Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
GR-PO-WIN-C-Windows Firewall Settings
Data collected on: 2-9-2025 10:34:01
General
Details
Domainemea.tpg.ads
OwnerEMEA\tentolouris.5-adm
Created7-5-2021 11:28:50
Modified9-2-2023 15:33:44
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions67 (AD), 67 (SYSVOL)
Unique ID{1edc6e46-eecf-4803-bcea-205530cda599}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ClientsYesEnabledemea.tpg.ads/GR/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\GR-L-SEC-ClientPolicy Firewall Enabled
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\GR-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\GR-L-SEC-ClientPolicy Firewall EnabledRead (from Security Filtering)No
EMEA\tentolouris.5-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Windows Firewall with Advanced Security
Global Settings
PolicySetting
Policy version2.29
Disable stateful FTPNot Configured
Disable stateful PPTPNot Configured
IPsec exemptNot Configured
IPsec through NATNot Configured
Preshared key encodingNot Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Domain Profile Settings
PolicySetting
Firewall stateOff
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNot Configured
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Private Profile Settings
PolicySetting
Firewall stateOn
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNot Configured
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Public Profile Settings
PolicySetting
Firewall stateOn
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNot Configured
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Connection Security Settings
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Network/Network Connections/Windows Defender Firewall/Domain Profile
PolicySettingComment
Windows Defender Firewall: Allow ICMP exceptionsEnabled
Allow outbound destination unreachableEnabled
Allow outbound source quenchEnabled
Allow redirectEnabled
Allow inbound echo requestEnabled
Allow inbound router requestEnabled
Allow outbound time exceededEnabled
Allow outbound parameter problemEnabled
Allow inbound timestamp requestEnabled
Allow inbound mask requestEnabled
Allow outbound packet too bigEnabled
PolicySettingComment
Windows Defender Firewall: Allow inbound file and printer sharing exceptionEnabled
Allow unsolicited incoming messages from these IP addresses:10.238.81.0/24,10.240.86.0/24,10.238.85.0/24,10.239.131.0/24
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses:10.238.81.0/24,10.240.86.0/24,10.238.85.0/24,10.239.131.0/24
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound UPnP framework exceptionsEnabled
Allow unsolicited incoming messages from these IP addresses:10.238.81.0/24,10.240.86.0/24,10.238.85.0/24,10.239.131.0/24
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow local port exceptionsEnabled
Windows Defender Firewall: Allow local program exceptionsEnabled
Windows Defender Firewall: Define inbound port exceptionsEnabled
Define port exceptions:
*:*:10.238.81.0/24:enabled:ITAccess
*:*:172.16.1.0/24:enabled:ServerAccess
*:*:10.238.85.0/24:enabled:ServersAccess
*:*:10.240.86.0/24:enabled:Servers3Access
*:*:10.239.131.0/24:enabled:ITAccess2
Specify the port to open or block.
Syntax:
<Port>:<Transport>:<Scope>:<Status>:<Name>
<Port> is a decimal port number
<Transport> is either "TCP" or "UDP"
<Scope> is either "*" (for all networks) or
a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
<Status> is either "enabled" or "disabled"
<Name> is a text string
Example:
The following definition string adds TCP port 80
to the port exceptions list and allows it to
receive messages from 10.0.0.1, 10.0.0.2, or any
system on the 10.3.4.x subnet:
80:TCP:10.0.0.1,10.0.0.2,10.3.4.0/24:enabled:Web service
PolicySettingComment
Windows Defender Firewall: Protect all network connectionsDisabled
Network/Network Connections/Windows Defender Firewall/Standard Profile
PolicySettingComment
Windows Defender Firewall: Allow ICMP exceptionsEnabled
Allow outbound destination unreachableEnabled
Allow outbound source quenchEnabled
Allow redirectEnabled
Allow inbound echo requestEnabled
Allow inbound router requestEnabled
Allow outbound time exceededEnabled
Allow outbound parameter problemEnabled
Allow inbound timestamp requestEnabled
Allow inbound mask requestEnabled
Allow outbound packet too bigEnabled
PolicySettingComment
Windows Defender Firewall: Allow inbound file and printer sharing exceptionEnabled
Allow unsolicited incoming messages from these IP addresses:10.238.81.0/24,10.240.86.0/24,10.238.85.0/24,10.239.131.0/24
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses:10.238.81.0/24,10.240.86.0/24,10.238.85.0/24,10.239.131.0/24
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound UPnP framework exceptionsEnabled
Allow unsolicited incoming messages from these IP addresses:10.238.81.0/24,10.240.86.0/24,10.238.85.0/24,10.239.131.0/24
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow local port exceptionsEnabled
Windows Defender Firewall: Allow local program exceptionsEnabled
Windows Defender Firewall: Define inbound port exceptionsEnabled
Define port exceptions:
*:*:10.238.81.0/24:enabled:ITAccess
*:*:172.16.1.0/24:enabled:ServerAccess
*:*:10.238.85.0/24:enabled:ServersAccess
*:*:10.240.86.0/24:enabled:Servers3Access
*:*:10.239.131.0/24:enabled:ITAccess2
Specify the port to open or block.
Syntax:
<Port>:<Transport>:<Scope>:<Status>:<Name>
<Port> is a decimal port number
<Transport> is either "TCP" or "UDP"
<Scope> is either "*" (for all networks) or
a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
<Status> is either "enabled" or "disabled"
<Name> is a text string
Example:
The following definition string adds TCP port 80
to the port exceptions list and allows it to
receive messages from 10.0.0.1, 10.0.0.2, or any
system on the 10.3.4.x subnet:
80:TCP:10.0.0.1,10.0.0.2,10.3.4.0/24:enabled:Web service
PolicySettingComment
Windows Defender Firewall: Protect all network connectionsDisabled
User Configuration (Enabled)
No settings defined.