Solved

Windows Vista Firewall -  Computer and User authorization

Posted on 2009-06-29
8
375 Views
Last Modified: 2012-05-07
Hi experts,
i'm trying to create windows vista firewall inbound rules based on predefined firewall groups like remote desktop and eventlog management...
There's is an option the to only allow secure connections where i can configure user and computer accounts which are then allowed to connect to the computer throught the firewall exceptions.

But it is not working.Any ideas?
Do i to have configure ipsec policies as well (ipsec filter - source address, destination address, protocol, port...)?
I don't hope that because it seems to be, that those have to be configured based on ports and not all firewall exception groups i'm trying to use have static ports....
0
Comment
Question by:merowinger
  • 4
  • 4
8 Comments
 
LVL 12

Expert Comment

by:dlan75
ID: 24737171
Hi,
Make sure you have configured your router's nat properly.
You should consider using a third party security software instead of the one included in windows. They work much better.
All firewall rules, on the windows firewall or on any other one are configured on a port basis. Now the third party tools like Kaspersky, Eset, etc, allow the exe of your program to pass through the firewall rules regardless the ports it uses.
0
 
LVL 31

Author Comment

by:merowinger
ID: 24737519
I do not have the choice two choose another firewall.
0
 
LVL 12

Expert Comment

by:dlan75
ID: 24738612
Well sorry but windows firewall is limited compared to third parties ones ! (which sounds normal though) you can only open or close ports on windows firewall.
why don't you get zonealarm personal edition? It is free
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 31

Author Comment

by:merowinger
ID: 24740387
I'm not talking about my home computer!! I'm talking about 1000 clients!! Windows Firewall settings via group policy in an active directory environment!
0
 
LVL 12

Expert Comment

by:dlan75
ID: 24743013
Hi,
Well you still can use gpo to distribute any soft to your clients.
In that kind of environment, you use local firewall only on nomades ! You should normally have a phisical firewall on your network
I'm still sorry but you cannot use windows firewall to allow a specific application on different ports. Well you can do it but then you have to configure all ports used by the app. Can you shorten the port range used by the app?
0
 
LVL 31

Author Comment

by:merowinger
ID: 24743183
In Windows Firewall there are prefenied firewall group "Remote Management", "Eventlog", "FileSystem", Remote-WMI"...
The only problem is, that i want to enable them only for a specific user and computer. This is possible in those predefnied rules...but not working!?!
0
 
LVL 12

Expert Comment

by:dlan75
ID: 24743579
Hi,
You can create a specific configuration for a user then export and import it to all the users that should have it, just saw that on windows 7, should be available on vista
0
 
LVL 31

Accepted Solution

by:
merowinger earned 0 total points
ID: 24743651
It's also possible in Windows Vista yes...but i assume that i need some IPSec Policies as well for the specific ports....
The problem is that some firewall groups like remote management use dynamic ports, so that i don't know which ports to define in the ipsec policy
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question