Overview

This article provides a step-by-step process on opening ports in the Windows Firewall using the Group Policy Object (GPO).

Process

Use the following procedure to open ports in the Windows personal firewall:

1. Log on to a machine on the network with domain administrator privileges. The machine needs to be running Microsoft Windows XP SP1 or Microsoft Windows 2003.
2. Download and install the .NET framework (required for the next step).
3. Download and install the Microsoft Group Policy Management Console (GPMC).
4. To launch GPMC, click on Start > Run and type in gpmc.msc.
5. Expand the tree under the forest you will be updating.
6. Expand the tree under Domains.
7. Expand the domain which you will be updating.
8. Right-click on Default Domain Policy and select Edit.

Do the following in the GPO editor Microsoft Management Console (MMC):

1. Go to Computer Configuration > Administrative Templates > Network > Network Connection > Windows Firewall > Domain Profile.
2. Double-click on the entry 'Windows Firewall: Define port exceptions'.
3. Select Enabled.
4. Click on the Show button to bring up the port exception list dialog.
5. Select the Add button.
6. Specify the required port using the following syntax/convention:
   <port>:<transport>:<scope>:<status>:<name>
   
   Example: To allow connections on port 139 from the IP addresses in the local subnet, configure the rule as follows:
   139:TCP:localsubnet:enabled:SMB