How to resolve Port problem in Firewall exception?

Dear EE,

I would like to ask on how to resolve this problem of mine, I've added a port into the Windows Firewall Exceptions, then during the time that the server is up, it's working, but when we restart the server, some ports are gone from the list of exceptions. For example, I add the port 2007, but when I restart the server it'll be gone & I need to add it up again in order to access the site that use that port.

Thank you!
Stiebel EltronAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
bgoeringConnect With a Mentor Commented:
Log on as domain administrator to your domain controller

Open Active Directory Users & Computers

Right click on where you want to create the new OU, suggest right click on your domain - select new, organizational unit

find your computer - if it is a DC it will likely be under domain controllers, otherwise it will likely be under computers - right click the computer, select move, then select your new OU

Open Group policy management
Right click your new OU and select create a new policy in the domain and link it here
    Give it a name
Right click your new GPO and select Edit, the GP Editor will open
    Drill down to computer policies, Windows settigns, Security Settings, Windows Firewall
    with advanced settings

From there create the firewall configuration for the computer

Good Luck
0
 
bgoeringCommented:
If you are on a domain and there is a domain level firewall policy, then any local chnages will be lost when the domain level policy is applied - such as after a reboot.
0
 
Hypercat (Deb)Commented:
If your domain level policy is resetting the firewall exceptions, then what you need to do to fix this would be to create a separate group policy and apply it just to this server. Then create the firewall port exceptions you need in that policy and it will be applied to that server only.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows PowershellĀ® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Stiebel EltronAuthor Commented:
@hypercat: How can I create a separate group policy for that server only? Do I need create it thru our main firewall or just in the firewall policy setting of windows server?

Please advise... :-)
0
 
bgoeringCommented:
You would need to create another OU in AD, and create a GPO containing the firewall settings for that server and apply to the new OU. Then move that server to be under that new OU
0
 
Stiebel EltronAuthor Commented:
@bgoering: Sorry, but what does "OU" means? :-(
Will it not affect the settings of the other server that needs the Port Exceptions in the Firewall?
0
 
bgoeringCommented:
Sorry - OU is Organizational Unit, group policy settings need to be applied to some container for objects and an OU is such a container. If your firewalls are managed by group policy, and you need different settings for this one server - then you need to move that server to the new container, and create the new group policy and apply it to the new container.

Now if your GPO structure is not restricting overrides, it will likely be easiest to create the new OU inside of your existing GPO - that way you just need to customize the overrides, otherwise you would need to re-create the entire group policy and include the new settings.

Take a look at http://searchwindowsserver.techtarget.com/tutorial/Active-Directory-Tutorial for a short overview of Active Directory objects, containers, and group policy
0
 
Stiebel EltronAuthor Commented:
@bgoering: Would u please advise on how to do it, step by step? Is it in AD or do I need to open GPEDIT.MSC?
I'm sorry but I'm not that expert in this area...

Thanks!
0
 
Stiebel EltronAuthor Commented:
I stopped in this part:
>>Open Group policy management
Right click your new OU and select create a new policy in the domain and link it here
    Give it a name
Right click your new GPO and select Edit, the GP Editor will open
    Drill down to computer policies, Windows settigns, Security Settings, Windows Firewall
    with advanced settings

From there create the firewall configuration for the computer<<

Because I can't see the Create a new policy after I right-clicked the new OU.
Or do I need to select Properties of the new OU, then Group Policy --> New? Please advise...
0
 
bgoeringCommented:
Either way should do it
0
 
Stiebel EltronAuthor Commented:
I couldn't find the Windows Firewall with Advance Settings, anyway, I'm attaching the screenshot of the GPO Editor from our server...
GPO.jpg
0
 
Hypercat (Deb)Commented:
From your screen capture above, it looks like you're opening the Group Policy console from a Windows 2003 or XP machine. You need to open the group policy from your Windows 2008 Server. The policy you're looking, as explained by bgoering, is only applicable to Windows 2008/Vista/Windows7 machines, so you won't see it listed unless you're running that version of the GPMC.
0
 
Stiebel EltronAuthor Commented:
Yes, I got that screenshot from our main AD, which is running on Windows 2003. The SharePoint Server that is running on Windows 2008 is not a DC, have AD Users and Computers inside Administrative Tools, but I couldn't find on how to create a New GPO on the new OU that have created. Now, I have attached the screenshot of the GPO from that server, I just typed it manually (gpedit.msc) from RUN, kindly check & advise on what to do next.

Thanks!
GPO-Win2008.jpg
0
 
Hypercat (Deb)Connect With a Mentor Commented:
You can set your exceptions here for the local computer. Since you are editing the local computer policy, it will apply only to this server. As long as you don't have any firewall policies on your domain-wide policy that will conflict, it should work fine. You can confirm this by running gpupdate /force after you create the new policy and then check the firewall settings, or you can run gpresult from a command line.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.