distribute firewall settings

<p>In networks of Windows workstations whether at home or at work you might want to use same settings and exceptions of the windows firewall on different workstations and not enter same settings on each pc over and over again. Some application or services need several ports to be opened to function correct. What are possibilities to distribute these carefully defined settings on several workstations?</p>
1 answer

Applying group policies to distribute windows firewall settings

As for many tasks the group policies come in handy for this intent too.You can start the Group Policy Object Editor by running gpedit.msc. Navigate to the following path in the console tree: 

    Computer Configuration / Administrative Templates / Network / Network Connections / Windows Firewall

Depending on your environment choose the domain or the local profile.The setting 'Define port exceptions' allows entering a list of excepted TCP and UDP ports with the following syntax:  

    <port>:<protocol>:<allowed net>:<status>:<name>

 This line creates a rule named 'vnc' which accepts incoming tcp traffic on port 5900 from all networks:  

    5900:TCP:*:enabled:vnc

In a windows server environment you change this policy in the active directory and apply them to the according users/computers-group. The domain-clients get the update on the next restart or by manually executing 'gpupdate'. In a non server environment you can use the Secure Editor 'secedit' or the Group Policy Management Console 'gpmc' to import and export policies and distribute them among clients.