Server 2003 AD GPO Firewall Standard in Vista all versions

By joseph.e.elter ·
I have a very simple firewall policy I set up on my network for the windows firewall. Configured as Domain Profile (Windows Firewall: Protect all network connections)Disabled and Standard Profile with the same component enabled. On all xp systems this has always equated to the firewall being 'off' while on our network and the "firewall on" when anywhere else. Vista system under this gpo however are always enabled and I can not seem to get it to work as do the XP systems. The only way I can have it off on the network is to disable both afore mentioned settings to disabled which means no firewall, no way, when the system is off the network, as far as all my tests have shown. It seems to me that there is something wrong some where as to how vista defines the standard and domain profiles in the gpo. I am by no means a gp expert quite obviously but I really need to have vista firewall perform the same as the XP systems someone please show me the way. All assistance is appreciated!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

This is for SBS 2k3 but may apply

by bincarnato In reply to Server 2003 AD GPO Firewa ...

Vista Firewall and WinSBS2k3

Can't control the Windows Firewall on Vista machines via group policy editor on SBS2k3. Here is how to edit the policy.

From a Vista client (this is the main difference, you can't edit the policy from the server) connected to the domain, log on as the domain administrator

Open gpmc.msc

Navagate through your domain to the Small Business Group Policies

Right-click Small Business Server ? Windows Vista policy (which will be available with the Vista Update coming soon), and then click edit. The Group Policy Object Editor appears

Computer configuration -> windows settings -> Windows Firewall with Advanced Security -> Windows Firewall With Advanced Security (no, this isn?t a repeat of the UI)

Right-click Outbound Rules, and then click New Rule

On the Rule Type page, accept the default of Program, and then click Next.

On the Program page, type the exact path used for installing the application on your client computers, for example, c:\path\program.exe

On the Action page, select the option to Allow the Connection

On the Profile page, select the types of network location that the rule will apply to (Domain, Private, or Public)

On the Name page, type a name and description for this program rule and the click Finish.

Close the Group Policy Object Editor and then close Group Policy Management

Note ? to apply the policy immediately, you can run "gpupdate /force" using an elevated command prompt from the client

Related Discussions

Related Forums