Appendix C: Deploying Windows Firewall Settings in a Windows NT 4.0 Domain

  • Article

Computers running Windows XP that are members of a Windows NT 4.0 domain use System Policy instead of Group Policy. In order to deploy Windows Firewall settings for computers running Windows XP that are members of a Windows NT 4.0 domain, you must add the Windows Firewall policy template (the Wfnt.adm file), configure Windows Firewall settings, and then distribute the new System Policy file to your Windows NT 4.0 domain controllers. Windows NT System Policy settings are stored in the Ntconfig.pol file in the Netlogon share of a Windows NT 4.0 domain controller. For more information about Windows NT System Policy, see the Implementing Profiles and Policies for Windows NT 4.0 white paper at https://www.microsoft.com/ntserver/techresources/management/prof_policies.asp.

To configure Windows Firewall settings as part of Windows NT System Policy, do the following:

  1. Download the Wfnt.adm file from the Microsoft Download Center at https://www.microsoft.com/downloads/details.aspx?FamilyID=d67c7085-4bff-4056-8e7e-3d583214e728&DisplayLang=en.

  2. If you are administering Windows NT System Policy from a computer running Windows XP Professional or Windows 2000, install the Windows 2000 Administrative Tools by double-clicking the Adminpak.msi file in the \I386 folder of the Windows 2000 Server product CD if needed. If you are administering Windows NT System Policy from a computer running Windows NT 4.0, skip this step.

  3. Click Start, click Run, type poledit.exe, and then click OK.

  4. From the System Policy Editor, click Options, and then click Policy Template.

  5. In the Policy Template Options dialog box, click Add.

  6. In the Open Template File dialog box, select the Wfnt.adm file from Step 1, and then click OK.

  7. If you have an existing System Policy file, click File, and then click Open Policy. In the Open Policy File dialog box, select the Ntconfig.pol file that is currently being used as your System Policy file.

    If you do not have an existing System Policy file, click File, and then click New Policy.

  8. From the System Policy Editor, double-click Default Computer.

  9. In the Default Computer Properties dialog box, open Windows Firewall and configure the appropriate Windows Firewall settings.

  10. Click OK.

  11. If you have an existing System Policy file, click File and then click Save.

    If you did not have an existing System Policy file, click File, click Save As, and then save the file with the name Ntconfig.pol.

  12. Distribute the modified or new Ntconfig.pol file to the Netlogon shares of all of your Windows NT 4.0 domain controllers.

For additional information about how to use Windows 2000 or Windows XP Group Policy template files for Windows NT System Policy settings, see Windows 2000 Group Policy at https://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp.