Deploying Windows Firewall with Group Policy
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
For organizations that use Active Directory, the recommended method for deploying and managing Windows Firewall is to use the new Windows Firewall Group Policy settings. When you use Group Policy to configure Windows Firewall, administrators will be unable to use the Netsh firewall command or Windows Firewall in Control Panel to configure the Windows Firewall settings that are managed through Group Policy. In other words, any Windows Firewall settings that are managed through Group Policy appear dimmed and are not accessible through Windows Firewall in Control Panel and cannot be configured through the Netsh firewall command.
You can configure Windows Firewall Group Policy settings in either the domain profile or the standard profile. The domain profile settings are used whenever the computer is joined to a network that contains the domain controllers for the domain in which the computer's computer account resides. The standard profile settings are used whenever the computer is joined to a network that does not contain the domain controllers for the domain in which the computer's computer account resides. Both the domain profile and standard profile contain the same set of Windows Firewall settings.
For more information about the Windows Firewall Group Policy settings, see "Windows Firewall Tools and Settings" in the Windows Firewall Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=42729). For more information about using Group Policy settings to deploy Windows Firewall in Windows XP with Service Pack 2 (SP2), see "Managing Windows XP Service Pack 2 Features Using Group Policy" on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=31974). Although the article is written specifically for Windows XP with SP2, most of the concepts and information apply to deployments of Windows Firewall in Windows Server 2003 with SP1.