0

I am working on designing some group policy elements for our servers. Without getting into a debate about pros or cons of group policy, I was curious if the following could be performed.

I would like to know if there is a way to create a policy that will allow me to send a new firewall rule to the existing and local firewall rules on machines for the following two rules:

World Wide Web Services (HTTP Traffic-In)
World Wide Web Services (HTTPS Traffic-In)

I would like to be able to control through policy what exceptions are allowed for those two. I have tried looking for it under 

Computer Configuration -> 
Policies -> 
Windows Settings -> 
Security Settings -> 
Windows Firewall with Advanced Security -> 
Windows Firewall with Advanced Security -> 
Inbound Rules

and tried creating a new rule using the "Predefined" option, but it does not contain either of the two items listed above. This is for a Windows Server 2008 R2 server and I am using a Windows 7 machine to create and edit the policy with.

John
  • 2,276
  • 7
  • 44
  • 60

1 Answers1

2

The "Predefined Rules" menu is a little thin and cumbersome at times, I usually create my own rules that are prefixed with GPO_Rule Name, that way it's easy to see at a glance what rules are GPO enforces and what ones are not. You will get the same effect from creating your own rules and defining the scopes for port 80 and 443 by hand.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Will the GP enforced rules override the local rules? – John Oct 26 '11 at 17:42
  • 1
    Group Policy is applied in the following order: LSDOU = Local, Site, Domain, Organizational Unit. The Local policy settings will be applied first and will be overridden by higher level policy settings. Note that this is a simplified comment that doesn't account for security filtering, loopback policy processing, inheritance blocking, etc. but in general the Local policy will always be overridden with a setting at a higher level. In addition, I'm not aware of any method to enforce a Local policy or to block inheritance at the Local policy level. – joeqwerty Oct 26 '11 at 19:48