Controlling SP2 via GPO

H

Harrison Midkiff

Hello:

I am getting ready to deploy XP SP2 on my network. I want to control the
firewall features via a GPO. I uploaded the new adm files to the DC and
configure most of the options, but I did not see where I can configure the
exclusions. I have about 6 things I need to add as excluded programs. I
found a way to do this via a logon script but I'd rather have a GPO do it.

Does anyone know how to configure exclusions via a GPO?
 
C

Carey Frisch [MVP]

Using the Windows Firewall INF File in Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/...1d-2f97-4e63-a581-bf25685b4c43&DisplayLang=en

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| Hello:
|
| I am getting ready to deploy XP SP2 on my network. I want to control the
| firewall features via a GPO. I uploaded the new adm files to the DC and
| configure most of the options, but I did not see where I can configure the
| exclusions. I have about 6 things I need to add as excluded programs. I
| found a way to do this via a logon script but I'd rather have a GPO do it.
|
| Does anyone know how to configure exclusions via a GPO?
 
C

Colin Nash [MVP]

Harrison Midkiff said:
Hello:

I am getting ready to deploy XP SP2 on my network. I want to control the
firewall features via a GPO. I uploaded the new adm files to the DC and
configure most of the options, but I did not see where I can configure the
exclusions. I have about 6 things I need to add as excluded programs. I
found a way to do this via a logon script but I'd rather have a GPO do it.

Does anyone know how to configure exclusions via a GPO?
Click to expand...

Is this the info you are looking for?
 
C

Colin Nash [MVP]

Harrison Midkiff said:
Hello:

I am getting ready to deploy XP SP2 on my network. I want to control the
firewall features via a GPO. I uploaded the new adm files to the DC and
configure most of the options, but I did not see where I can configure the
exclusions. I have about 6 things I need to add as excluded programs. I
found a way to do this via a logon script but I'd rather have a GPO do it.

Does anyone know how to configure exclusions via a GPO?
Click to expand...

Is this the info you are looking for?

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/depfwset/wfsp2wgp.mspx

(sorry for my other post, hit Send by accident)
 
R

Rebecca Chen [MSFT]

Hi Harrison,

Do you mean the policy located to:

Computer Configuration\Administative Templates\Network\network
connections\Windows firewall\Domain profile

Windows Firewall: Define program exceptions

You can specify this policy to set the exceptions programs.

Colin has provided a very good article link, please pay attention to the
Step 2 in the article:

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/depfwset/wfsp2w
gp.mspx

If you have further questions and any update, please feel free to post back.

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
H

Harrison Midkiff

Rebecca:

Thanks for replying to my post.

I looking in the GPO and I do have firewall objects on my firewall GPO but
"Windows Firewall: Define program exceptions" is not there. Am I looking in
the right place?

Harrison Midkiff
 
H

Harrison Midkiff

Rebecca:

Thanks... I was not connecting from an XP computer. For the exceptions do I
just add in the full path and executable?

Harrison Midkiff
Harrison Midkiff said:
Rebecca:

Thanks for replying to my post.

I looking in the GPO and I do have firewall objects on my firewall GPO but
"Windows Firewall: Define program exceptions" is not there. Am I looking
in the right place?

Harrison Midkiff



"Rebecca Chen [MSFT]" said:
Hi Harrison,

Do you mean the policy located to:

Computer Configuration\Administative Templates\Network\network
connections\Windows firewall\Domain profile

Windows Firewall: Define program exceptions

You can specify this policy to set the exceptions programs.

Colin has provided a very good article link, please pay attention to the
Step 2 in the article:

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/depfwset/wfsp2w
gp.mspx

If you have further questions and any update, please feel free to post
back.

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
Click to expand...
Click to expand...
 
R

Rebecca Chen [MSFT]

Hi Harrison,

Thanks for the udpate!

Yes, you can provide the path of the application, however, there are some
special syntax for this policy. For example, You want to add test.exe
programs to the program exceptions list and allow it to receive messages
from 10.0.01 or any system on the 10.3.4.x subnet, you can use the
following syntax:

%programfiles%\test.txt:10.0.0.1, 10.3.4.0/24:enabled:test program

For more details about the exception list syntax, please refer to the
following article, snippet " Windows Firewall: Define Program Exceptions":

Deploying Windows Firewall Settings for Microsoft Windows XP with Service
Pack 2
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/depfwset/wfsp2a
pa.mspx#EMAA

Any questions, please feel free to post back.


Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

machine based 802.1x-authentication on Windows Vista / XP SP3 1
Firewall objects not in Policy Editor 3
Open up remote admin ports without GPO? 2
Turning on the firewall via a GPO 4
SP2 Firewall 5
Sample BAT file for configuring Win XP SP2 ICF Settings 2
antispyware via GPO 1
GPO - Install XP SP2 1

Top