Windows Firewall GPO
- Connected
- Not connected

Windows Firewall GPO

Summary: How to configure a firewall GPO for Windows.
Date: Around 2014
Refactor: 1 March 2025: Checked links and formatting.

windows, gpo

This is how to configure the firewall of your workstations in a domain. There are two configs, one for computers connected to the domain and one for computers who are not connected to the domain, for example, a laptop user working at home.

Connected

If a workstation is connected to the domain it means it's in a secure trusted network. This means you can turn the firewall off:

Not connected

If a workstation is not connected to the domain it means it's in an untrusted network. Which means we'll have to turn the firewall on. Because in my case my users have to be able to configure extra exceptions I already have some basic exceptions configured, but also allow my users to create extra exceptions:

Define Program exceptions:

Allow ICMP exceptions:

Define Port exceptions:

Table of Contents

Windows Firewall GPO

Connected

Not connected