Solved

Windows Vista Firewall -  Computer and User authorization

Posted on 2009-06-29
8
373 Views
Last Modified: 2012-05-07
Hi experts,
i'm trying to create windows vista firewall inbound rules based on predefined firewall groups like remote desktop and eventlog management...
There's is an option the to only allow secure connections where i can configure user and computer accounts which are then allowed to connect to the computer throught the firewall exceptions.

But it is not working.Any ideas?
Do i to have configure ipsec policies as well (ipsec filter - source address, destination address, protocol, port...)?
I don't hope that because it seems to be, that those have to be configured based on ports and not all firewall exception groups i'm trying to use have static ports....
0
Comment
Question by:merowinger
  • 4
  • 4
8 Comments
 
LVL 12

Expert Comment

by:dlan75
ID: 24737171
Hi,
Make sure you have configured your router's nat properly.
You should consider using a third party security software instead of the one included in windows. They work much better.
All firewall rules, on the windows firewall or on any other one are configured on a port basis. Now the third party tools like Kaspersky, Eset, etc, allow the exe of your program to pass through the firewall rules regardless the ports it uses.
0
 
LVL 31

Author Comment

by:merowinger
ID: 24737519
I do not have the choice two choose another firewall.
0
 
LVL 12

Expert Comment

by:dlan75
ID: 24738612
Well sorry but windows firewall is limited compared to third parties ones ! (which sounds normal though) you can only open or close ports on windows firewall.
why don't you get zonealarm personal edition? It is free
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 31

Author Comment

by:merowinger
ID: 24740387
I'm not talking about my home computer!! I'm talking about 1000 clients!! Windows Firewall settings via group policy in an active directory environment!
0
 
LVL 12

Expert Comment

by:dlan75
ID: 24743013
Hi,
Well you still can use gpo to distribute any soft to your clients.
In that kind of environment, you use local firewall only on nomades ! You should normally have a phisical firewall on your network
I'm still sorry but you cannot use windows firewall to allow a specific application on different ports. Well you can do it but then you have to configure all ports used by the app. Can you shorten the port range used by the app?
0
 
LVL 31

Author Comment

by:merowinger
ID: 24743183
In Windows Firewall there are prefenied firewall group "Remote Management", "Eventlog", "FileSystem", Remote-WMI"...
The only problem is, that i want to enable them only for a specific user and computer. This is possible in those predefnied rules...but not working!?!
0
 
LVL 12

Expert Comment

by:dlan75
ID: 24743579
Hi,
You can create a specific configuration for a user then export and import it to all the users that should have it, just saw that on windows 7, should be available on vista
0
 
LVL 31

Accepted Solution

by:
merowinger earned 0 total points
ID: 24743651
It's also possible in Windows Vista yes...but i assume that i need some IPSec Policies as well for the specific ports....
The problem is that some firewall groups like remote management use dynamic ports, so that i don't know which ports to define in the ipsec policy
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question