RE: Group Policy Question on firewalls

From: Chris Hunhoff (chunhoff_at_eastriver.coop)
Date: 09/22/05

  • Next message: Delgado, Jacob M.: "RE: Group Policy Question on firewalls"
    Date: Wed, 21 Sep 2005 17:02:57 -0500
    To: "Russell Morrison" <rmorrison@axys.net>, "Focus-MS" <focus-ms@securityfocus.com>
    
    

    Russell,

    The simple answer is to make a group policy object and apply it the AD
    container (organizational unit) which holds all of your computer
    accounts. Just make sure that the servers or any other machines that you
    do not want to be firewalled are in a different container and the policy
    won't apply.

    This link can probably explain it much better than I can:

    http://msdn.microsoft.com/library/en-us/policy/policy/group_policy_archi
    tecture.asp

    Good Luck

    -----Original Message-----
    From: Russell Morrison [mailto:rmorrison@axys.net]
    Sent: Wednesday, September 21, 2005 1:04 PM
    To: 'Focus-MS'
    Subject: Group Policy Question on firewalls

    To all;

    I would like to turn on the Windows Firewall application on all network
    connected desktops and have seen where this can be done within the
    Domain
    Group Policy. However, I don't want to also turn on the firewalls on my
    Windows 2003 servers as this will likely block normal network traffic.
    Is
    there a setting, either within the Domain Group Policy that allows me to
    differentiate between servers and desktops for firewalls, or is there a
    setting within the server local security policy or server registry that
    would allow me to disable that service on the server? I am running 2003
    AD,
    2003 servers with latest patches, and a mixtures of XP and 2000 desktops
    also running latest patches.

    Thanks for any help.

    R

    ***********************************************************************
    Confidentiality Notice: This e-mail message, including any attachments,
    is for the sole use of the intended recipient(s) and may contain
    confidential and privileged information. Any unauthorized review, use,
    disclosure or distribution is prohibited. If you are not the intended
    recipient, please contact the sender by reply e-mail and destroy all
    copies of the original message plus any attachments.
    ***********************************************************************

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Delgado, Jacob M.: "RE: Group Policy Question on firewalls"