UserLock Documentation
UserLock Documentation
You are here: Reference > Advanced > How to enforce firewall requirements on UserLock Server and protected machines

How to enforce firewall requirements on UserLock Server and protected machines

This step by step guide will show you how to:

  • Configure Windows Firewall for a single computer.
  • Configure Windows Firewall rules with GPOs.

Configure Windows Firewall for a single computer:

Here we will see how to create inbound Firewall rules on UserLock server and protected machines

File and Printer Sharing

 

 

 

Remote registry service /!\ Only on machines where the UserLock agent is to be installed.

 

 

 

 

 

 

 

 

Advanced configuration to allow file and printer sharing and remote registry only between UserLock server and protected machines:

Edit each rule created before ("File and Printer Sharing (Echo Request - ICMPv4-In)", "File and Printer Sharing (Echo Request - ICMPv6-In)" and "File and Printer Sharing (SMB-In)") and specify in scope tab the "Source" (local IP Address) and the "target" (Remote IP address).

Configure addresses in firewall rules of the UserLock server:

In Local IP Address : add the IP Address(es) of UserLock server(s)

In Remote IP Address :
As you can see there are multiple options:

 

 

In the below example, set an IP Range which can be assigned to protected machines

 

Configure addresses in firewall rules of protected machines:

In Local IP Address : In the below example, set the same IP range which can be assigned to protected machines.
In Remote IP address : add IP address(es) of UserLock server(s)

 

Configure Windows Firewall rules with GPOs:

To apply advanced rules on UserLock server and on protected machines, we need to create 2 GPO.
1 GPO for UserLock server
1 GPO for Protected machines

 

 

For both GPOs:

  • Edit GPO.
  • Browse "Computer Configuration", "Policies", "Windows Settings", "Security Settings", "Windows Defender Firewall with Advanced Security", "Windows Defender Firewall with Advanced Security - ...", "Inbound Rules".
  • For every rule to create (see above to see which rules to create for the UserLock server and which rules to create for the protected machines): right click, "New Rule...", then follow the wizard as described above.

UserLock server GPO:

 

Protected machines GPO: