RE: Group Policy Question on firewalls

From: Chris Hunhoff (chunhoff_at_eastriver.coop)
Date: 09/22/05

  • Next message: Delgado, Jacob M.: "RE: Group Policy Question on firewalls"
    Date: Wed, 21 Sep 2005 17:02:57 -0500
    To: "Russell Morrison" <rmorrison@axys.net>, "Focus-MS" <focus-ms@securityfocus.com>
    
    

    Russell,

    The simple answer is to make a group policy object and apply it the AD
    container (organizational unit) which holds all of your computer
    accounts. Just make sure that the servers or any other machines that you
    do not want to be firewalled are in a different container and the policy
    won't apply.

    This link can probably explain it much better than I can:

    http://msdn.microsoft.com/library/en-us/policy/policy/group_policy_archi
    tecture.asp

    Good Luck

    -----Original Message-----
    From: Russell Morrison [mailto:rmorrison@axys.net]
    Sent: Wednesday, September 21, 2005 1:04 PM
    To: 'Focus-MS'
    Subject: Group Policy Question on firewalls

    To all;

    I would like to turn on the Windows Firewall application on all network
    connected desktops and have seen where this can be done within the
    Domain
    Group Policy. However, I don't want to also turn on the firewalls on my
    Windows 2003 servers as this will likely block normal network traffic.
    Is
    there a setting, either within the Domain Group Policy that allows me to
    differentiate between servers and desktops for firewalls, or is there a
    setting within the server local security policy or server registry that
    would allow me to disable that service on the server? I am running 2003
    AD,
    2003 servers with latest patches, and a mixtures of XP and 2000 desktops
    also running latest patches.

    Thanks for any help.

    R

    ***********************************************************************
    Confidentiality Notice: This e-mail message, including any attachments,
    is for the sole use of the intended recipient(s) and may contain
    confidential and privileged information. Any unauthorized review, use,
    disclosure or distribution is prohibited. If you are not the intended
    recipient, please contact the sender by reply e-mail and destroy all
    copies of the original message plus any attachments.
    ***********************************************************************

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Delgado, Jacob M.: "RE: Group Policy Question on firewalls"

    Relevant Pages

    • Group Policy and restricting local administrators
      ... I am currently working on developing a group policy on a AD container ... I certain users to have virtually local administrator ... access to a series of servers, but there are a few things I do not want ... users inside of a container from be able to access the User Management ...
      (microsoft.public.windows.server.general)
    • Re: Terminal Server GPO Issue
      ... servers that is not in the OU where the GPO is supposed to be applied and I ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Sharepoint Auth GPO ... Event Log Settings ...
      (microsoft.public.windows.server.active_directory)
    • Re: GROUP Policy through a firewall
      ... ICMP must be enabled across any routers and firewalls. ... computers cant find the DC to apply Group Policy. ... MY policies dont work at all unless i put them on the ... > lan where the servers are. ...
      (microsoft.public.windows.group_policy)
    • Re: Terminal Server GPO Issue
      ... servers that is not in the OU where the GPO is supposed to be applied and I ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Sharepoint Auth GPO ... Event Log Settings ...
      (microsoft.public.windows.server.active_directory)
    • Re: Application error log
      ... Disclaimer: This posting is provided "AS IS" with no warranties, ... I have 3 servers in our office running win 2003 R2 servers ... I did not set any group policy in my servers. ...
      (microsoft.public.windows.server.networking)