This article got me started: http://technet.microsoft.com/en-us/library/bb490626.aspx

The GPO is located at: Computer Configuration, Administrative Templates, Network, Network Connections, and then Windows Firewall

I then used the Domain Profile section and enabled: Windows Firewall: Define port exceptions

The configuration text string I used was:

5900:TCP:10.10.1.0/24:enabled:VNC

This worked for me and got my systems creating the exception.