Configuring Windows Firewall to allow traffic via GPO

ALERT LEGACY ARTICLE: The content in this article is no longer updated and is available for reference purposes only. Features and workflows described may be deprecated, significantly changed, or no longer supported.

Environment

Datto EDR

Description

Managing Windows Firewall settings with a GPO can save administrator's time. This document describes how you can create and update a group policy object to change the Windows Firewall Rules and Settings.

1. Launch GPMC.MSC and Navigate to the organizational unit where you want the GPO applied.

2. Right-click the OU, and select Create a GPO in this domain, and link it here.

3. Edit your new GPO to include a proper GPO name.

Navigate to Computer Configuration→Policies→Windows Settings → Security Settings→Windows Firewall with Advanced Security, then right-click Inbound Rules and select New Rule.
For Rule Type select Port.
Select TCP.
Select Specific Local Ports and Enter 22, 135, 139, 443, 445, 5985, 1024-5000, 49152 - 65535
(Note: 1024 - 5000 is only needed for Legacy machines e.g. XP and 2003)
Click Next.
Select Allow the Connection and click the Next button.
Select which network type you would like this rule to apply to and click the next button.
Complete the configuration and push the GPO to the end points.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.