2.2. Creating a Firewall Policy
You create Firewall Policies by combining rules and assigning
them to groups of users or computers either through a WMI filter
or an organizational unit (OU). As an example, use the following
steps to create a rule that blocks Live Messenger from a server
computer:
Open the Group Policy Management Console.
Navigate to the SBSServers OU as shown in Figure 2.
Right-click SBSServers and select Create A GPO In This
Domain, And Link It Here from the shortcut menu to open the
New GPO dialog box shown in Figure 3.
Give the GPO a name and click OK.
Highlight the new policy in the Linked Group Policy
Objects pane and right-click. Select Edit from the shortcut
menu to open the Group Policy Management Editor, shown in
Figure 4.
Navigate to the Outbound Rules container of Windows Firewall With Advanced Security, as
shown in Figure 4.
Right-click Outbound Rules and select New Rule from the
shortcut menu to open the New Outbound Rule Wizard shown in
Figure 5.
Select Program and click Next to open the Program page,
as shown in Figure 6.
Select This Program Path and enter the full path to
Windows Live Messenger.
(%ProgramFiles(x86)%\Windows Live\Messenger\msnmsgr.exe).
Click Next to open the Action page. Select Block The
Connection.
Click Next to open the Profile. Select all three
profiles.
Click Next to open the Name page. In the Name field,
enter Windows Live Messenger,
and add a description.
Click Finish to create the rule. The result is shown in
Figure 7.
Note:
This block rule is hardly sufficient to block all
instances or types of instant messaging from the servers on an
SBS network, but it’s presented to show how the Firewall Policy rules work and are
configured.
