• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 431
  • Last Modified:

SBS 2011 Firewall for connected desktops

I would like to allow only specific computers on the network to disable the windows firewall.  We have an older piece of software that communicates with a Xerox 6204 through the network and it will only successfully communicate when the firewall is off.  I have the software added to the exceptions list but this does not seem to matter.  Any advice is appreciated.
0
EMB_Corporation
Asked:
EMB_Corporation
  • 2
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The firewall is handled by a Group Policy on your SBS 2011.  You can create exceptions to that by denying delegation of the policy to the specific computers.  

I suggest that you create a security group and add the computers you want to affect to that group.  Then when you set the deny config in the GPO you can just list the Security Group.

Info on how to configure this is here:  http://support.microsoft.com/kb/816100

Jeff
TechSoEasy
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
On second thought... SBS 2011's Group Policy is a comprehensive "Client" policy... which includes things other than the Firewall.

The GPO's are:
Windows SBS Client - Windows 7 and Windows Vista Policy
Windows SBS Client - Windows XP Policy

If you fully deny these to some machines, those machines will not get other important settings.

So, my other solution would be to use SysInternals ProcMon (http://live.sysinternals.com/procmon.exe) to see exactly which port might need to be added to the firewall exceptions on the workstations.

Jeff
TechSoEasy
0
 
EMB_CorporationAuthor Commented:
Thanks for the help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now