I have a scenario, where the member servers are not able to RDP to other member servers I have managed that using local firewall rules, but at same time the local admin should not able to disable or change such rules on target servers. I m thinking If I change the default GPO policy, add a new GPO where all admins would have restrictions over firewall service, unless that admin belong to a special security group i.e firewall admins. How can I do that? Thank you
Asked
Active
Viewed 267 times
0
-
1You cannot. You can specify that the local firewall rules are not processed, but not specify a separate group to manage the local firewall. – Greg Askew Nov 15 '22 at 10:59
1 Answers
1
Local Admins can, if they want, overcome all windows-internal restrictions and shutdown GPO processing. So either you trust your admins, yor you need 3rd party software to restrict that.
Bernd Schwanenmeister
- 482
- 2
- 5