Hi,
of course we can give you some suggestions but the best advisor is Microsoft:
The best way to manage Windows Firewall settings in an organization network is to use Active Directory and the new Windows Firewall settings in Computer Configuration Group Policy. This method requires the use of Active Directory with either Windows 2000 or Windows Server 2003 domain controllers. Group Policy updates are requested by the domain member computer, and are therefore solicited traffic that is not dropped when Windows Firewall is enabled.
When you use Group Policy to configure Windows Firewall, by default local administrators will be unable to change some elements of its configuration locally, using the Windows Firewall component in Control Panel. Some tabs and options in the Windows Firewall dialog box will be grayed out and unavailable.
The basic steps for deploying Windows Firewall settings for Windows XP SP2 with Active Directory are the following:
1. Update your Group Policy objects with the new Windows Firewall settings.
2. Specify Windows Firewall settings for your Group Policy objects.
To be continues on:
http://technet.microsoft.com/en-us/library/bb490626.aspx
Regards,