Export (0) Print
Expand All

How to Create and Deploy Windows Firewall Policies for Endpoint Protection in Configuration Manager

 

Updated: May 14, 2015

Firewall policies for Endpoint Protection in System Center 2012 Configuration Manager let you perform basic Windows Firewall configuration and maintenance tasks on client computers in your hierarchy. You can use Windows Firewall policies to perform the following tasks:

  • Control whether Windows Firewall is turned on or off.

  • Control whether incoming connections are allowed to client computers.

  • Control whether users are notified when Windows Firewall blocks a new program.

Use the following procedures in this topic to help create and assign Windows Firewall policies to Configuration Manager client computers in your hierarchy:

To create a Windows Firewall policy

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Endpoint Protection, and then click Windows Firewall Policies.

  3. On the Home tab, in the Create group, click Create Windows Firewall Policy.

  4. On the General page of the Create Windows Firewall Policy Wizard, specify a name and an optional description for this firewall policy, and then click Next.

  5. On the Profile Settings page of the wizard, configure the following settings for each network profile:

    System_CAPS_importantImportant

    If you want to deploy Windows Firewall policies to computers running Windows Server 2008 and Windows Vista Service Pack 1, you must first install Hotfix KB971800 on these computers.

    System_CAPS_noteNote

    For more information about network profiles, see the Windows documentation.

    • Enable Windows Firewall

      System_CAPS_noteNote

      If Enable Windows Firewall is not enabled, the other settings on this page of the wizard are unavailable.

    • Block all incoming connections, including those in the list of allowed programs

    • Notify the user when Windows Firewall blocks a new program

  6. On the Summary page of the wizard, review the actions to be taken, and then complete the wizard.

  7. Verify that the new Windows Firewall policy is displayed in the Windows Firewall Policies list.

To deploy a Windows Firewall policy

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Endpoint Protection, and then click Windows Firewall Policies.

  3. In the Windows Firewall Policies list, select the Windows Firewall policy that you want to deploy.

  4. On the Home tab, in the Deployment group, click Deploy.

  5. In the Deploy Windows Firewall Policy dialog box, specify the collection to which you want to assign this Windows Firewall policy, and specify an assignment schedule. The Windows Firewall policy evaluates for compliance by using this schedule and the Windows Firewall settings on clients to reconfigure to match the Windows Firewall policy.

  6. Click OK to close the Deploy Windows Firewall Policy dialog box and to deploy the Windows Firewall policy.

    System_CAPS_importantImportant

    When you deploy a Windows Firewall policy to a collection, this policy is applied to computers in a random order over a 2 hour period to avoid flooding the network.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft