Avatar of Stiebel Eltron
Stiebel EltronFlag for Thailand asked on

How to resolve Port problem in Firewall exception?

Dear EE,

I would like to ask on how to resolve this problem of mine, I've added a port into the Windows Firewall Exceptions, then during the time that the server is up, it's working, but when we restart the server, some ports are gone from the list of exceptions. For example, I add the port 2007, but when I restart the server it'll be gone & I need to add it up again in order to access the site that use that port.

Thank you!
Windows Server 2008Software Firewalls

Avatar of undefined
Last Comment
Hypercat (Deb)

8/22/2022 - Mon
bgoering

If you are on a domain and there is a domain level firewall policy, then any local chnages will be lost when the domain level policy is applied - such as after a reboot.
Hypercat (Deb)

If your domain level policy is resetting the firewall exceptions, then what you need to do to fix this would be to create a separate group policy and apply it just to this server. Then create the firewall port exceptions you need in that policy and it will be applied to that server only.
ASKER
Stiebel Eltron

@hypercat: How can I create a separate group policy for that server only? Do I need create it thru our main firewall or just in the firewall policy setting of windows server?

Please advise... :-)
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
bgoering

You would need to create another OU in AD, and create a GPO containing the firewall settings for that server and apply to the new OU. Then move that server to be under that new OU
ASKER
Stiebel Eltron

@bgoering: Sorry, but what does "OU" means? :-(
Will it not affect the settings of the other server that needs the Port Exceptions in the Firewall?
bgoering

Sorry - OU is Organizational Unit, group policy settings need to be applied to some container for objects and an OU is such a container. If your firewalls are managed by group policy, and you need different settings for this one server - then you need to move that server to the new container, and create the new group policy and apply it to the new container.

Now if your GPO structure is not restricting overrides, it will likely be easiest to create the new OU inside of your existing GPO - that way you just need to customize the overrides, otherwise you would need to re-create the entire group policy and include the new settings.

Take a look at http://searchwindowsserver.techtarget.com/tutorial/Active-Directory-Tutorial for a short overview of Active Directory objects, containers, and group policy
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Stiebel Eltron

@bgoering: Would u please advise on how to do it, step by step? Is it in AD or do I need to open GPEDIT.MSC?
I'm sorry but I'm not that expert in this area...

Thanks!
ASKER CERTIFIED SOLUTION
bgoering

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Stiebel Eltron

I stopped in this part:
>>Open Group policy management
Right click your new OU and select create a new policy in the domain and link it here
    Give it a name
Right click your new GPO and select Edit, the GP Editor will open
    Drill down to computer policies, Windows settigns, Security Settings, Windows Firewall
    with advanced settings

From there create the firewall configuration for the computer<<

Because I can't see the Create a new policy after I right-clicked the new OU.
Or do I need to select Properties of the new OU, then Group Policy --> New? Please advise...
bgoering

Either way should do it
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
Stiebel Eltron

I couldn't find the Windows Firewall with Advance Settings, anyway, I'm attaching the screenshot of the GPO Editor from our server...
GPO.jpg
Hypercat (Deb)

From your screen capture above, it looks like you're opening the Group Policy console from a Windows 2003 or XP machine. You need to open the group policy from your Windows 2008 Server. The policy you're looking, as explained by bgoering, is only applicable to Windows 2008/Vista/Windows7 machines, so you won't see it listed unless you're running that version of the GPMC.
ASKER
Stiebel Eltron

Yes, I got that screenshot from our main AD, which is running on Windows 2003. The SharePoint Server that is running on Windows 2008 is not a DC, have AD Users and Computers inside Administrative Tools, but I couldn't find on how to create a New GPO on the new OU that have created. Now, I have attached the screenshot of the GPO from that server, I just typed it manually (gpedit.msc) from RUN, kindly check & advise on what to do next.

Thanks!
GPO-Win2008.jpg
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.