Table of Contents
Windows Firewall
Login scripts run in the security context of the user logging in and are therefore not suitable for manipulating the Windows Firewall.
You can use Computer Startup scripts as they run as the LocalSystem account.
Enable ICMP (Ping) Responses
Enable the existing rule(s) for:
File and Printer Sharing (Echo Request - ICMPv4-In)
Manage with Group Policy
Windows XP/2003
http://technet.microsoft.com/en-us/library/bb490626.aspx
http://technet.microsoft.com/en-us/library/bb490616.aspx
Edit an existing or create a new Group Policy Object (GPO)
Computer Configuration → Policies → Administrative Templates → Network → Network Connections → Windows Firewall
Choose the proper profile to modify, Standard or Domain, if you are on a domain-based network.
Here are some settings to:
- Enable firewall on all workstations
- Allow Remote Desktop connections
- Enable WMI
- Enable AVG Admin remote installations
| Setting | Enabled | Other Settings or Notes |
|---|---|---|
| Windows Firewall: Protect all network connections | enabled | Enable the Windows Firewall |
| Windows Firewall: Allow remote administration exception | enabled | IP address of your management host |
| Windows Firewall: Allow ICMP exceptions | enabled | Allow inbound echo request |
| Windows Firewall: Allow Remote Desktop exception | enabled | comma separated list of allowed IP addresses or networks |
| Windows Firewall: Define port exceptions | enabled | 135:TCP:*:enabled:TCP_135 and 135:UDP:*:enabled:UDP_135 |
Windows 7/2008
http://www.grouppolicy.biz/2010/07/how-to-manage-windows-firewall-settings-using-group-policy/
Computer Configuration → Policies → Windows Settings → Security Settings → Windows Firewall with Advanced Security
Note that settings from the older XP/2003 firewall will also still be applied and may conflict!