Join Martin Guidry for an in-depth discussion in this video Using Group Policy to manage Windows Firewall, part of Windows 10 Administration.
- View Offline
- We can also manage the Windows firewall using group policy. So off the Start menu, I'll type in group and I'll put up the Edit Group Policy control panel. The local group policy editor has its own section for Windows firewall rules. It's a little difficult to find. It's under Computer Configuration, Administrative Templates, Network, Network Connections, and here we see a section for Windows Firewall.
It does have options for multiple profiles, and you'll see largely the same choices. I'll just go with Domain Profile. A few things I like to configure on the Domain Profile, one of them is to allow inbound remote desktop. So I'll double-click on that, and I'll say enabled. This will allow remote desktop traffic to come through the firewall, which is typically something I want on the domain. Notice you have to list the IPs or a group of IPs that you want to be able to come in.
You can list either individual IP addresses or a group of them on a subnet. So my subnet is 10.10.10 with a 24-bit subnet mask. So this will allow inbound remote desktop connections from any machine with a 10.10.10 IP address. I'll hit apply and OK. The other one I like to work with is allow ICMP exceptions.
ICMP is the underyling protocol that allows us to ping. As a basic troubleshooting method, I often use the ping command. However, by default, Windows firewall blocks ping. Therefore, I would get a ping failure everywheres, and then that's not a very good troubleshooting tool. So typically on the domain, I will allow ICMP traffic. And to do that, I'll double-click on this rule, and I'll show you a little something peculiar about this GPO setting.
I'll click on enabled, and let's double-check me there. I am on the radio button called Enabled. And then I'll hit apply and OK. And when I come back to the interface, it says it is disabled. That would seem like a bug, but it's actually more of a problem of I didn't use the interface exactly right. Let's double-click on that again. I have to go to Enabled, and then I'm required to check one of the check boxes below.
This isn't a matter of just setting up ICMP. There are several sub-options, and you have to turn on one of the sub-options in order for this GPO to be enabled. So for this one, I'll say allow inbound echo request, which is the most basic type of ping, hit apply again and OK again, and now it shows as enabled, which is what I wanted. So again, this is the interface to configure the Windows firewall through group policy.
Some of the things we can do here are identical to the things we can do in the graphical interface, but some of the things are also unique here, so a lot of times configuring the Windows firewall involves using both the control panel and group policy.
Martin first reviews the various editions of both the desktop and mobile versions of Windows 10. This section covers the special features included with the Enterprise edition, and the hardware requirements for some of the new Windows 10 features. Martin also explains installing and updating drivers and configuring and optimizing the OS, including system properties and power options. Then it's a deep dive into Group Policy, including working with local groups, configuring preferences, and troubleshooting Group Policy. Martin also looks at Windows security—authentication and encryption—as well as the boot process, and concludes the course with a brief look at virtualization, networking, and backup and recovery.
- Understanding the different versions of Windows 10
- Installing and updating drivers
- Administering multitasking
- Working with Windows Group Policy
- Adding domain users and accounts to a Windows 10 PC
- Administering BitLocker and EFS
- Understanding the boot process
- Installing Client Hyper-V for Windows virtualization
- Managing Windows Firewall
- Backing up and restoring Windows 10
- Troubleshooting Windows 10