Using Group Policy
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
To centralize the configuration of large numbers of computers in an organization network that uses Active Directory, you can deploy settings for Windows Firewall with Advanced Security by using Group Policy. Group Policy provides access to the full feature set of Windows Firewall with Advanced Security, including profile settings, firewall rules, and computer connection security rules. In fact, you configure Group Policy settings for Windows Firewall with Advanced Security by using the same snap-in from within the Group Policy Management Console. The domain-member computer requests Group Policy updates, which are therefore solicited traffic that is not dropped by default when Windows Firewall with Advanced Security is enabled (unless the outbound default is configured to block traffic).
Warning
If you deploy Windows Firewall with Advanced Security by using Group Policy and then block outbound connections, make sure to enable the Group Policy outbound rules and to do full testing in a lab environment before deploying. Otherwise, you might prevent all of the computers that receive the block policy from receiving any updates to the policy in the future.
Note
If you configure a Windows Firewall with Advanced Security setting in an organization network by using Group Policy, then the local administrator cannot change the setting that was configured by using Group Policy.
In previous versions of Windows, Windows processes Group Policy under the following circumstances:
Computer policies are processed when the Windows operating system starts.
User policies are processed when a user logs on.
Both computer and user policies are refreshed periodically.
Windows Vista and later versions of Windows process Group Policy in the following additional circumstances:
Computer and user policies are processed when a computer establishes a virtual private network (VPN) connection with a remote site.
Computer and user policies are processed when a computer comes out of hibernation or standby.
The additional circumstances help to ensure that computers obtain the most recent Group Policy settings more frequently and whenever the computer changes connections.