Setting up the Windows Firewall to run on Windows client systems can be tedious when done en masse. But using a Group Policy (GPO) to centrally manage systems can be a fairly straight forward process. First, decide which firewall rules you want to implement. Then, manually configure them and test them out on a workstation to verify it works the way you want it to. This process has been documented at http://techjournal.318.com/?p=1092.
Once you know the exact settings you’d like to deploy, create an Organizational Unit and put computer accounts (or other OUs/security groups) to be governed by this policy in the new OU. Once you have all of your objects where you’d like them, it’s time to create a GPO of the settings (which should be applied to one machine and tested before going wide across a large contingent of systems). To do so, go to the policy server and Features from within Server Manager to expand Group Policy Management.
From Group Policy Management, expand the appropriate Forest and Domain and then right-click Group Policy Objects, clicking New at the contextual menu. Then provide a name for the new GPO (e.g. Windows Firewall Policy) and click on OK. In the Group Policy Management screen, click on Group Policy Objects and then right-click on Firewall Settings for Windows Clients. Click on Edit to bring up the Group Policy Management Editor.
At the Group Policy Management Editor, right-click Firewall Settings for Windows Clients policy, and select its Properties. Click on the Disable User Configuration settings check box and at the Confirm Disable dialog box, click on the Yes button and click OK when prompted.
In the Group Policy Management Editor open Policies from Computer Configuration. Then expand on Windows Settings and then on Security Settings and finally Windows Firewall with Advanced Security. Here, click on Windows Firewall with Advanced Security for the LDAP GUID for your domain. Then open Overview to verify that each network location profile lists the Windows Firewall state as not configured.
Click on Windows Firewall Properties and under the Domain Profile tab, use the drop-down list to set the Firewall state to On. Then, click on OK and verify the Windows Firewall is listed as On.
Once you’ve created the GPO, go to the OU and click on Link an Existing GPO. Here (the list of GPOs), select the new GPO and test it on a client by running gpupdate or rebooting the client. To verify that the GPO was applied, open the Windows Firewall with Advanced Security snap-in and right-click on Windows Firewall with Advanced Security on Local Computer, selecting Properties from the contextual menu. If the setting is listed as On then the policy was created properly!