How to modify Group Policy to allow users windows firewall popup access?

Question

Hello!

When users are connected to a "private" network and have an app blocked by windows firewall, they get a pop up. The popup has a greyed out "allow" button and a clear message "some settings are managed by your organization" (a clear sign that it's a group policy issue). I've gone through the GPO and I was able to make it so that users can manually create a policy, and local policies are merged with GPO policies.

But I can't make it so users can have the ease of allowing the app via the pop up. What am I missing?

Answer 1

Hello,

By default, Group Policy might be configured to block user intervention with Windows Firewall rules. Here's how to modify the Group Policy to allow users to respond to those pop-ups:

1.a domain controller or a machine where the Group Policy Management Console is installed, open the console by typing gpmc.msc in the Run dialog or search box.

2. Navigate to the domain or OU where you want to apply the policy.

Right-click on the desired container and select "Create a GPO in this domain, and Link it here" if creating a new policy.

3. In the Group Policy Management Editor window, navigate to: Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Defender Firewall
4. Locate the policy named something similar to: Allow users to permit signed applications through the firewall Allow users to permit unsigned applications through the firewall

Double-click each policy, set them to "Enabled", and click "OK". This will allow users to respond to prompts and create exceptions for signed and unsigned applications.

5.Depending on your environment and requirements, you may also want to configure the notification settings under:Windows Defender Firewall: Allow inbound notifications through the firewallEnsure this is enabled if you want users to see the pop-ups.

6. After making these changes, close the Group Policy Management Editor. Users will need to either log off and back on again, or run gpupdate /force from an elevated command prompt for the new policy settings to take effect.

For firewall rules you can refer to the following link:Windows Firewall rules - Windows Security | Microsoft Learn

Regards,

Zunhui

Answer 2

Hello Zunhui! Thank you for your help.

I navigated to the path that you supplied in the group policy editor. I do not find a similar policy object to what you're referencing. I have recently applied the latest update to the group policy "central store" following this document: https://learn.microsoft.com/en-US/troubleshoot/windows-client/group-policy/create-and-manage-central-store

These are the available policies I can/have configured:

Answer 3

Hello,

To allow specific applications to pass through the firewall, you can also try the following methods:

1. Press the Win+R shortcut key, enter firewall.cpl and press Enter.
2. Click the Enable or turn off Windows Defender Firewall option
3. Check the Enable Windows Defender Firewall option and click the OK button
4. Click the Allow app or feature through Windows Defender Firewall option
5. Find the target application, check both Private and Public in the next two options, and then click OK.

Regards,

Zunhui

Answer 4

But How do i do that in a GPO. I need it for allowing "Sap Business One"