Configuring GPO to clear local WFAS rules

As you now know, there are WFAS rules that exist inside Windows by default, and by plugging new rules into GPOs we are adding new rules into that already-extensive list of predefined rules. While this usually works just fine, sometimes it feels a mess inside there, and wouldn't it be nice if we could create one standard set of firewall rules for everybody? Wouldn't it be great to know that there were no locally-configured, predefined rules in play, and that only the ones we define through Group Policy exist on the workstations? This is the last setting that I want to point out in our discussion on WFAS. There is an option hiding away in there that forces the local WFAS rules out, and only places the GPO-sourced rules back into play:

Computer Configuration | Policies | Windows Settings | Security Settings | Windows Firewall with Advanced Security | Windows Firewall with Advanced Security

Back on this primary screen of WFAS settings, click on the link that says Windows Firewall Properties  the same place we visit to enable or disable the firewall profiles. Inside these properties, you will see a section called Settings and a button that says Customize...:

Make sure to check out the Logging section of this screen as well, in the event that you ever need to enable logging of the firewall for troubleshooting purposes.

After clicking on the Customize... button that is listed in the Settings section, you are presented with a handful of options. One of those options is Rule merging. This is where you can decide what to do with the locally-configured WFAS rules on your computers. By using the drop-down box next to Apply local firewall rules and setting this to No, when this policy applies to your workstation, it will clear out all of those locally-configured WFAS rules and the only ones remaining will be the ones that have been put into place by Group Policy:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.142.119.220