firewall rule via GP

6 Mar 2006 10:55 PM

AdminKen

How would I use GP to create a firewall exception rule to allow all ports
from a specific IP (or range of IPs)

1) for Allow remote administration exception" setting, this only allows
certain ports like 139 etc. not all ports?

2) I was thinking I would create a 'port exception' rule to allow any port
and any protocol from a specific PC on the network. For example...
*:*:10.0.0.50:enabled:Administrator rule
Will that work?

7 Mar 2006 3:06 PM

Neil Ruston

Inline

neil

"AdminKen" wrote:

> How would I use GP to create a firewall exception rule to allow all ports
> from a specific IP (or range of IPs)
>
> 1) for Allow remote administration exception" setting, this only allows
> certain ports like 139 etc. not all ports?

*** Try 'Define port exceptions' instead

> 2) I was thinking I would create a 'port exception' rule to allow any port
> and any protocol from a specific PC on the network. For example...
> *:*:10.0.0.50:enabled:Administrator rule
> Will that work?

*** Set it, test and then you'll know :)

Show quoteHide quote

>
>

8 May 2006 10:25 PM

BookerW

Besides testing, any other feedback on this? I would like to do the same
thing

Show quoteHide quote

"AdminKen" wrote:

> How would I use GP to create a firewall exception rule to allow all ports
> from a specific IP (or range of IPs)
>
> 1) for Allow remote administration exception" setting, this only allows
> certain ports like 139 etc. not all ports?
>
> 2) I was thinking I would create a 'port exception' rule to allow any port
> and any protocol from a specific PC on the network. For example...
> *:*:10.0.0.50:enabled:Administrator rule
> Will that work?
>
>
>

9 May 2006 9:01 PM

BookerW

AdminKen,

i tried a few settings and using the wildcard does nto seem to work

I setup the following rules:
*.*:TCP:ipaddresses:enabled:text
2701:TCP:ip address:enabled:text
3995:TCP:ip address:Enabled:text
445:*.*:ip address:enabled:text

When i went to my client test machine, it looks like the ones that got
applied were the 2701 and 3995 settings.

FYI

Show quoteHide quote

"AdminKen" wrote:

> How would I use GP to create a firewall exception rule to allow all ports
> from a specific IP (or range of IPs)
>
> 1) for Allow remote administration exception" setting, this only allows
> certain ports like 139 etc. not all ports?
>
> 2) I was thinking I would create a 'port exception' rule to allow any port
> and any protocol from a specific PC on the network. For example...
> *:*:10.0.0.50:enabled:Administrator rule
> Will that work?
>
>
>

9 May 2006 11:13 PM

kj

Port#:TCP|UDP:Scope:Enabled|Disabled:PortName

As I recall you can't wildcard TCP/UDP or Enabled/Disabled. You must specify
one or the other

also;
Notes If you have any spaces between the entries in the list of sources or
any other invalid characters, the scope is ignored and the setting behaves
as if it were disabled. Please double-check your scope syntax before saving
changes.

--
/kj

Show quoteHide quote

"BookerW" <Book***@discussions.microsoft.com> wrote in message
news:631FF6E0-4F10-428A-B1F2-8AAF253C0905@microsoft.com...
> AdminKen,
>
> i tried a few settings and using the wildcard does nto seem to work
>
> I setup the following rules:
> *.*:TCP:ipaddresses:enabled:text
> 2701:TCP:ip address:enabled:text
> 3995:TCP:ip address:Enabled:text
> 445:*.*:ip address:enabled:text
>
> When i went to my client test machine, it looks like the ones that got
> applied were the 2701 and 3995 settings.
>
> FYI
>
>
> "AdminKen" wrote:
>
>> How would I use GP to create a firewall exception rule to allow all ports
>> from a specific IP (or range of IPs)
>>
>> 1) for Allow remote administration exception" setting, this only allows
>> certain ports like 139 etc. not all ports?
>>
>> 2) I was thinking I would create a 'port exception' rule to allow any
>> port
>> and any protocol from a specific PC on the network. For example...
>> *:*:10.0.0.50:enabled:Administrator rule
>> Will that work?
>>
>>
>>

Thread options