In my environment the Windows firewall has currently been locally enabled on a number of 2012 servers in a 2012R2 domain.
Rather than use local policy I'd like to migrate firewall policy to GPO. In this case, I assume I can define a domain firewall policy and apply it use security filtering to the servers that require it.
A few questions --
1) Once the GPO is applied, will it overwrite the local server policy? I assume it will.
2) Considering each server will likely have a slightly different firewall policy (to allow through traffic for different services), I assume that a different firewall policy will need to be created for each config and applied using filtering? Is there a more effective way of application? I'm envisioning a lot of different firewall policies and application to be messy.
3) Given your likely responses for question 1 & 2 is GPO really the preferred method of administering firewall policy?