SBS 2011 Firewall GPO

Hello Experts,

I need to open a few ports in Windows Firewall for several users/computers in our domain. It's a Windows SBS 2011 box. Does anyone have an easy to follow guide on how to do this using group policy? Or another suggestion?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Windows Firewall is in computer policies. Group all your user computers in an ou, create a gpo in ou, and open Group Policy MMC. Go to Computer Config -> Polices -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Inbound Rules. Right click and select new rule and follow the wizard. Pretty straight forward. The wizard even has a few Predefined Rules for common services like Remote Desktop or Remote Services.
Rob WilliamsCommented:
Pete Long has a nice article on the specific policies and their locations, complete with screen shots. He references port 3389 but you can substitute the ports you require.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Larry Struckmeyer MVPCommented:
Good advice all.  Please don't alter the policies that are pre installed.  If the new policy is to open port 18026 incoming for a specific peice of software, say "Snakebite", then create a  new policy, link it at the domain level (if you want all users to have that policy) and name it: "Snakebite, Incoming Port 18026"
Rob WilliamsCommented:
Interesting point fl_flyfishing, however are the policies additive or might the existing firewall policy override the exception?  I am not sure. Normally I always suggest a new policy with a name that makes sense.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.