I would personally go the GPO route rather than local simply because of the
likelihood of any local rules getting missed during a replacement, migration,
etc. Then again, I'd probably create a security group for each of those to
control it so that if I had another machine that needed the same rule set it
can just be dropped into the group.
That said, I'm a big fan of making a GPO do one thing, or a group of related
things, so I have visibility and granular control if needed.
--
There are 10 kinds of people in the world...
those who understand binary and those who don't.
From: [email protected] [mailto:[email protected]] On
Behalf Of Corkill, Daniel
Sent: Thursday, May 5, 2016 6:38 PM
To: [email protected]
Subject: [NTSysADM] RE: Default rule set for Windows Firewall
So I ended up creating a GPO that will apply to all servers and be our default
rule set. For servers requiring specific rules, I can either create separate
GPOs or apply the rules locally on the server. I'm leaning towards the latter
because I'd like to avoid creating a lot of GPOs that may contain only one or
two rules and that are linked to a single server. Just curious how others
handle this.
Daniel.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Corkill, Daniel
Sent: Friday, 22 April 2016 2:00 PM
To: [email protected]<mailto:[email protected]>
Subject: [NTSysADM] Default rule set for Windows Firewall
Just designing a default ruleset for Windows Firewall that can be applied to
all our servers via Group Policy. Anyone have any suggestions or examples
they'd be willing to share?
Daniel.
*********************************************************************
This email, including any attachment, is confidential to the intended
recipient. It may also be privileged and may be subject to copyright. If you
have received this email in error, please notify the sender immediately and
delete all copies of the email. Any confidentiality or privilege is not
waived. Neither the Council nor the sender warrant that this email does not
contain any viruses or other unsolicited items.
This email is an informal Council communication. The Council only accepts
responsibility for information sent under official letterhead and duly signed
by, or on behalf of, the Chief Executive Officer.
Privacy Collection Notice
Logan City Council may collect your personal information, e.g. name,
residential address, phone number etc, in order to conduct its business and/or
meet its statutory obligations. The information will only be accessed by
employees and/or Councillors of Logan City Council for Council business related
activities only. If your personal information will be passed onto a third
party, Council will advise you of this disclosure, the purpose of the
disclosure and reason why. Your information will not be given to any other
person or agency unless you have given us permission or we are required by law.
*********************************************************************
This email, including any attachment, is confidential to the intended
recipient. It may also be privileged and may be subject to copyright. If you
have received this email in error, please notify the sender immediately and
delete all copies of the email. Any confidentiality or privilege is not
waived. Neither the Council nor the sender warrant that this email does not
contain any viruses or other unsolicited items.
This email is an informal Council communication. The Council only accepts
responsibility for information sent under official letterhead and duly signed
by, or on behalf of, the Chief Executive Officer.
Privacy Collection Notice
Logan City Council may collect your personal information, e.g. name,
residential address, phone number etc, in order to conduct its business and/or
meet its statutory obligations. The information will only be accessed by
employees and/or Councillors of Logan City Council for Council business related
activities only. If your personal information will be passed onto a third
party, Council will advise you of this disclosure, the purpose of the
disclosure and reason why. Your information will not be given to any other
person or agency unless you have given us permission or we are required by law.
