Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 HALP! Questions on Windows and Windows Server
 Group Policies
 Windows Firewall GPO Help		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Mamba
Welcome Newcomer

22 Posts
Status: offline
Posted - 11/04/2009 :  11:43:27 AM  Show Profile  Reply with Quote
For now we're running Windows Firewall on our desktops (XP SP3) and managing it with a GPO as all these systems are members of our single Active Directory domain.
I'm wondering if there is any way to set a rule that says "open this TCP port but only for this particular system". As in we want to open a port to one PC that'll be doing some web app serving tests before we move the web app to a server, and multiple PCs will be connecting to that port. But I only want that port open on the single host PC.
Alternately, is there a way to over-ride the domain deployed rules by setting a local exception on that host PC?

TIA,

M

wkasdo
Administrator

Netherlands
6233 Posts
Status: offline
Posted - 11/05/2009 :  02:39:31 AM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
> I'm wondering if there is any way to set a rule that says "open this TCP port but only for this particular system".

You can do this be playing around with the GPO scope. Either move the computer account to an OU where the firewall GPO does not apply, or apply filtering to the GPO permissions to deny "apply policy" for this particular computer.

> Alternately, is there a way to over-ride the domain deployed rules by setting a local exception on that host PC?

No. That's by design.
Go to Top of Page

Mamba
Welcome Newcomer

22 Posts
Status: offline
Posted - 11/05/2009 :  6:56:52 PM  Show Profile  Reply with Quote
>apply filtering to the GPO permissions to deny "apply policy" for this particular computer.

Hmmm...I don't want to move this system out of it's current OU, and filtering sounds complex as I only want to filter for this one rule and keep all the other current (and future) rules. But it's an idea...thanks.

>No. That's by design.

Figured..
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2009 Mark Minasi Go To Top Of Page
This page was generated in 0.12 seconds. Snitz Forums 2000