Step 4: Deploying the Initial GPO with Test Firewall Settings

  • Article

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

In this step, you link your GPO to an OU to apply it to your domain-joined client computer.

To deploy your firewall settings

  1. On MBRSVR1, in Group Policy Management, in the navigation pane, right-click MyClientComputers, and then click Link an Existing GPO.

  2. In the Group Policy objects list, click Firewall Settings for Windows Clients, and then click OK.

In the next procedure, you confirm that the client computer receives and applies the new GPO settings.

To test your new GPO

  1. On CLIENT1, open an administrator command prompt.

  2. At the command prompt window, type gpupdate /force, and then press ENTER. Wait until the command finishes before moving to the next step.

  3. To validate that the GPO was correctly applied, run gpresult /r /scope computer. In the output, look for the section Applied Group Policy Objects. Confirm that it contains entries for both Firewall Settings for Windows Clients and the Default Domain Policy.

  4. Open the Windows Firewall with Advanced Security snap-in.

  5. Right-click the top node Windows Firewall with Advanced Security on Local Computer, and then click Properties.

  6. Note that the Firewall State setting is On (recommended), and that the list control is disabled. It is now controlled by Group Policy and cannot be changed locally, even by an administrator.

  7. Close the Properties dialog box, and the Windows Firewall with Advanced Security snap-in.

Next topic: Step 5: Adding the Setting that Prevents Local Administrators from Applying Conflicting Rules