Solved

Windows Firewall: Define port exceptions - Policy change not taking effect

Posted on 2006-07-14
6
6,809 Views
Last Modified: 2010-03-09
SBS 2003 Domain with XP SP2 clients......

I need to open up port 10000 on all of my clients in order to support Backup Exec. I can go to each XP SP2 client and add 10000 as an exception in the firewall and this works. So basically, I've proven that if I open port 10000 on the clients, I can back them up.

However, I want to configure the port setting through a global server policy from my server. (I don't want to have to manage all of my client settings.) I went to Windows Firewall: Define port exceptions on the server, enabled the policy, and added the following entry:

10000:TCP:*:Enabled:Backup Exec

After rebooting the server and a test client, I expected to see this new exception in the list - I did NOT. Also, I cannot backup this client. It's like it didn't take effect.

How do I get this Global Policy change to take effect?

Thanks,
Greg
0
Comment
Question by:Chief_Architect
  • 3
  • 3
6 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17113382
Moved to SBS Small Business Server TA

TechSoEasy -- EE Page Editor
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17113385
They already are a few steps ahead of you.  :-)

http://support.microsoft.com/kb/873164

Jeff
TechSoEasy
0
 

Author Comment

by:Chief_Architect
ID: 17113686
Thanks Jeff, but I already tried that Microsoft post.

I tried their Method #1. It didn't work. I saw no client changes and I couldn't backup any clients.

Their #2 Method is what I'm trying to avoid. I don't want to have to go to each and every client to manage these firewall settings, individually. I think that's what the Group Policy Settings are for.

Ideally, I would use the Group Policy setting:  Define port exceptions.   But, I can't get it to do anything - Nothing is showing up on the clients.

Greg


0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Chief_Architect
ID: 17119083
I believe my problem has nothing to do with Backup Exec. I'm just trying to add a port exception to all of my clients. (Any port will do.)

Basically, I'm trying to use the following Group Polciy Setting on my server:  Define port exceptions. In it, I want to define a port (any port), a protocol, etc. (As I listed above in my first post.)

I am expecting that this new port exception should appear in my client's firewall exceptions list. It does not. I see no change on the clients and it appears that the port is not opened.

Has anyone here ever succeeded in using this "Define port exceptions"? If so, what am I missing?

Thanks in advance for any help.

Greg
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17119141
SBS has a GPO that defines the port exceptions, you just need to modify this GPO and it should work for you.

You'll find TWO GPOs in the GPMC, one is Pre-SP2 and the other is Post-SP2 which is titled "Small Business Server Windows Firewall".  Before doing anything, backup all of your GPOs.

Then open that policy and go to Computer Settings > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Define Port Exceptions.

Open that item and you'll see a "Show..." button to click.  This is where you would define the port exception.  

Once you've modified that, run a GPUPDATE /FORCE at the command line on the server.  Then log off and back onto a workstation to check.

If it doesn't work, then on the workstation, run this from the command line:  C:\>GPRESULT /Z >gpresult.txt

This will create a gpresult.txt file that you can post back here.

Jeff
TechSoEasy
0
 

Author Comment

by:Chief_Architect
ID: 17453017
Jeff,

You were exactly right. Thanks for the help.

I made the change in both places and it worked.

Greg
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question