Solved

How to resolve Port problem in Firewall exception?

Posted on 2010-11-10
14
746 Views
Last Modified: 2012-05-10
Dear EE,

I would like to ask on how to resolve this problem of mine, I've added a port into the Windows Firewall Exceptions, then during the time that the server is up, it's working, but when we restart the server, some ports are gone from the list of exceptions. For example, I add the port 2007, but when I restart the server it'll be gone & I need to add it up again in order to access the site that use that port.

Thank you!
0
Comment
Question by:Stiebel Eltron
  • 6
  • 5
  • 3
14 Comments
 
LVL 28

Expert Comment

by:bgoering
ID: 34112460
If you are on a domain and there is a domain level firewall policy, then any local chnages will be lost when the domain level policy is applied - such as after a reboot.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 34115014
If your domain level policy is resetting the firewall exceptions, then what you need to do to fix this would be to create a separate group policy and apply it just to this server. Then create the firewall port exceptions you need in that policy and it will be applied to that server only.
0
 

Author Comment

by:Stiebel Eltron
ID: 34117354
@hypercat: How can I create a separate group policy for that server only? Do I need create it thru our main firewall or just in the firewall policy setting of windows server?

Please advise... :-)
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34117372
You would need to create another OU in AD, and create a GPO containing the firewall settings for that server and apply to the new OU. Then move that server to be under that new OU
0
 

Author Comment

by:Stiebel Eltron
ID: 34117382
@bgoering: Sorry, but what does "OU" means? :-(
Will it not affect the settings of the other server that needs the Port Exceptions in the Firewall?
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34117411
Sorry - OU is Organizational Unit, group policy settings need to be applied to some container for objects and an OU is such a container. If your firewalls are managed by group policy, and you need different settings for this one server - then you need to move that server to the new container, and create the new group policy and apply it to the new container.

Now if your GPO structure is not restricting overrides, it will likely be easiest to create the new OU inside of your existing GPO - that way you just need to customize the overrides, otherwise you would need to re-create the entire group policy and include the new settings.

Take a look at http://searchwindowsserver.techtarget.com/tutorial/Active-Directory-Tutorial for a short overview of Active Directory objects, containers, and group policy
0
 

Author Comment

by:Stiebel Eltron
ID: 34118277
@bgoering: Would u please advise on how to do it, step by step? Is it in AD or do I need to open GPEDIT.MSC?
I'm sorry but I'm not that expert in this area...

Thanks!
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 28

Accepted Solution

by:
bgoering earned 250 total points
ID: 34118308
Log on as domain administrator to your domain controller

Open Active Directory Users & Computers

Right click on where you want to create the new OU, suggest right click on your domain - select new, organizational unit

find your computer - if it is a DC it will likely be under domain controllers, otherwise it will likely be under computers - right click the computer, select move, then select your new OU

Open Group policy management
Right click your new OU and select create a new policy in the domain and link it here
    Give it a name
Right click your new GPO and select Edit, the GP Editor will open
    Drill down to computer policies, Windows settigns, Security Settings, Windows Firewall
    with advanced settings

From there create the firewall configuration for the computer

Good Luck
0
 

Author Comment

by:Stiebel Eltron
ID: 34118355
I stopped in this part:
>>Open Group policy management
Right click your new OU and select create a new policy in the domain and link it here
    Give it a name
Right click your new GPO and select Edit, the GP Editor will open
    Drill down to computer policies, Windows settigns, Security Settings, Windows Firewall
    with advanced settings

From there create the firewall configuration for the computer<<

Because I can't see the Create a new policy after I right-clicked the new OU.
Or do I need to select Properties of the new OU, then Group Policy --> New? Please advise...
0
 
LVL 28

Expert Comment

by:bgoering
ID: 34119741
Either way should do it
0
 

Author Comment

by:Stiebel Eltron
ID: 34122949
I couldn't find the Windows Firewall with Advance Settings, anyway, I'm attaching the screenshot of the GPO Editor from our server...
GPO.jpg
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 34124593
From your screen capture above, it looks like you're opening the Group Policy console from a Windows 2003 or XP machine. You need to open the group policy from your Windows 2008 Server. The policy you're looking, as explained by bgoering, is only applicable to Windows 2008/Vista/Windows7 machines, so you won't see it listed unless you're running that version of the GPMC.
0
 

Author Comment

by:Stiebel Eltron
ID: 34126009
Yes, I got that screenshot from our main AD, which is running on Windows 2003. The SharePoint Server that is running on Windows 2008 is not a DC, have AD Users and Computers inside Administrative Tools, but I couldn't find on how to create a New GPO on the new OU that have created. Now, I have attached the screenshot of the GPO from that server, I just typed it manually (gpedit.msc) from RUN, kindly check & advise on what to do next.

Thanks!
GPO-Win2008.jpg
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 250 total points
ID: 34127812
You can set your exceptions here for the local computer. Since you are editing the local computer policy, it will apply only to this server. As long as you don't have any firewall policies on your domain-wide policy that will conflict, it should work fine. You can confirm this by running gpupdate /force after you create the new policy and then check the firewall settings, or you can run gpresult from a command line.
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now