Solved

Windows Firewall: Define port exceptions - Policy change not taking effect

Posted on 2006-07-14
6
6,806 Views
Last Modified: 2010-03-09
SBS 2003 Domain with XP SP2 clients......

I need to open up port 10000 on all of my clients in order to support Backup Exec. I can go to each XP SP2 client and add 10000 as an exception in the firewall and this works. So basically, I've proven that if I open port 10000 on the clients, I can back them up.

However, I want to configure the port setting through a global server policy from my server. (I don't want to have to manage all of my client settings.) I went to Windows Firewall: Define port exceptions on the server, enabled the policy, and added the following entry:

10000:TCP:*:Enabled:Backup Exec

After rebooting the server and a test client, I expected to see this new exception in the list - I did NOT. Also, I cannot backup this client. It's like it didn't take effect.

How do I get this Global Policy change to take effect?

Thanks,
Greg
0
Comment
Question by:Chief_Architect
  • 3
  • 3
6 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17113382
Moved to SBS Small Business Server TA

TechSoEasy -- EE Page Editor
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17113385
They already are a few steps ahead of you.  :-)

http://support.microsoft.com/kb/873164

Jeff
TechSoEasy
0
 

Author Comment

by:Chief_Architect
ID: 17113686
Thanks Jeff, but I already tried that Microsoft post.

I tried their Method #1. It didn't work. I saw no client changes and I couldn't backup any clients.

Their #2 Method is what I'm trying to avoid. I don't want to have to go to each and every client to manage these firewall settings, individually. I think that's what the Group Policy Settings are for.

Ideally, I would use the Group Policy setting:  Define port exceptions.   But, I can't get it to do anything - Nothing is showing up on the clients.

Greg


0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:Chief_Architect
ID: 17119083
I believe my problem has nothing to do with Backup Exec. I'm just trying to add a port exception to all of my clients. (Any port will do.)

Basically, I'm trying to use the following Group Polciy Setting on my server:  Define port exceptions. In it, I want to define a port (any port), a protocol, etc. (As I listed above in my first post.)

I am expecting that this new port exception should appear in my client's firewall exceptions list. It does not. I see no change on the clients and it appears that the port is not opened.

Has anyone here ever succeeded in using this "Define port exceptions"? If so, what am I missing?

Thanks in advance for any help.

Greg
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17119141
SBS has a GPO that defines the port exceptions, you just need to modify this GPO and it should work for you.

You'll find TWO GPOs in the GPMC, one is Pre-SP2 and the other is Post-SP2 which is titled "Small Business Server Windows Firewall".  Before doing anything, backup all of your GPOs.

Then open that policy and go to Computer Settings > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Define Port Exceptions.

Open that item and you'll see a "Show..." button to click.  This is where you would define the port exception.  

Once you've modified that, run a GPUPDATE /FORCE at the command line on the server.  Then log off and back onto a workstation to check.

If it doesn't work, then on the workstation, run this from the command line:  C:\>GPRESULT /Z >gpresult.txt

This will create a gpresult.txt file that you can post back here.

Jeff
TechSoEasy
0
 

Author Comment

by:Chief_Architect
ID: 17453017
Jeff,

You were exactly right. Thanks for the help.

I made the change in both places and it worked.

Greg
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now