RE: Group Policy Question on firewalls
From: Delgado, Jacob M. (jmdelgad_at_unoh.edu)
Date: 09/22/05
- Previous message: Chris Hunhoff: "RE: Group Policy Question on firewalls"
- Maybe in reply to: Russell Morrison: "Group Policy Question on firewalls"
- Next in thread: Laura A. Robinson: "RE: Group Policy Question on firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Sep 2005 19:37:31 -0400 To: "Russell Morrison" <rmorrison@axys.net>, <focus-ms@securityfocus.com>
The most efficient way would be to create separate organizational unit
for your workstations and only apply the firewall policy to that OU.
Then just move all of the workstation objects to the workstation OU and
they will receive the firewall policy, while the servers will not be
changed. If for some reason creating separate OUs is out of the
question, you can use the Group Policy Management Console to filter the
GPO using WMI filtering to only apply to Windows XP computers. The
Windows 2003 computers will ignore the policy and it will be applied to
the 2000 and XP machines (2000 ignores WMI filters).
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/S
erverHelp/6237b9b2-4a21-425e-8976-2065d28b3147.mspx
http://www.petri.co.il/working_with_group_policy.htm
Jacob Delgado
-----Original Message-----
From: Russell Morrison [mailto:rmorrison@axys.net]
Sent: Wednesday, September 21, 2005 2:04 PM
To: 'Focus-MS'
Subject: Group Policy Question on firewalls
To all;
I would like to turn on the Windows Firewall application on all network
connected desktops and have seen where this can be done within the
Domain
Group Policy. However, I don't want to also turn on the firewalls on my
Windows 2003 servers as this will likely block normal network traffic.
Is
there a setting, either within the Domain Group Policy that allows me to
differentiate between servers and desktops for firewalls, or is there a
setting within the server local security policy or server registry that
would allow me to disable that service on the server? I am running 2003
AD,
2003 servers with latest patches, and a mixtures of XP and 2000 desktops
also running latest patches.
Thanks for any help.
R
***********************************************************************
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message plus any attachments.
***********************************************************************
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Chris Hunhoff: "RE: Group Policy Question on firewalls"
- Maybe in reply to: Russell Morrison: "Group Policy Question on firewalls"
- Next in thread: Laura A. Robinson: "RE: Group Policy Question on firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
