Firewall Question

Have you considered restrictions that are not on the host for that host specifically? A lot of times people lock up each of their hosts and consider that the only solution. While it is always recommended to use a host based solution if possible you can restrict traffic right down to the network so the traffic you don't even want touching the host won't even reach it. I'm not sure what type of network hardware you have available and if it has advanced ACL  options.

No.  You will have to explain how this is done.  Thanks.

This may help http://www.microsoft.com/technet/community/columns/cableguy/cg0106.mspx#EMB:
Rules can be configured for services
With the current Windows Firewall, you must configure a rule for a service by specifying the path to the service program file name. With the new Windows Firewall, you can specify that the rule applies to any process, only for services, for a specific service by its service name, or you can type the short name for the service. For example, if you want to configure a rule to apply only to the Computer Browser service, you can select the Computer Browser service in the list of services running on the computer.

Ok, thanks.  I will look into this.  Do you use Open Manage behind W2K3 firewalls?

 

 

W2K3 firewall does not allow the use of the path for RPC, C:\WINDOWS\system32\svchost.exe -k rpcss.

I just added all Dell services to the program exception on the server I need to add to IT assistant.  I tell you, OM just does not work with W2K3 firewall enabled.  If there is a work around, I haven't found it.