Solved

create a GPO to allow an inbount rule

Posted on 2014-11-25
14
73 Views
Last Modified: 2014-12-03
Hi,

I need to create a GPO to add an inbound rule of a Windows 7 firewall to allow a specific TCP port.

Our DC is running Windows 2008.

Please advise how to do that.

Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 4
14 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 250 total points
ID: 40465147
Here is a very clear step by step
http://www.grouppolicy.biz/2010/07/how-to-manage-windows-firewall-settings-using-group-policy/

Basically you just need to load firewall control panel
Create the policy
Export the policy
Then load the group policy manager, navigate to firewall rules/ inbound
Import the policy
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 40465366
But would he want to import the whole policy (=all rules of the computer you export from)? I'd simply add this one rule.
0
 

Author Comment

by:nav2567
ID: 40465643
I need to ADD a policy for the PC to allow a specify incoming port, and also MODIFY a few existing incoming policies and add an IP address to their scope.  

I am see double entries on the MODIFIED incoming policies.  Please see attached.
fw.png
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 54

Expert Comment

by:McKnife
ID: 40465670
As far as I know, you can use GPOs only to add rules, not to modify existing ones.
You would need to resort to startup scripts that make use of the command netsh.exe /firewall  to make granular changes to existing ones.
0
 

Author Comment

by:nav2567
ID: 40465674
I forgot to say, besides the double entries, I also do not see the rule I added before I exported.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40465686
Adding to what MCKnife is indicating my steps are an expectation that you have a computer that will drive firewall policy where configs are made and then imported  for that GPO.

If you have a server by server need then you will have to use netsh. e.g
netsh advfirewall firewall add rule name=FWRule_Name dir=in protocol=tcp localport=xxx-xxxx action=allow

Open in new window

0
 

Author Comment

by:nav2567
ID: 40465697
These were what I did:
. create a new rule in Inbound Rules
. After finish, click "Windows Firewall with Advanced Security on Local Computer"
. Action
. export policy
. copy saved policy to a domain controller
. open up gpmc
. create a new GPO
. edit gpo and edit computer configuration>policies>windows settings>security settings>windows firewall with advance security
. import the policy.

Please let me know I miss anything.

Thanks.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40465778
Again let's look at what leads to those doubles you see: the policies you set via GPO will not overwrite the present ones. They will co-exist. That's why we recommend netsh-scripting.
0
 

Author Comment

by:nav2567
ID: 40465800
Ok, fine.

Any idea of why the new rule was not added?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40465817
Are you sure that is wasn't? Because what your picture shows are not the same rules - they differ in the rightmost column.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40465819
There should be no reason why the defined rule did not show up.

You can go ahead and add it using netsh and check again.

Can you give any details on the rule you are trying to add
0
 

Author Comment

by:nav2567
ID: 40465838
I see the added rule now.  

I am going to export one more time without customize existing rules and see if there is any duplicates.

Thanks.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40468681
Great, in the future you can use the format from the netsh command I have above 40465686 as an additional option if you do not have a computer from which you can create and fine tune firewall policies for your environment,

Netsh is quite robust and you can configure every aspect of a new firewall rule using this.
0
 

Author Closing Comment

by:nav2567
ID: 40478643
thanks a lot, guys.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question