Step 4: Testing the Rule When Admin1 Is Not a Member of the Group

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

CLIENT1 has a firewall rule and a connection security rule that meet all the requirements to communicate with MBRSVR1, but Admin1 has not yet been added to the user group that is referenced in the inbound Telnet firewall rule for MBRSVR1. In this step, you try to connect to the Remote Event Viewer service to demonstrate that your new rules do not affect services other than Telnet. You also attempt to connect to the Telnet service on MBRSVR1 to see that the new rules prevent you from accessing the Telnet service because you are not a member of the required group.

To try to connect to the Remote Event Viewer service on MBRSVR1

  1. On CLIENT1, at an Administrator: Command Prompt, run gpupdate /force. Wait until the command finishes.

  2. Click Start, type event viewer in the Start Search box, and then press ENTER.

  3. In the navigation pane of Event Viewer, right-click the top node Event Viewer (Local), and then click Connect to another computer.

  4. In the Select Computer dialog box, type MBRSVR1, and then click OK.

    The attempt is successful, because the rules you created do not require group membership or encryption for the Event Viewer.

Now, to see the effect of your new rules, try to connect to MBRSVR1 using Telnet.

To try to connect to MBRSVR1 by using Telnet

  • On CLIENT1, at an Administrator: Command Prompt, run telnet mbrsvr1.

    The command fails because Admin1 is not yet a member of the Authorized to Access MBRSVR1 group, and only members of that group are permitted to send port 23 traffic through Windows Firewall with Advanced Security to that server.

Next topic: Step 5: Adding Admin1 to the Group and Testing Again