GPO: Windows Firewall Exceptions - enable for one target IP only (LAN Guard)

I'm in the midst of setting up GFI LAN Guard for vulnerability scanning and patch management. The first thing I have to get in order is for LG to inventory all of the clients on the network. In order to ensure that this runs successfully, I need to allow certain traffic to be allowed to pass through the clients' Windows Firewall. We don't want to disable the FW fully, just allow the particular LG traffic through.

I've created a GPO which allows the required traffic through, but it includes some potentially sensitive services such as File & Print, WMI, as well as opening port 135. What I am trying to figure out is how to restrict this GPO to only take effect for traffic originating from, or headed to, the IP address of the LG server. Is this possible?

I don't see a way to do this for File and Print Services. When I create the custom rule, the first screen presents me with the option to either select a program path or a service. Under services, file and print is not listed, and I can't advance to the next screen until I select a program or service. I imagine that I will have the same problem if when trying to allow Port 135 when using a custom rule, since there is not a specific Windows Service associated.

are you doing this in the GPO editor? If so, domain or local? Also, is this an XP / 2003 setup you're trying to contorl of windows 7/2008? Finally, are the domain controller 2008 or 2003?

Group Policy Management from a Vista SP2 workstation for a single domain. The setup is primarily for XP workstations, and the domain controllers are a mix of 2003 and 2008 (we're in the midst of upgrading our DCs to 2008).

Great for MBSA (Microsoft Baseline Security Advisor) enabling full inbound access for scanning by a single address. Also useful for PCI scanners which kick up something nasty about not being given full unlimited access and failing you for blocking (ahem, which is supposed to happen when bad traffic is detected).