Posts Tagged ‘gpupdate’

Windows Firewall via GPO

Monday, March 12th, 2012

Setting up the Windows Firewall to run on Windows client systems can be tedious when done en masse. But using a Group Policy (GPO) to centrally manage systems can be a fairly straight forward process. First, decide which firewall rules you want to implement. Then, manually configure them and test them  out on a workstation to verify it works the way you want it to. This process has been documented at http://techjournal.318.com/?p=1092.

Once you know the exact settings you’d like to deploy, create an Organizational Unit and put computer accounts (or other OUs/security groups) to be governed by this policy in the new OU. Once you have all of your objects where you’d like them, it’s time to create a GPO of the settings (which should be applied to one machine and tested before going wide across a large contingent of systems). To do so, go to the policy server and Features from within Server Manager to expand Group Policy Management.

From Group Policy Management, expand the appropriate Forest and Domain and then right-click Group Policy Objects, clicking New at the contextual menu. Then provide a name for the new GPO (e.g. Windows Firewall Policy) and click on OK. In the Group Policy Management screen, click on Group Policy Objects and then right-click on Firewall Settings for Windows Clients. Click on Edit to bring up the Group Policy Management Editor.

At the Group Policy Management Editor, right-click Firewall Settings for Windows Clients policy, and select its Properties. Click on the Disable User Configuration settings check box and at the Confirm Disable dialog box, click on the Yes button and click OK when prompted.

In the Group Policy Management Editor open Policies from Computer Configuration. Then expand on Windows Settings and then on Security Settings and finally Windows Firewall with Advanced Security. Here, click on Windows Firewall with Advanced Security for the LDAP GUID for your domain. Then open Overview to verify that each network location profile lists the Windows Firewall state as not configured.

Click on Windows Firewall Properties and under the Domain Profile tab, use the drop-down list to set the Firewall state to On. Then, click on OK and verify the Windows Firewall is listed as On.

Once you’ve created the GPO, go to the OU and click on Link an Existing GPO. Here (the list of GPOs), select the new GPO and test it on a client by running gpupdate or rebooting the client. To verify that the GPO was applied, open the Windows Firewall with Advanced Security snap-in and right-click on Windows Firewall with Advanced Security on Local Computer, selecting Properties from the contextual menu. If the setting is listed as On then the policy was created properly!

Windows Firewall For Windows 7

Friday, March 9th, 2012

A firewall is a barrier between you and the Internet at large that filters information that your computer can receive. Companies usually have firewalls in place to keep certain kinds of websites, people, and information from being accessed from outside their networks, keeping sensitive info safe, and you focused on the job. Your home computer and/or modem can have a firewall built-in as well, acting as the gateway to your home network and the Internet.

NOTE: you might not be able to use a third party application until you add the application to the list of allowed programs.

Here is an explanation of the different options you can modify and customize:

Add a program to the list of allowed programs:

  1. Open Windows Firewall by clicking the Start button, and then clicking the Control Panel. In the search box, type firewall, and then click Windows Firewall.
  2. In the left pane, click Turn Windows Firewall on or off. If you’re prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. Click Change settings.  If you’re prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. Select the check box next to the program you want to allow, select the network locations you want to allow communication on, and then click OK.

If an application needs a specific port that this being blocked you can also allow port traffic by:

  1. Open Windows Firewall by clicking the Start button, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.
  2. In the left pane, click advanced settings. If you’re prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. In the Windows Firewall with Advanced Security dialog box, in the left pane, click Inbound Rules, and then, in the right pane, click New Rule.
  4. Follow the instructions in the New Inbound Rule wizard.

Block all incoming connections, including those in the list of allowed programs: this setting blocks all unsolicited attempts to connect to your computer. Use this setting when you need maximum protection for your computer, such as when you connect to a public network in a hotel or airport, or when a computer virus is spreading over the network or Internet. Word of caution with this setting, you wont be notified when Windows Firewall blocks programs. When you block all incoming connections, you can still view most websites, send and receive e‑mail, and send and receive instant messages.

  1. Open Windows Firewall by clicking the Start button, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.
  2. Check the box that says to block all incoming connections.

Notify me when Windows Firewall blocks a new program
If you select this check box, Windows Firewall will inform you when it blocks a new program and give you the option of unblocking that program.

  1. Open Windows Firewall by clicking the Start button, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.
  2. Select the box that says “Notify me when Windows Firewall blocks a new program”

Turn off Windows Firewall (not recommended)
This step is not recommended unless your system administrator has implemented another application to provide protection for your network.

  1. Open Windows Firewall by clicking the Start button, and then clicking the Control Panel. In the search box, type firewall, and then click Windows Firewall.
  2. In the left pane, click Turn Windows Firewall on or off. If you’re prompted for an administrator password or confirmation, type the password or provide confirmation.

Note: If some firewall settings are unavailable and your computer is connected to a domain, your system administrator might be controlling these settings through Group Policy or third party application like Symantec Endpoint Protection.

If you have trouble allowing other computers to communicate with your computer through Windows Firewall, you can try using the Incoming Connections troubleshooter to automatically find and fix some common problems.

  1. Open the Incoming Connections troubleshooter by clicking the Start button, and then clicking Control Panel.
  2. In the search box, type troubleshooter, and then click Troubleshooting. Click View all, and then click Incoming Connections.

Note: Some material in this article was referenced from Microsoft directly from: http://windows.microsoft.com/en-US/windows7/Allow-a-program-to-communicate-through-Windows-Firewall

Note: Stay tuned for more information about setting up Windows Firewall Using a GPO!