B
Barkley Bees
Here's an XP client Firewall and Group Policy question I have.
Scenario:
We have recently recreated our internal XP client image and this image
includes some new and updated Firewall rules with specific programs and
ports allowed (defined in - "netfw.inf"). The majority of our client
computers are still running on the old image which does not include these
new allowed ports and programs.
To rectify this for clients using the old image, I am thinking to simply
define these same allowed programs and ports in Group Policy. That said, I
am concerned as to what effect this may have on Computers based on the new
image that have these rules predefined locally in the netfw.inf (possible
conflicts that may cause the Windows Firewall/ICF service to hang, the two
rules to nullify each other, etc).
I suppose the only way to be sure is to test it out (which I will) but I am
just curious if anyone has tried any similar action (specifying client
firewall rules in Group Policy that already exist locally on some machines).
Can anyone recommend a better approach? Possibly replacing the "netfw.inf"
on all the old image based systems? Appreciate any feedback. Thanks.
Scenario:
We have recently recreated our internal XP client image and this image
includes some new and updated Firewall rules with specific programs and
ports allowed (defined in - "netfw.inf"). The majority of our client
computers are still running on the old image which does not include these
new allowed ports and programs.
To rectify this for clients using the old image, I am thinking to simply
define these same allowed programs and ports in Group Policy. That said, I
am concerned as to what effect this may have on Computers based on the new
image that have these rules predefined locally in the netfw.inf (possible
conflicts that may cause the Windows Firewall/ICF service to hang, the two
rules to nullify each other, etc).
I suppose the only way to be sure is to test it out (which I will) but I am
just curious if anyone has tried any similar action (specifying client
firewall rules in Group Policy that already exist locally on some machines).
Can anyone recommend a better approach? Possibly replacing the "netfw.inf"
on all the old image based systems? Appreciate any feedback. Thanks.