Thursday, June 23, 2011

How to Create Custom / Separate Windows 7 Firewall Policies for Individual Users

How to Create Windows 7 Firewall Policies for Different Users:

For various reasons, you may wish to have an account with strict firewall policies (such as those detailed in this post), and another account with more relaxed policies.

In order to do this, both accounts must be Administrators. This may also work with Vista Firewall, unfortunately I don't currently have a Vista box to test it on. This will not work on Windows Vista.

1. Before doing anything, back up your current firewall policy. Run Windows Firewall with Advanced Security (type firewall in Run box).

2. In the right pane, click Export Policy. Save to c:\, as firewallstd.wfw.

3. Create the policies you wish to implement, and export as c:\firewallstrict.wfw.

4. Create this batch file, and save as c:\firewallstd.bat:

------------------------
netsh advfirewall import c:\firewallstd.wfw
pause
------------------------

5. Create this batch file, as save as c:\firewallstrict.bat:

------------------------
netsh advfirewall import c:\firewallstrict.wfw
pause
------------------------

6. Open Task Scheduler (type task in Run box).

7.  Choose Create a Basic Task.


8. Name this rule as you see fit.



9. For task trigger, select When I Log on.


10. Choose Start a Program.



11. Choose the .BAT file you created earlier. The finishing dialog will appear. Before clicking Finish, tick "Open the Properties dialog for this task when I click Finish".


12. In the resulting window, select Run with Highest Privileges.


Once this is complete, log on to the other account and repeat steps 6 through 12, with the policies you desire for that account. You can remove the "pause" from the batch file if you prefer, but it is helpful to confirm that the policy has properly loaded upon logging in.