22nd July 09:31
Group Policy - WinXp firewall
But , as I explained, on this server at least, the only option is either to
allow a local administrator to make changes or not. I want to enforce the
opening of the specific port # 6719 on all computers. That option is not
available in this tree of the GP. I am asking if anyone knows the correct
method of enforcing the opening of specific ports.
And that is NOT what you explained.
22nd July 09:47
Group Policy - WinXp firewall
then I'll ask you if you installed the patches to SBS to make Group
Policy WinXPSP2 aware? There were a couple of patches for SBS (not
offered through WU) that added ADM templates for WinXPSP2. Without
these templates you won't see all the settings.
If you've got those patches, here's the step-by-step...
On the server open Group Policy Management (I prefer to open it directly
from Administrative Tools but you can open it from Server Management if
you want.) Expand the Forest, Domains, your domain.local, then Group
Policy Objects. Right click Group Policy Objects and select New; give
the new policy an appropriate name. Right click the newly created
policy and select Edit; this will open the Group Policy Object Editor
with the new policy open.
Drill down into Computer Configuration/Administrative
Templates/Network/Network Connections/Windows Firewall/Domain Profile.
Right click "Windows Firewall: Define port exceptions" and select
properties. Click "Enabled", then the "Show" button. In the "Show
Contents" dialog, click the Add button.
The syntax for a port exception is
<Port>:<Transport>:<Scope>:<Status>:<Name> (this is shown in the setting
property page. In your case I believe the correct setting should be:
without the quotes. The setting "localsubnet" determines which part of
your network the port should be open for; localsubnet will open it for
all computers on the same sub net.
Now drill down into Computer Configuration/Administrative
Templates/System/Logon and enable "Always wait for the network at
computer startup and logon"; this will make the client wait for the
network to be available before trying to apply policy. Close the Group
Policy Object Editor.
Now go back to Group Policy Management and right click one of the nodes
under MyBusiness and select "Link an Existing GPO" and select the Group
Policy Object you created above. Which node to right-click depends on
what OU you want to apply the GPO to. After you've applied it to a
node, expand the node you applied it to and click the linked GPO in the
tree; you'll see the details on the right side of the Group Policy
Management Window. At the bottom, under "WMI Filtering" change it to
"PostSP2"; this will restrict the policy just to WinXPSP2 computers.
It may take a time or two for the clients to reboot and log in before it
Dale, I just did this myself last week on a new network and it did
exactly what I wanted. If this still doesn't answer your questions then
I'm sorry, I'm just not understanding your problem.
Roger Dale wrote: