Solved

GPO WF for a WIndows 2003 forest/domain

Posted on 2014-09-10
1
370 Views
Last Modified: 2014-09-23
Hi Experts,

Issue

Windows Firewall is preventing ping and RDP to all Windows 7 laptops. I need to create
a GPO or script to allow incoming ping & RDP to all laptops located on a VLAN /SITE from all machines sources
from 2 different subnets 172.20.3 and 172.20.4

Can you please provide all steps required to implement this GPO or script?

Also, I need to prevent any corruptions with the policies that are currently being applied to laptops. Any suggestions here?

My environment as per below

Windows 2003 Forest/domain functional level

Windows 7 SP1 os clients

McAfee 8.0  installed on all machines

I would like to see your recommendations to prevent any corruption because of new firewall gpo policy, and all steps required to apply the new gpo to allow incoming traffic for ping and RDP for computers from two different subnets
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 9

Accepted Solution

by:
Christopher Jay Wolff earned 500 total points
ID: 40316241
Hmm.  I don't have all your answers, but maybe some information that you'd find useful since no one has responded yet.

Just to cover the bases, you're probably already aware of the human steps to getting through the firewall as described here.
http://windows.microsoft.com/en-US/windows7/allow-remote-desktop-connections-from-outside-your-home-network

Then these folks fixed up their firewall with a nice GPO for Skype at their workplace and the method should prove useful to your application.
http://www.howtogeek.com/100409/group-policy-geek-how-to-control-the-windows-firewall-with-a-gpo/

Is this infinite universes away from what you're looking for?

Then, if you need greater control/security you could get a C++ expert to write your own WFP stuff as discussed here...
http://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx

from that page click "using windows filtering platform"  then click "Permitting and Blocking Applications and Users" and the associated example C++ code for filtering by app or user is here...
http://msdn.microsoft.com/en-us/library/windows/desktop/bb427381(v=vs.85).aspx
also note in the left margin the example under "reserving ports."
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question