We have third party firewalls on all our XP machines, so I had to disable the built-in firewall for XP using domain GPO. Now that Vista is out, the situation is different. The third party firewall doesn’t work under Vista. Therefore, we have to rely on the built-in firewall for Vista machines. Our current GPO applies to all machines regardless the platform. I need to find out a way to restrict GPO depending on the machines’ OS, so that I can have a GPO to disable Windows Firewall for XP and have another GPO to enable Windows Firewall for Vista.
There is an excellent article about how to create GPO specificly for XP. With little modification, you can create GPO just for Vista. This is the final query string I use:
RootCimV2; Select * from Win32_OperatingSystem where Caption like '%Vista%'
This filter would restrict the GPO to apply to only Vista machines.