Previously I was working with Server 2003 and managed to lock myself out of the server (I was accessing it remotely) by enabling the firewall.
I want to remotely enable the firewall on Server 2008 without locking myself out of the server (access via RDP) and then selectively add IP addresses to the firewall to exclude. i.e. block specific IP addresses.
Are there any step by step instructions on how to safely do this?
Best bet is to script it, with a scripted reversal should you be locked out.
Say, if prompt is not answered in 20s, revert all settings.
You can script the windows firewall using vbs or netsh commands.
http://www.activexperts.com/activmonitor/windowsmanagement/scripts/networking/windowsfirewall/
Scripting is good, it makes you think carefully about what you are planning to do.
If you have a windows AD server you create a group policy and apply it to that OU that the windows server is in then enable the firewall but allow tcp port 3389 through the advanced firewall configuration. If you lock yourself out you can then just remove the GP or change it to turn off the firewall.