Windows Firewall with Group Policy

This involves two steps: first, update your existing Group Policy Objects (GPOs) with the new Windows Firewall policy settings found in the updated System.adm template included in XP SP2. This adds a new Windows Firewall folder under Network Connections in the Administrative Templates portion of Computer Configuration:

Once you’ve updated your GPOs, you can then configure Windows Firewall by making changes to the policy settings under Domain Profile (for XP SP2 machines joined to a domain) and Standard Profile (for machines in a workgroup).
Scenario 1
To disable Windows Firewall on XP SP2 machines in a domain environment, set the following policy to Disabled:
Computer Configuration
   \Administrative Templates
      \Network
         \Network Connections
            \Windows Firewall
               \Domain Profile
                  \Windows Firewall: Protect all network connections
Scenario 2
To allow incoming traffic on TCP port 80 for an XP SP2 machine running as an intranet web server in a workgroup environment, configure the following policy:
Computer Configuration
   \Administrative Templates
      \Network
         \Network Connections
            \Windows Firewall
               \Standard Profile
                  \Windows Firewall: Define port exceptions
To configure this policy, add the following string to the Show Contents dialog box for the policy:
80:TCP:localsubnet:enabled:Web Server (TCP 80)

Leave a Reply

Your email address will not be published. Required fields are marked *