Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Group Policy Question on firewalls

from [Delgado, Jacob M.] Network Security [Permanent Link]
Subject: RE: Group Policy Question on firewalls
Date: Wed, 21 Sep 2005 19:37:31 -0400 
The most efficient way would be to create separate organizational unit
for your workstations and only apply the firewall policy to that OU.
Then just move all of the workstation objects to the workstation OU and
they will receive the firewall policy, while the servers will not be
changed. If for some reason creating separate OUs is out of the
question, you can use the Group Policy Management Console to filter the
GPO using WMI filtering to only apply to Windows XP computers. The
Windows 2003 computers will ignore the policy and it will be applied to
the 2000 and XP machines (2000 ignores WMI filters).

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/S
erverHelp/6237b9b2-4a21-425e-8976-2065d28b3147.mspx

http://www.petri.co.il/working_with_group_policy.htm


Jacob Delgado

-----Original Message-----
From: Russell Morrison [mailto:rmorrison@axys.net] 
Sent: Wednesday, September 21, 2005 2:04 PM
To: 'Focus-MS'
Subject: Group Policy Question on firewalls

To all;

I would like to turn on the Windows Firewall application on all network
connected desktops and have seen where this can be done within the
Domain
Group Policy.  However, I don't want to also turn on the firewalls on my
Windows 2003 servers as this will likely block normal network traffic.
Is
there a setting, either within the Domain Group Policy that allows me to
differentiate between servers and desktops for firewalls, or is there a
setting within the server local security policy or server registry that
would allow me to disable that service on the server?  I am running 2003
AD,
2003 servers with latest patches, and a mixtures of XP and 2000 desktops
also running latest patches.

Thanks for any help.

R



***********************************************************************
Confidentiality Notice: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
confidential and privileged information. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all 
copies of the original message plus any attachments.
***********************************************************************

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Group Policy Question on firewalls, Chris Hunhoff
Next by Date:  RE: Group Policy Question on firewalls, Laura A. Robinson
Previous by Thread:  RE: Group Policy Question on firewalls, Chris Hunhoff
Next by Thread:  ElseNot Project, layne
Indexes:  [Date] [Thread] [Top] [All Lists]