How to block incoming ports using group policy in active directory windows server 2012

active-directory windows-server-2012
15,910

This is totally possible to create a policy ruling incoming connection attempts with a GPO. here is the Microsoft documentation pages on how to do that.

Go to Computer configuration, Windows Settings, Security settings, Windows Firewall with advanced security. Right clic on Windows Firewall with advanced security.

On global policy, you can chose to set it up (on), to disable it (off) or to let the computer decide on its own which policy to apply (not configured). You prefer forcing the computer to enable it (on option for firewall state). Then the Inbound connections (By default, I set up inbound connections to Block). You can also chose logging options and exceptions for allowed inbound connections (such as icmp which may help for debug purpose.

For a specific port/IP address, right click on inbound rule, new rule, select Port, and specify options you like. Once your rule is created, right click on it, the property, and Scope to specify remote/local IP address.

EDIT:

Computer configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall is legacy configuration which will only apply to XP or 2003 Server.

Computer configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security is configuration for Windows 7 or 2008 Server and later.

Pay attention that disabling firewall in one of these places will disable firewall for both cases. Have a look here

Share:
15,910

Related videos on Youtube

neo
Author by

neo

I'm 25, I have BC in Information Technology, I'm interested in new and exciting technologies, I'm literally a patrol-head and also I'm very interested in some boring stuff like politics, sociology, philosophy and so on. Currently I work as junior front-end web application developer and freelance stuff.

Updated on September 18, 2022

Comments

  • neo
    neo almost 2 years

    We have a domain, and there are some computers in this domain. we applied some many policies like password policy and etc to this domain which makes it easier for us to control the use PC in our organization. Now I wonder if it is possible to stipulate a certain configuration for every PC's firewall in our domain or to force every PC in domain at least block some certain Ports and maybe IPs. Can any one help me? Is it possible?

  • krisFR
    krisFR about 9 years
    +1 for the edit, that makes me delete my answer ;) ;) and learn something :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why is JDK1.8.0u121 unable to find the kerberos default_tkt_enctypes types? (KrbException: no supported default etypes for default_tkt_enctypes)
Windows 2012 Domain Controller NETLOGON error
Active Directory setup with Profile Path and Home Folder
How do I add a Microsoft account user to Windows Server 2012?
Windows Server 2012 AD DC/DNS/DHCP in single server
Exchange 2013 Error - MapiExceptionUnknownUser: Unable to open message store
AD FS and DC on same Server
Cannot create printer object in Active Directory, even though the printer is on the same server
What's the upgrade path for ADFS 2.1 to 3.0 (Server 2012 to 2012 R2)
How can I change dns name on domain controller?