Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 658
  • Last Modified:

Group Policy SBS domain firewall add an allow

Managing SBS 2011 domain.  I am installing shadow Protect on each of the machines and getting an error.  Shadow Protect sent me a link to this page, but I don't know how to do that with the (default?) group policy that keeps you from changing the firewall on domain member desktops.

http://www.storagecraft.com/support/kb/article/95

can  you help me?
0
BeGentleWithMe-INeedHelp
Asked:
BeGentleWithMe-INeedHelp
  • 2
  • 2
1 Solution
 
BlueComputeCommented:
This is actually pretty easy on SBS2011.
Open up the Group Policy Management administrative tool. There you'll see a list of policies. Firewall configuration is a machine-level setting, so I'd be inclined to set it in the "Windows SBS Client - Windows 7 and Windows Vista" policy, which is linked under MyBusiness --> Computers --> SBSComputers. Find the policy there, right-click on it and select "Edit".
In the group policy editor, drill down to Computer configuration --> Windows Settings --> Security Settings --> Windows Firewall with Advanced Security --> Windows Firewall wiht Advanced Security --> Inbound Rules. Right-click in the empty space on the right and select "new rule". Select "Predefined" then select "Windows Management Instrumentation" in the dropdown.  Next through to the end of the wizard and the rule should be added to the policy.
To test, either reboot a client computer twice, or run "GPUPDATE /FORCE" on a client computer.
0
 
BeGentleWithMe-INeedHelpAuthor Commented:
Thanks.  when I chose wmi from the predefined, I got 3 different ones and checked all 3- dcom-in, asynch-in and wmi-in, I did your steps with the gpupdate /force and it said it was successful. and tried to connect.  I got 'the RPC server is not available' again.

Looking at the steps in that link, I did them manually with wf.msc .... I added the program (your steps above don't touch on that).  Once I did that, form the machine itself, I can connect to that computer. I added the program in the Group policy like I did manually on some machines. I think I got it working, although SP is still throwing errors about connectivitiy, but I'll deal with them.

thanks!
0
 
BlueComputeCommented:
Hi,

Yep, just re-read the instructions from ShadowProtect and you're quite right; I missed a step - you neeed the WMI rules and the extra one for the ShadowProtect service. Just to clarify you did manage to get it working from Group Policy rather than doing it manually on each PC once you'd found out which rules needed adding?

Cheers,

BC
0
 
BeGentleWithMe-INeedHelpAuthor Commented:
yea, I think so.  thanks again.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now