Step 2: Modifying a Telnet Firewall Allow Rule to Override Block Rules

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

In this step, you modify your existing Telnet allow rule to include the Override Block Rule setting, and then test the behavior of Telnet with the modified rule. This works because you already have a connection security rule that authenticates and encrypts all Telnet traffic.

To add the Override Block Rule setting to your rule

  1. On MBRSVR1, in Group Policy Management Editor, click Inbound Rules.

  2. Right-click Allow Encrypted Inbound Telnet to Group Members Only, and then click Properties.

  3. Authenticated bypass rules must specify at least one authorized computer or computer group. On the Computer tab, select Only allow connections from these computers, and then click Add.

  4. For our simple example, type domain computers, and then click OK. This restricts access to computers that are domain members. Remember that we are already restricting access to users who are members of a group.

  5. Perform one of the following:

    • If you are running Windows Server 2008 R2, on the General tab, in the Action section, click Customize. On the Customize Allow if Secure Settings dialog box, select Override block rules, and then click OK two times.

    • If you are running Windows Vista: On the General tab, in the Action section, select the Override block rules check box, and then click OK two times.

Now test the two conflicting rules.

To test the Telnet connectivity with your current rule configuration

  1. On MBRSVR1, at an Administrator: Command Prompt, run gpupdate /force. Wait until the command is finished.

  2. On CLIENT1, at a command prompt, run telnet mbrsvr1.

    The command succeeds because the existing Telnet allow rule now overrides the block rule. The only traffic that can bypass the Telnet block rule is traffic that matches the authenticated bypass Telnet allow rule. That rule specifies that the traffic must be authenticated, and in this case, encrypted. Traffic from any computer or user not on the authorized list, or traffic that is not authenticated or encrypted is dropped.

  3. Type exit and the press ENTER to end the Telnet session.

Next topic: Creating Tunnel Mode IPsec Rules