We are in the process of migrating from Symantec Endpoint Protection (SEP) to System Center Endpoint Protection (SCEP). With SEP we used the Symantec firewall. Now that we are migrating to SCEP we will need to start use Windows firewall. When we installed SEP it automatically disabled Windows firewall. I wont go into why, but we've already deployed the SCCM client and SCEP which automatically removed SEP and the SEP firewall. So now we just have Windows firewall but it's disabled. My concern is if we enable Windows firewall that the appropriate exceptions will not be configured and traffic will start getting blocked.
I'm wondering if anyone has any advice for an easy way to configure firewall exceptions for my Domain Controllers before I turn on Windows firewall. We typically run 2008 R2 and 2012 R2 DCs with DNS and DHCP and that's pretty much it. My plan is to use Group Policy to enable the firewall and set the exceptions but I was hoping someone might know of a way I could import something like a standard firewall template for DCs into Group Policy instead of manually setting each exception. Or if anyone knows how I can set firewall exceptions through SCCM that would be even b