组策略怪胎：如何使用GPO控制Windows防火墙

最新推荐文章于 2024-08-07 17:17:57 发布

culunyi0802

最新推荐文章于 2024-08-07 17:17:57 发布

阅读量1.1k

点赞数 1

文章标签：网络 java linux 数据库 python

原文链接：https://www.howtogeek.com/100409/group-policy-geek-how-to-control-the-windows-firewall-with-a-gpo/

版权

()

The Windows Firewall can be one of the biggest nightmares for system administrators to configure, with the addition of Group Policy precedence it just becomes a headache. Here we will take you from start to finish on how to easily configure the Windows Firewall via Group Policy and as a bonus show you how to fix one of the biggest gotchas.

Windows防火墙可能是系统管理员要配置的最大噩梦之一，加上组策略优先级，这实在令人头疼。在这里，我们将带您从头到尾，了解如何通过组策略轻松配置Windows防火墙，并作为奖励向您展示如何修复最大的陷阱之一。

我们的任务 (Our Mission)

It has come to our attention that a lot of users have Skype installed on their machines and it is making them less productive. We have been given the task of making sure that users cant use Skype at work, however they are welcome to keep it installed on their laptops and use it at home or during lunch breaks on a 3G/4G connection. Given this information we decide to make use of the Windows Firewall and Group Policy.

引起我们注意的是，许多用户在其计算机上安装了Skype，这使他们的生产力下降。我们的任务是确保用户不能在工作中使用Skype，但是欢迎他们将其安装在笔记本电脑上，并在家中或在3G / 4G连接上的午餐时间使用。有了这些信息，我们决定使用Windows防火墙和组策略。

方法 (The Method)

The easiest way to start controlling the Windows Firewall through Group Policy is to set up a reference PC and create the rules using Windows 7, we can then export that policy and import it into Group Policy. By doing this, we have the extra advantage of being able to see if all the rules are set up and working as we want them to be, before deploying them to all the client machines.

通过组策略开始控制Windows防火墙的最简单方法是设置参考PC并使用Windows 7创建规则，然后我们可以导出该策略并将其导入组策略。这样，我们的额外优势在于，在将规则部署到所有客户端计算机之前，可以查看所有规则是否都已设置并按期望工作。

创建防火墙模板 (Creating a Firewall Template)

In order to create a template for the Windows Firewall we need to launch the Network and Sharing Center, the easiest way to do this is to right-click on the network icon and select Open Network and Sharing Center from the context menu.

为了为Windows防火墙创建模板，我们需要启动网络和共享中心，最简单的方法是右键单击网络图标，然后从上下文菜单中选择“打开网络和共享中心”。

When the Network and Sharing Center opens, click on the Windows Firewall link in the lower left hand corner.

当网络和共享中心打开时，单击左下角的Windows防火墙链接。

When creating a template for Windows Firewall it is best done through the Windows Firewall with Advanced Security console, to launch this click on Advanced Settings on the left hand side.

在为Windows防火墙创建模板时，最好通过具有高级安全性的Windows防火墙控制台来完成此操作，然后单击左侧的“高级设置”以启动此操作。