How to Specify Windows Firewall Exclusion in Group Policy

This article explains to setup Windows Firewall exceptions to apply to PCs via Group Policy. In this example I am using SBS but you can apply the same logic to other windows verions.

You will need to either edit the existing, or create a new Firewall GPO.

Specifiy a program Exclusion

  • Right click and choose edit.
  • Navigate to the below setting.

Double click on the above and enter the desired setting

For a list of common programs to add please see the bottom

Specify a Port Exclusion

Navigate to the below

Enter the values as shown below


Common Programs to Add


  • %ProgramFiles%\Microsoft Office\Office14\outlook.exe::enabled:Microsoft Outlook 2010
  • %ProgramFiles%\Microsoft Outlook\Office14\outlook.exe::enabled:Microsoft Outlook 2010b
  • %ProgramFiles%\Microsoft Office\Office12\outlook.exe::enabled:Microsoft Outlook 2007
  • %ProgramFiles%\Microsoft Outlook\Office12\outlook.exe::enabled:Microsoft Outlook 2007b


  • %ProgramFiles%\Symantec AntiVirus\RTVScan.exe::enabled:Symantec RTVScan
  • %ProgramFiles%\Symantec AntiVirus\VPTray.exe::enabled:Symantec VPTray
  • %ProgramFiles%\Symantec\LiveUpdate\LuComServer.exe::enabled:Symantec LiveUpdate


  • %ProgramFiles%\Sophos\Remote Management System\RouterNT.exe::Enabled:Sophos Remote
  • C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe::Enabled:Sophos Remote 64bit


Common Port Exceptions


  • 8192:TCP:*:Enabled:Sophos1
  • 8193:TCP:*:Enabled:Sophos2
  • 8194:TCP:*:Enabled:Sophos3


  • 5900:TCP:*:Enabled:VNC1



Comments 1

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.