To configure the firewall on multiple domain computers with a group policy
Create a group policy object for the organizational unit that contains the Windows XP SP2 computers that you want to manage:
Log on to a domain controller.
Click Start > Run, type dsa.msc in the Open dialog box, and then click OK.
Expand your domain, right-click the organizational unit in which you want to create the group policy, and then click Properties.
On the Group Policy tab, click New.
Type a name for the group policy object, and then press Enter.
Log on to a domain-member computer that is running Windows XP SP2. Log on with a user account that is a member of one or more of the following security groups:
Group Policy Creator Owners
Click Start > Run, in the Open field, type mmc, and then click OK.
On the File menu, click Add/Remove Snap-in.
On the Standalone tab, click Add.
In the Add Standalone Snap-in dialog box, click Group Policy, and then click Add.
In the Select Group Policy Object dialog box, click Browse.
Click the group policy object that you want to update with the new Windows Firewall settings.
For example, click the organizational unit that contains the Windows XP SP2 computers, click OK, and then click the group policy object that you created in step 1.
Click OK, and then click Finish.
Click Close, and then click OK.
Under Console Root, expand the group policy object that you selected in step 8, and then click Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile.
In the right pane, double-click Windows Firewall: Allow remote administration exception.
Click Enabled, and then specify the administrative scope in the Allow unsolicited incoming messages from dialog box.
For example, to permit remote administration from a particular IP address, type that IP address in the Allow unsolicited incoming messages from dialog box. To permit remote administration from a particular subnet, type that subnet by using the Classless Internet Domain Routing (CIDR) format. In this scenario, type 192.168.1.0/24 to specify the network 192.168.1.0 with a 24-bit subnet mask of 255.255.255.0.
For more information on how to specify a valid administrative scope, see the Syntax area of the Setting tab in this policy.
Click OK, and then on the File menu, click Exit .
Imported Document ID: HOWTO93478
Subscribing will provide email updates when this Article is updated. Login is required.