Solved

Windows Firewall: Define port exceptions - Policy change not taking effect

Posted on 2006-07-14
6
6,805 Views
Last Modified: 2010-03-09
SBS 2003 Domain with XP SP2 clients......

I need to open up port 10000 on all of my clients in order to support Backup Exec. I can go to each XP SP2 client and add 10000 as an exception in the firewall and this works. So basically, I've proven that if I open port 10000 on the clients, I can back them up.

However, I want to configure the port setting through a global server policy from my server. (I don't want to have to manage all of my client settings.) I went to Windows Firewall: Define port exceptions on the server, enabled the policy, and added the following entry:

10000:TCP:*:Enabled:Backup Exec

After rebooting the server and a test client, I expected to see this new exception in the list - I did NOT. Also, I cannot backup this client. It's like it didn't take effect.

How do I get this Global Policy change to take effect?

Thanks,
Greg
0
Comment
Question by:Chief_Architect
  • 3
  • 3
6 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Moved to SBS Small Business Server TA

TechSoEasy -- EE Page Editor
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
They already are a few steps ahead of you.  :-)

http://support.microsoft.com/kb/873164

Jeff
TechSoEasy
0
 

Author Comment

by:Chief_Architect
Comment Utility
Thanks Jeff, but I already tried that Microsoft post.

I tried their Method #1. It didn't work. I saw no client changes and I couldn't backup any clients.

Their #2 Method is what I'm trying to avoid. I don't want to have to go to each and every client to manage these firewall settings, individually. I think that's what the Group Policy Settings are for.

Ideally, I would use the Group Policy setting:  Define port exceptions.   But, I can't get it to do anything - Nothing is showing up on the clients.

Greg


0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:Chief_Architect
Comment Utility
I believe my problem has nothing to do with Backup Exec. I'm just trying to add a port exception to all of my clients. (Any port will do.)

Basically, I'm trying to use the following Group Polciy Setting on my server:  Define port exceptions. In it, I want to define a port (any port), a protocol, etc. (As I listed above in my first post.)

I am expecting that this new port exception should appear in my client's firewall exceptions list. It does not. I see no change on the clients and it appears that the port is not opened.

Has anyone here ever succeeded in using this "Define port exceptions"? If so, what am I missing?

Thanks in advance for any help.

Greg
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
Comment Utility
SBS has a GPO that defines the port exceptions, you just need to modify this GPO and it should work for you.

You'll find TWO GPOs in the GPMC, one is Pre-SP2 and the other is Post-SP2 which is titled "Small Business Server Windows Firewall".  Before doing anything, backup all of your GPOs.

Then open that policy and go to Computer Settings > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Define Port Exceptions.

Open that item and you'll see a "Show..." button to click.  This is where you would define the port exception.  

Once you've modified that, run a GPUPDATE /FORCE at the command line on the server.  Then log off and back onto a workstation to check.

If it doesn't work, then on the workstation, run this from the command line:  C:\>GPRESULT /Z >gpresult.txt

This will create a gpresult.txt file that you can post back here.

Jeff
TechSoEasy
0
 

Author Comment

by:Chief_Architect
Comment Utility
Jeff,

You were exactly right. Thanks for the help.

I made the change in both places and it worked.

Greg
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now