在高级安全 Windows 防火墙中按用户应用出站连接规则

Question 1

这只是一个不可用的功能。如果您想做这样的事情，您可以考虑使用 Microsoft TMG 作为出站代理。它可以基于用户/组访问 Internet 资源。

Answer

这只是一个不可用的功能。如果您想做这样的事情，您可以考虑使用 Microsoft TMG 作为出站代理。它可以基于用户/组访问 Internet 资源。

Question 2

这是可行的，我刚刚为我孩子的电脑做了这件事。只需在任务计划程序中创建以下条目即可。请注意，这不是超级安全的，因为它不考虑来自远程桌面的多个会话等。话虽如此，希望它能帮助很多查看此主题的人。另外，请注意第 2 步中注册用户关闭防火墙前的 30 秒延迟。不确定是否可以以某种方式使其更快，5-10 秒对我的电脑来说已经足够了。

步骤 1）创建一个当有人登录时打开防火墙的任务：

任务计划程序 -> 操作 -> “创建任务”

一般的：

 Name:TurnOnWindowsFirewall
 Security Options:"Run whether user is logged on or not" checked
 Security Options:"Run with highest privileges" checked

触发器：（单击‘新建...’）

 BeginTheTask:"At log on"
 Settings:"Any User" checked
 Advanced Settings:"Stop if task runs longer than:" checked; "30 minutes" selected
 Advanced Settings:"Enabled" checked

操作：（单击“新建...”）

 Action:"Start a program"
 Program/script:"netsh"
 Add Aruments:"advfirewall set allprofiles state on"

状况：

 Uncheck everything on this tab

设置：

 AllowOnDemand: checked
 RunTaskAsSoonAsPossible: checked
 IfTheTaskFails: unchecked
 StopTheTaskIfItRunsLonger: checked; "1 hour" selected
 IfTheRunningTaskDoesNotEndForceIt: checked
 IfTheTaskIsNotSchedAgainDeleteIt: unchecked
 IfTheTaskIsAlreadyRunning: "Do not start a new instance" selected

步骤2）创建一个当某个用户登录时关闭防火墙的任务：

任务计划程序 -> 操作 -> “创建任务”

一般的：

 Name:TurnOffWindowsFirewall
 Security Options:"Run whether user is logged on or not" checked
 Security Options:"Do not store password" checked
 Security Options:"Run with highest privileges" checked

触发器：（单击‘新建...’）

 BeginTheTask:"At log on"
 Settings:"Specific User" checked  (select user that should have OPEN internet access.)
 Advanced Settings:"Delay task for:" checked; "30 seconds" selected
 Advanced Settings:"Stop if task runs longer than:" checked; "30 minutes" selected
 Advanced Settings:"Enabled" checked

操作：（单击“新建...”）

 Action:"Start a program"
 Program/script:"netsh"
 Add Aruments:"advfirewall set allprofiles state on"

状况：

 Uncheck everything on this tab

设置：

 AllowOnDemand: checked
 RunTaskAsSoonAsPossible: checked
 IfTheTaskFails: unchecked
 StopTheTaskIfItRunsLonger: checked; "1 hour" selected
 IfTheRunningTaskDoesNotEndForceIt: checked
 IfTheTaskIsNotSchedAgainDeleteIt: unchecked
 IfTheTaskIsAlreadyRunning: "Do not start a new instance" selected

祝你好运！

Answer

这是可行的，我刚刚为我孩子的电脑做了这件事。只需在任务计划程序中创建以下条目即可。请注意，这不是超级安全的，因为它不考虑来自远程桌面的多个会话等。话虽如此，希望它能帮助很多查看此主题的人。另外，请注意第 2 步中注册用户关闭防火墙前的 30 秒延迟。不确定是否可以以某种方式使其更快，5-10 秒对我的电脑来说已经足够了。

步骤 1）创建一个当有人登录时打开防火墙的任务：

任务计划程序 -> 操作 -> “创建任务”

一般的：

 Name:TurnOnWindowsFirewall
 Security Options:"Run whether user is logged on or not" checked
 Security Options:"Run with highest privileges" checked

触发器：（单击‘新建...’）

 BeginTheTask:"At log on"
 Settings:"Any User" checked
 Advanced Settings:"Stop if task runs longer than:" checked; "30 minutes" selected
 Advanced Settings:"Enabled" checked

操作：（单击“新建...”）

 Action:"Start a program"
 Program/script:"netsh"
 Add Aruments:"advfirewall set allprofiles state on"

状况：

 Uncheck everything on this tab

设置：

 AllowOnDemand: checked
 RunTaskAsSoonAsPossible: checked
 IfTheTaskFails: unchecked
 StopTheTaskIfItRunsLonger: checked; "1 hour" selected
 IfTheRunningTaskDoesNotEndForceIt: checked
 IfTheTaskIsNotSchedAgainDeleteIt: unchecked
 IfTheTaskIsAlreadyRunning: "Do not start a new instance" selected

步骤2）创建一个当某个用户登录时关闭防火墙的任务：

任务计划程序 -> 操作 -> “创建任务”

一般的：

 Name:TurnOffWindowsFirewall
 Security Options:"Run whether user is logged on or not" checked
 Security Options:"Do not store password" checked
 Security Options:"Run with highest privileges" checked

触发器：（单击‘新建...’）

 BeginTheTask:"At log on"
 Settings:"Specific User" checked  (select user that should have OPEN internet access.)
 Advanced Settings:"Delay task for:" checked; "30 seconds" selected
 Advanced Settings:"Stop if task runs longer than:" checked; "30 minutes" selected
 Advanced Settings:"Enabled" checked

操作：（单击“新建...”）

 Action:"Start a program"
 Program/script:"netsh"
 Add Aruments:"advfirewall set allprofiles state on"

状况：

 Uncheck everything on this tab

设置：

 AllowOnDemand: checked
 RunTaskAsSoonAsPossible: checked
 IfTheTaskFails: unchecked
 StopTheTaskIfItRunsLonger: checked; "1 hour" selected
 IfTheRunningTaskDoesNotEndForceIt: checked
 IfTheTaskIsNotSchedAgainDeleteIt: unchecked
 IfTheTaskIsAlreadyRunning: "Do not start a new instance" selected

祝你好运！

在高级安全 Windows 防火墙中按用户应用出站连接规则

答案1

答案2

相关内容