Along with scripting Windows Firewall exceptions, you can also control them through a Group Policy Object. This would give you the broad reach of being able to affect an entire Organizational Unit (OU) without having to add a script or additional code to a login script.
In order to create a firewall exception for an application, Create or Edit a Group Policy Object for an OU. This will open up the Group Policy Object Editor window.
Drill down to:
Computer Configuration -> Administrative Templates -> Network -> Network Connection -> Windows Firewall -> Domain Profile
Select the Windows Firewall: Define program exceptions. Right-click and go to Properties.
This will open the Properties window and explain the syntax to use when configuring the exception. Click the ‘Show…’ button to add your exception.
Following that syntax, you’ll want to add something like the following:%programfiles%Companyprogram.exe:*:enabled:ProgramName
You can use the %programfiles% variable to refer to your Program Files directory. For a list of more useful variables, open a command prompt window and type: set
One other such useful variable is %appdata%, which goes to C:documents and settingsusernameapplication data. Using variables is often better than hard-coding the location.
For this example, we’ll be adding a firewall exception for Real Alternative.
On the Show Contents window, hit the ‘Add…’ button. Then I’ll add the following syntax for the Media Player Classic at this specific location to have a scope of all networks with the name Real Alternative and the exception enabled.%programfiles%real alternativeMedia Player Classicmplayerc.exe:*:enabled:Real Alternative
Hit Ok and close out of your GPO Editor windows. As computers refresh their group policy, this setting will take effect and the firewall exception will be added. Alternatively, if you’re sitting at a machine that needs the group policy to take effect immediately, use the command from the article Group Policy Basics: gpupdate /force