Add a range of ports to firewall


G

Guest

Is there a way to add a range of ports to the firewall exceptions settings or
do you have to add each port, one at a time?
 
Ad

Advertisements

T

Torgeir Bakken \(MVP\)

Tim said:
Is there a way to add a range of ports to the firewall exceptions
settings or do you have to add each port, one at a time?
Hi,

Assuming you mean the builtin firewall that comes with WinXP SP2:

To use a BAT file and the NETSH.EXE FIREWALL command see the post by
Doug Knox MS-MVP here:

sp2 Firewall Port Range
http://forum.iamnotageek.com/history/topic.php/656490-1.html

A VBScript version:
http://groups.google.co.uk/group/mi...neral/msg/35c07cd4b157e69a?dmode=source&hl=en
 
G

Guest

I should have added through Group Policy. I know how to add these one at a
time through Group Policy, what I would like to do is to add a range, for
example 5900-5909, by adding one item through Group Policy settings. Using
NETSH this way is for single, local machine use, right? Being one of the
network admins where I work, I have to do a lot of these things through Group
Policy settings. Adding these ports one at a time is inefficient and looks
messy when you look at the Exceptions page in Windows Firewall.
 
T

Torgeir Bakken \(MVP\)

Tim said:
I should have added through Group Policy. I know how to add these one at a
time through Group Policy, what I would like to do is to add a range, for
example 5900-5909, by adding one item through Group Policy settings. Using
NETSH this way is for single, local machine use, right? Being one of the
network admins where I work, I have to do a lot of these things through Group
Policy settings. Adding these ports one at a time is inefficient and looks
messy when you look at the Exceptions page in Windows Firewall.
Hi,

No, you cannot add FW exception ranges in the Group Policy settings.

You can run the NETSH.exe script in a computer startup script (with a
GPO) that runs as part of the boot up process (before the user logs
in). It runs under the system context and has admin rights.
 
L

Leythos

Torgeir.Bakken- said:
No, you cannot add FW exception ranges in the Group Policy settings.

I added ports to the GP for our domain for the XP+SP2 stations that
created exceptions for 5900 and 5901 for VNC and it pushed out fine to
all workstations.
 
Ad

Advertisements

T

Torgeir Bakken \(MVP\)

Leythos said:
I added ports to the GP for our domain for the XP+SP2 stations that
created exceptions for 5900 and 5901 for VNC and it pushed out fine to
all workstations.
Hi,

Yes, but you had to put in each port one for one, the OP wanted to be
able to use a format like 5900-5909...
 
Ad

Advertisements

L

Leythos

Torgeir.Bakken- said:
Hi,

Yes, but you had to put in each port one for one, the OP wanted to be
able to use a format like 5900-5909...

Yea, we almost have gone to disabling the Windows Firewall in every
clients network, it's more problems that it's worth on a properly
protected network.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top