Solved

Windows Vista Firewall -  Computer and User authorization

Posted on 2009-06-29
8
377 Views
Last Modified: 2012-05-07
Hi experts,
i'm trying to create windows vista firewall inbound rules based on predefined firewall groups like remote desktop and eventlog management...
There's is an option the to only allow secure connections where i can configure user and computer accounts which are then allowed to connect to the computer throught the firewall exceptions.

But it is not working.Any ideas?
Do i to have configure ipsec policies as well (ipsec filter - source address, destination address, protocol, port...)?
I don't hope that because it seems to be, that those have to be configured based on ports and not all firewall exception groups i'm trying to use have static ports....
0
Comment
Question by:merowinger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 12

Expert Comment

by:dlan75
ID: 24737171
Hi,
Make sure you have configured your router's nat properly.
You should consider using a third party security software instead of the one included in windows. They work much better.
All firewall rules, on the windows firewall or on any other one are configured on a port basis. Now the third party tools like Kaspersky, Eset, etc, allow the exe of your program to pass through the firewall rules regardless the ports it uses.
0
 
LVL 31

Author Comment

by:merowinger
ID: 24737519
I do not have the choice two choose another firewall.
0
 
LVL 12

Expert Comment

by:dlan75
ID: 24738612
Well sorry but windows firewall is limited compared to third parties ones ! (which sounds normal though) you can only open or close ports on windows firewall.
why don't you get zonealarm personal edition? It is free
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 31

Author Comment

by:merowinger
ID: 24740387
I'm not talking about my home computer!! I'm talking about 1000 clients!! Windows Firewall settings via group policy in an active directory environment!
0
 
LVL 12

Expert Comment

by:dlan75
ID: 24743013
Hi,
Well you still can use gpo to distribute any soft to your clients.
In that kind of environment, you use local firewall only on nomades ! You should normally have a phisical firewall on your network
I'm still sorry but you cannot use windows firewall to allow a specific application on different ports. Well you can do it but then you have to configure all ports used by the app. Can you shorten the port range used by the app?
0
 
LVL 31

Author Comment

by:merowinger
ID: 24743183
In Windows Firewall there are prefenied firewall group "Remote Management", "Eventlog", "FileSystem", Remote-WMI"...
The only problem is, that i want to enable them only for a specific user and computer. This is possible in those predefnied rules...but not working!?!
0
 
LVL 12

Expert Comment

by:dlan75
ID: 24743579
Hi,
You can create a specific configuration for a user then export and import it to all the users that should have it, just saw that on windows 7, should be available on vista
0
 
LVL 31

Accepted Solution

by:
merowinger earned 0 total points
ID: 24743651
It's also possible in Windows Vista yes...but i assume that i need some IPSec Policies as well for the specific ports....
The problem is that some firewall groups like remote management use dynamic ports, so that i don't know which ports to define in the ipsec policy
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question