[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 81
  • Last Modified:

create a GPO to allow an inbount rule

Hi,

I need to create a GPO to add an inbound rule of a Windows 7 firewall to allow a specific TCP port.

Our DC is running Windows 2008.

Please advise how to do that.

Thanks.
0
nav2567
Asked:
nav2567
  • 6
  • 4
  • 4
2 Solutions
 
becraigCommented:
Here is a very clear step by step
http://www.grouppolicy.biz/2010/07/how-to-manage-windows-firewall-settings-using-group-policy/

Basically you just need to load firewall control panel
Create the policy
Export the policy
Then load the group policy manager, navigate to firewall rules/ inbound
Import the policy
0
 
McKnifeCommented:
But would he want to import the whole policy (=all rules of the computer you export from)? I'd simply add this one rule.
0
 
nav2567Author Commented:
I need to ADD a policy for the PC to allow a specify incoming port, and also MODIFY a few existing incoming policies and add an IP address to their scope.  

I am see double entries on the MODIFIED incoming policies.  Please see attached.
fw.png
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
McKnifeCommented:
As far as I know, you can use GPOs only to add rules, not to modify existing ones.
You would need to resort to startup scripts that make use of the command netsh.exe /firewall  to make granular changes to existing ones.
0
 
nav2567Author Commented:
I forgot to say, besides the double entries, I also do not see the rule I added before I exported.
0
 
becraigCommented:
Adding to what MCKnife is indicating my steps are an expectation that you have a computer that will drive firewall policy where configs are made and then imported  for that GPO.

If you have a server by server need then you will have to use netsh. e.g
netsh advfirewall firewall add rule name=FWRule_Name dir=in protocol=tcp localport=xxx-xxxx action=allow

Open in new window

0
 
nav2567Author Commented:
These were what I did:
. create a new rule in Inbound Rules
. After finish, click "Windows Firewall with Advanced Security on Local Computer"
. Action
. export policy
. copy saved policy to a domain controller
. open up gpmc
. create a new GPO
. edit gpo and edit computer configuration>policies>windows settings>security settings>windows firewall with advance security
. import the policy.

Please let me know I miss anything.

Thanks.
0
 
McKnifeCommented:
Again let's look at what leads to those doubles you see: the policies you set via GPO will not overwrite the present ones. They will co-exist. That's why we recommend netsh-scripting.
0
 
nav2567Author Commented:
Ok, fine.

Any idea of why the new rule was not added?
0
 
McKnifeCommented:
Are you sure that is wasn't? Because what your picture shows are not the same rules - they differ in the rightmost column.
0
 
becraigCommented:
There should be no reason why the defined rule did not show up.

You can go ahead and add it using netsh and check again.

Can you give any details on the rule you are trying to add
0
 
nav2567Author Commented:
I see the added rule now.  

I am going to export one more time without customize existing rules and see if there is any duplicates.

Thanks.
0
 
becraigCommented:
Great, in the future you can use the format from the netsh command I have above 40465686 as an additional option if you do not have a computer from which you can create and fine tune firewall policies for your environment,

Netsh is quite robust and you can configure every aspect of a new firewall rule using this.
0
 
nav2567Author Commented:
thanks a lot, guys.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 6
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now