.)

I am expecting that this new port exception should appear in my client's firewall exceptions list. It does not. I see no change on the clients and it appears that the port is not opened.

Has anyone here ever succeeded in using this "Define port exceptions"? If so, what am I missing?

Thanks in advance for any help.

Greg
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
SBS has a GPO that defines the port exceptions, you just need to modify this GPO and it should work for you.

You'll find TWO GPOs in the GPMC, one is Pre-SP2 and the other is Post-SP2 which is titled "Small Business Server Windows Firewall".  Before doing anything, backup all of your GPOs.

Then open that policy and go to Computer Settings > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Define Port Exceptions.

Open that item and you'll see a "Show..." button to click.  This is where you would define the port exception.  

Once you've modified that, run a GPUPDATE /FORCE at the command line on the server.  Then log off and back onto a workstation to check.

If it doesn't work, then on the workstation, run this from the command line:  C:\>GPRESULT /Z >gpresult.txt

This will create a gpresult.txt file that you can post back here.

Jeff
TechSoEasy
0
 
Chief_ArchitectAuthor Commented:
Jeff,

You were exactly right. Thanks for the help.

I made the change in both places and it worked.

Greg
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now