Solved

Adding exceptions to Windows Firewall via Group Policy

Posted on 2014-04-18
3
983 Views
Last Modified: 2014-05-03
I'm trying to get PST Station software working across the domain and have run into problems:

Overview:
PST Station is a software that runs across the network collecting backing up PST file to a shared folder on a server.

Issue:
The problem that i ran into was that when the Client software on all user's computer started for the first time triggered Windows firewall to prompt users to either ALLOW or BLOCK it. Of course they chose to BLOCK even after I specifically told them to ALLOW! Ugghh...
Since we have over 1200 computers across the US I need to find a way to fix this via GPO and since the software runs on ports 3833 and 3835, I've created an entry under
Default Domain Policy|Computer Condfiguration|Polices|Administrative Templates|Network|Network Connections|Windows Firewall|Domain Profile
Windows Firewall: Define inbound Port Exceptions
to ALLOW these two ports with the string under Define port exceptions:
 
3835:TCP:localsubnet,10.0.0.0/8:enabled:PSTClient - Port 3835
3833:TCP:localsubnet,10.0.0.0/8:enabled:PSTClient - Port 3833


That works fine for the most part because the port is by all means OPEN (tested with Telnet).  
The trouble that remains is the stupid software gets hung because on those computers that have initially selected to "BLOCK" still have the entries listed in their Windows Firewall, matter of fact it has both ALLOW Port 3833 abd 3835 and BLOCK Port 3833 abd 3835

My question is HOW do I remove the blocked ones from the windows firewall?
PST-firewall-ports.jpg
0
Comment
Question by:Floyd_Droid
  • 2
3 Comments
 
LVL 27

Expert Comment

by:serialband
ID: 40009828
Microsoft has a technet link that describes all the steps.  http://technet.microsoft.com/en-us/library/bb490626.aspx

Load a clean registry hive and save it to a file, then run the reg command on the remote system to load the registry settings you want.

http://blog.jkvine.com/2009/10/06/windows-firewall-registry-keys/
The group policy rules might be here.

Here's an example line taken from the above link.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

netsh advfirewall firewall add rule name="WePrint" dir=in action=allow profile=any description="WePrint Firewall Exception" program="C:\Program Files\WePrint\WePrint Server.exe"

Open in new window

And after FW GPO deployed, those rules are created under
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
0
 

Accepted Solution

by:
Floyd_Droid earned 0 total points
ID: 40027227
Sorry, I appreciate the effort but your directions did not help, not to mention are very confusing for an average user (they spoke of Windows XP while I'm working in Windows 2008 Server) and since the magnitude of the network with mostly Windows 7 and few hundred Windows XP workstaions... imodifing the regisrty was not something I was willing to chance.
 
Instead I was able create and run a script file instead that removed the entries from both Windows 7 and Windows XP:

@echo off
REM
REM SCRIPT TO REMOVE THE "BLOCKED" LOCAL FIREWALL POLICY THAT GOT ADDED TO SOME CLIENT WORKSTATIONS
REM THIS SCRIPT CAN BE CALLED THROUGH A COMPUTER STARTUP SCRIPT IN GROUP POLICY
REM RHK - 2014-04-23
REM
REM Win 7 64 bit
REM
c:\windows\system32\netsh.exe advfirewall delete rule name="PSTStation.Client" program="C:\program files (x86)\pststation client\pststationclient.exe"
REM
REM Win 7 32 bit
REM
c:\windows\system32\netsh.exe advfirewall delete rule name="PSTStation.Client" program="C:\program files\pststation client\pststationclient.exe"
REM
REM Win XP 64 bit
REM
c:\windows\system32\netsh.exe firewall delete allowedprogram "C:\program files (x86)\pststation client\pststationclient.exe"
REM
REM Win XP 32 bit
REM
c:\windows\system32\netsh.exe firewall delete allowedprogram "C:\program files\pststation client\pststationclient.exe"
0
 

Author Closing Comment

by:Floyd_Droid
ID: 40039034
Since there was just one reply and the suggested solution would not have worked and I ended up resolviong this issue with a totally different way that works. I therefore, claim my own documented solution.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now