Windows Firewall and IPsec Policy Deployment Step-by-Step Guide

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

This step-by-step guide illustrates how to deploy Active Directory® Group Policy objects (GPOs) to configure Windows Firewall with Advanced Security on computers that are running Windows® 7, Windows Vista®, Windows Server® 2008 R2, and Windows Server® 2008. Although you can configure a single server locally by using Group Policy Management and other tools directly on the server, that method is not efficient and does not guarantee consistency when you have many computers to configure. When you have multiple computers to manage, you can instead create and edit GPOs, and then apply those GPOs to the computers in your organization.

For a downloadable version of this article, see the Microsoft Download Center at https://go.microsoft.com/fwlink/?LinkId=188297.

The goal of a Windows Firewall with Advanced Security configuration in your organization is to improve the security of each computer by blocking unwanted network traffic from entering the computer and protecting wanted network traffic as it traverses the network. Network traffic that does not match the rule set configured in Windows Firewall with Advanced Security is dropped. You can also require that the network traffic which is allowed must be protected by using authentication or encryption. The ability to manage Windows Firewall with Advanced Security by using Group Policy lets an administrator apply consistent settings across the organization in a way that is not easily circumvented by the user.

In this guide, you get hands-on experience in a lab environment that uses Group Policy management tools to create and edit GPOs to implement typical firewall and connection security settings and rules. You configure GPOs to implement common server and domain isolation scenarios and see the effects of those settings.

Your feedback is valuable and welcome! Please send your comments and suggestions to Windows Firewall with Advanced Security Documentation Feedback (wfasdoc@microsoft.com). The author of this guide will review your comments and use them to improve this documentation. Your e-mail address will not be saved or used for any other purposes.

In this document:

Next topic: Scenario Overview