(Msg. 1) Posted: Thu Aug 14, 2008 3:12 am
Post subject: XP Firewall - updating client rules by netfw.inf, Group Policy or other? Archived from groups: microsoft>public>win2000>group_policy, others (more info?)
Here's an XP client Firewall and Group Policy question I have.
Scenario:
We have recently recreated our internal XP client image and this image
includes some new and updated Firewall rules with specific programs and
ports allowed (defined in - "netfw.inf"). The majority of our client
computers are still running on the old image which does not include these
new allowed ports and programs.
To rectify this for clients using the old image, I am thinking to simply
define these same allowed programs and ports in Group Policy. That said, I
am concerned as to what effect this may have on Computers based on the new
image that have these rules predefined locally in the netfw.inf (possible
conflicts that may cause the Windows Firewall/ICF service to hang, the two
rules to nullify each other, etc).
I suppose the only way to be sure is to test it out (which I will) but I am
just curious if anyone has tried any similar action (specifying client
firewall rules in Group Policy that already exist locally on some machines).
Can anyone recommend a better approach? Possibly replacing the "netfw.inf"
on all the old image based systems? Appreciate any feedback. Thanks.
(Msg. 2) Posted: Thu Aug 14, 2008 3:12 am
Post subject: Re: XP Firewall - updating client rules by netfw.inf, Group Policy [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Howdie!
Barkley Bees wrote:
> To rectify this for clients using the old image, I am thinking to simply
> define these same allowed programs and ports in Group Policy. That said, I
> am concerned as to what effect this may have on Computers based on the new
> image that have these rules predefined locally in the netfw.inf (possible
> conflicts that may cause the Windows Firewall/ICF service to hang, the two
> rules to nullify each other, etc).
From what I know about the netfw.inf and its usage is that once the
Firewall reloads the configuration from the file, it puts it into the
registry - and that's the same location where settings made in Group
Policy go. Although not having tested it, I would assume that the
settings won't nullify each other nor bring the firewall service down.
What you can do is
(1) Define Group Policy for other already installed clients
(2) deploy the netfw.inf file and reload filewall configuration (with
netsh command-line)
All times are: Eastern Time (US & Canada) (change)
Page 1 of 1
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
Windows Other