firewall rule via GP

Discussion in 'Active Directory' started by AdminKen, Mar 6, 2006.

  1. AdminKen

    AdminKen Guest

    How would I use GP to create a firewall exception rule to allow all ports
    from a specific IP (or range of IPs)

    1) for Allow remote administration exception" setting, this only allows
    certain ports like 139 etc. not all ports?

    2) I was thinking I would create a 'port exception' rule to allow any port
    and any protocol from a specific PC on the network. For example...
    *:*:10.0.0.50:enabled:Administrator rule
    Will that work?
     
    AdminKen, Mar 6, 2006
    #1
    1. Advertisements

  2. AdminKen

    Neil Ruston Guest

    Inline

    neil



    *** Try 'Define port exceptions' instead
    *** Set it, test and then you'll know :)
     
    Neil Ruston, Mar 7, 2006
    #2
    1. Advertisements

  3. AdminKen

    BookerW Guest

    Besides testing, any other feedback on this? I would like to do the same
    thing
     
    BookerW, May 8, 2006
    #3
  4. AdminKen

    BookerW Guest

    AdminKen,

    i tried a few settings and using the wildcard does nto seem to work

    I setup the following rules:
    *.*:TCP:ipaddresses:enabled:text
    2701:TCP:ip address:enabled:text
    3995:TCP:ip address:Enabled:text
    445:*.*:ip address:enabled:text

    When i went to my client test machine, it looks like the ones that got
    applied were the 2701 and 3995 settings.

    FYI
     
    BookerW, May 9, 2006
    #4
  5. AdminKen

    kj Guest

    Port#:TCP|UDP:Scope:Enabled|Disabled:portName



    As I recall you can't wildcard TCP/UDP or Enabled/Disabled. You must specify
    one or the other

    also;
    Notes If you have any spaces between the entries in the list of sources or
    any other invalid characters, the scope is ignored and the setting behaves
    as if it were disabled. Please double-check your scope syntax before saving
    changes.
     
    kj, May 10, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.