This illustrates to deploy Active Directory® Group Policy objects (GPOs) to configure Windows Firewall with Advanced Security on computers that are running Windows® 7, Windows Vista®, Windows Server® 2008 R2, and Windows Server® 2008. Although you can configure a single server locally by using Group Policy Management and other tools directly on the server, that method is not efficient and does not guarantee consistency when you have many computers to configure. When you have multiple computers to manage, you can instead create and edit GPOs, and then apply those GPOs to the computers in your organization.
The goal of a Windows Firewall with Advanced Security configuration in your organization is to improve the security of each computer by blocking unwanted network traffic from entering the computer and protecting wanted network traffic as it traverses the network. Network traffic that does not match the rule set configured in Windows Firewall with Advanced Security is dropped. You can also require that the network traffic which is allowed must be protected by using authentication or encryption. The ability to manage Windows Firewall with Advanced Security by using Group Policy lets an administrator apply consistent settings across the organization in a way that is not easily circumvented by the user.
In this guide, you get hands-on experience in a lab environment that uses Group Policy management tools to create and edit GPOs to implement typical firewall and connection security settings and rules. You configure GPOs to implement common server and domain isolation scenarios and see the effects of those settings.
In this article:
- Scenario Overview [ http://technet.microsoft.com/en-us/library/cc753102(WS.10).aspx ]
- Technology Review for Deploying Windows Firewall with Advanced Security [ http://technet.microsoft.com/en-us/library/cc753552(WS.10).aspx ]
- Requirements for Performing the Scenarios [ http://technet.microsoft.com/en-us/library/cc754886(WS.10).aspx ]
- Examining Default Settings on Clients and Servers [ http://technet.microsoft.com/en-us/library/cc732305(WS.10).aspx ]
- Deploying Basic Settings by Using Group Policy [ http://technet.microsoft.com/en-us/library/cc754657(WS.10).aspx ]
- Creating Rules that Allow Required Inbound Network Traffic [ http://technet.microsoft.com/en-us/library/cc772079(WS.10).aspx ]
- Creating Rules that Block Unwanted Outbound Network Traffic [ http://technet.microsoft.com/en-us/library/cc732306(WS.10).aspx ]
- Deploying a Basic Domain Isolation Policy [ http://technet.microsoft.com/en-us/library/cc730709(WS.10).aspx ]
- Isolating a Server by Requiring Encryption and Group Membership [ http://technet.microsoft.com/en-us/library/cc772460(WS.10).aspx ]
- Creating Firewall Rules that Allow IPsec-protected Network Traffic (Authenticated Bypass) [ http://technet.microsoft.com/en-us/library/cc754873(WS.10).aspx ]
- Summary [ http://technet.microsoft.com/en-us/library/cc731151(WS.10).aspx ]
- Additional References [ http://technet.microsoft.com/en-us/library/cc754958(WS.10).aspx ]
Next topic: Scenario Overview [ http://technet.microsoft.com/en-us/library/cc753102(WS.10).aspx ]
| | Windows Server 2000 | Windows Server 2003 | Windows Server 2003 R2 |
| Windows Server 2003 with SP1 | Windows Server 2003 with SP2 | Windows Server 2008 | Windows Server 2008 R2 |
| Windows Vista | Windows 7 | | |
Posts
