Use Group Policy to manage the Windows firewall

by Rick Vanover in Security

on September 29, 2011, 6:22 PM PDT

Use Group Policy to manage the Windows firewall

Manage computer account profiles for Windows Firewall centrally with Group Policy, but beware of a potential risk.

The TechRepublic editorial staff are entertaining our guests at our annual TechRepublic Live Event, so we are republishing this tip from the Enterprise Cloud Blog.

While running firewalls is a good practice to protect systems from harm, it also can get in the way. One thing I really like about Windows Firewall is its ability to be centrally managed, and the best way to do this is through a Group Policy Object (GPO). On a per-server basis, Windows Firewall can still be managed through the interface in the Control Panel. For Windows Core editions, you can learn the command to disable Windows Firewall via a prompt. (I’ve committed the command to memory.)

For Windows Firewall, you can set a computer’s account profiles in the Computer Configuration | Policies | Windows Settings | Security Settings | Windows Firewall with Advanced Security area of Group Policy. In this GPO, you can set rules for a computer account for each of the profile types (Public, Private, and Domain) (Figure A).
Figure A

Click the image to enlarge.

This is a good situation for using a security group to filter membership for a GPO. It may not make sense to apply this GPO to an entire organizational unit. This can be due to different operating systems, mixed requirements, and policy. Broad application of this type of configuration is less desirable, so GPO filtering by security group becomes attractive.

You might be wondering: What happens when the computer account is not connected to the Active Directory domain and is unable to execute this policy? In most situations, Windows Server systems aren’t often disconnected from their Active Directory domain controllers, but it can happen. When a computer that has this policy applied is removed from the domain, the configuration is retained.

The risky thing about Windows Firewall being used with Group Policy is that it would supersede the local configuration. For example, if a firewall policy is deployed via a GPO that blocks certain traffic, the GPO would need to be changed. You cannot make the change on the fly by simply going into the firewall console or using netsh advfirewall commands.

Do you think using GPOs to manage Windows Firewall is a good idea? If so, how have you used GPOs for Windows Firewall? Let us know in the discussion.

By Rick Vanover

Rick Vanover is an IT Infrastructure Manager for Alliance Data in Columbus, Ohio. Rick's IT certifications include VMware VCP, Microsoft Windows Server 2008 MCITP, Windows Server 2003 MCSA and others. \ \ Previous experiences included working for Dematic Corp (formerly Siemens L&A, Siemens Dematic, Rapistan)in Grand Rapids, MI in various capacities deploying custom software solutions to the material handling industry using a mix of current hardware and software products. You can reach Rick at b4real@usa.net. Follow rick on Twitter at @RickVanover http://twitter.com/RickVanover

Account Information

Contact Rick Vanover

Your message has been sent
|
See all of Rick's content

Editor's Picks

Image: Rawpixel/Adobe Stock

TechRepublic Premium
TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

TechRepublic Staff
Published: March 14, 2023, 9:10 AM EDT Modified: March 15, 2023, 9:16 AM EDT Read More See more TechRepublic Premium
Image: Blue Planet Studio/Adobe Stock

Payroll
The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

Ali Azhar
Published: February 28, 2023, 11:11 AM EST Modified: March 20, 2023, 4:45 PM EDT Read More See more Payroll
Image: Microsoft.

Software
Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

Mary Branscombe
Published: February 28, 2023, 2:59 PM EST Modified: February 28, 2023, 2:59 PM EST Read More See more Software
Image: tanatat/Adobe Stock

CXO
Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Owen Hughes
Published: March 3, 2023, 3:12 PM EST Modified: March 16, 2023, 12:56 PM EDT Read More See more CXO
Image: Nuthawut/Adobe Stock

Software
The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

Brenna Miles
Published: December 27, 2022, 11:45 AM EST Modified: March 16, 2023, 2:25 PM EDT Read More See more Software
Image: Song_about_summer/Adobe Stock

Security
1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

Karl Greenberg
Published: March 2, 2023, 3:44 PM EST Modified: March 7, 2023, 4:10 PM EST Read More See more Security

PURPOSE These guidelines from TechRepublic Premium will help you define the necessary ingredients of a security policy and assist in its proper construction. They’re designed to work hand in hand with the subjective knowledge you have of your company, environment and employees. Using this information, your business can establish new policies or elaborate on those ...

PURPOSE Recruiting an Artificial Intelligence Architect with the right combination of technical expertise and experience will require a comprehensive screening process. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY ...

PURPOSE Hiring the right Autonomous Systems Engineer requires a specific and precise recruitment process, supported by a thorough understanding of the project requirements. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, ...

Use Group Policy to manage the Windows firewall

Use Group Policy to manage the Windows firewall

Click the image to enlarge.

Editor's Picks

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

The Best Human Resources Payroll Software of 2023

Windows 11 update brings Bing Chat into the taskbar

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

The 10 best agile project management software for 2023

1Password is looking to a password-free future. Here’s why

Guidelines for building security policies

Hiring kit: Artificial intelligence architect

Hiring kit: Autonomous systems engineer

Hiring kit: Application support engineer

Account Information

Use Group Policy to manage the Windows firewall

Click the image to enlarge.

Daily Tech Insider Newsletter

Account Information

Share with Your Friends

Account Information

Contact Rick Vanover

Editor's Picks

Daily Tech Insider Newsletter