Announcement

Collapse
No announcement yet.

Dissable Windows Firewall on Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dissable Windows Firewall on Domain

    Can anyone point me in the right direction with this one. I'm sure Iíve seen somewhere a policy to disable the Widows Firewall when a machine is connected inside the domain. The firewall then re-enables when not plugged into the domain.

  • #2
    Re: Dissable Windows Firewall on Domain

    Computer Configuration, Administrative Templates, Network, Network Connections, and then Windows Firewall. You'll see 2 profiles, one for the domain and one for standard.

    I don't remember there being an option for turning the firewall off completely, but you can certainly define exceptions etc in there.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: Dissable Windows Firewall on Domain

      Cool, thanks

      I was actually looking at this yesterday but for some silly reason I didnt click that there was a doamin & Standard Profile folder. It was a long day yeterday.......

      Comment


      • #4
        Re: Dissable Windows Firewall on Domain

        Originally posted by Deland01 View Post
        Cool, thanks

        I was actually looking at this yesterday but for some silly reason I didnt click that there was a doamin & Standard Profile folder. It was a long day yeterday.......
        You may turn off the firewall with a policy to disable the appropiate service; but I suggest to leave it active, and make the exceptions you need in order to facilitate whatever you want to do; an active firewall on a domain laptop is a good thing when users are use to carry them on places where you yave no control.

        Comment


        • #5
          Re: Dissable Windows Firewall on Domain


          Am I understanding this right,

          Domain Profile - Firewall disabled
          Standard Profile - Firewall always enabled

          Would the above not mean the windows firewall is always on when they are behind the domain firewall?

          Comment


          • #6
            Re: Dissable Windows Firewall on Domain

            It means when Windows detects that the laptop is connected to the domain network, Windows Firewall will be disabled. If it doesn't detect that it's connected to the domain network, the firewall will be enabled. The company's edge firewall doesn't have any effect on this setting.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: Dissable Windows Firewall on Domain

              My point was I dont need to enable the windows firewall if the laptop is sat behind the Cisco Pix (company firewall) so Im usure why angelo said what he did?

              Comment


              • #8
                Re: Dissable Windows Firewall on Domain

                What will you gain by disabling the firewall on client machines in the domain? What will you lose by not disabling the firewall? Having the firewall running (in addition to your antivirus and anti-malware protection) may help slow the spread of a virus should one enter your network.
                Gareth Howells

                BSc (Hons), MBCS, MCP, MCDST, ICCE

                Any advice is given in good faith and without warranty.

                Please give reputation points if somebody has helped you.

                "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                Comment


                • #9
                  Re: Dissable Windows Firewall on Domain

                  I have issues connecting via UNC (browsing folders on the hard disk). The firewall also causes issues for Sophos AntiVirus. Initial install & some updates.

                  Comment


                  • #10
                    Re: Dissable Windows Firewall on Domain

                    Originally posted by Deland01 View Post
                    My point was I dont need to enable the windows firewall if the laptop is sat behind the Cisco Pix (company firewall) so Im usure why angelo said what he did?
                    I'm sorry, I didn't catch your issue first, but my point still stands as others here, you dont want to disable the firewall even inside the domain, as this can be a first line of defense when having a virus outbreak, and is of great help when enforcing policies like no authorized shares, prevent unauthorized apps like P2P or instant messaging, etc.

                    Comment


                    • #11
                      Re: Dissable Windows Firewall on Domain

                      Originally posted by Deland01 View Post
                      I have issues connecting via UNC (browsing folders on the hard disk). The firewall also causes issues for Sophos AntiVirus. Initial install & some updates.

                      You can allow exceptions to make UNC paths work:

                      http://technet.microsoft.com/en-us/l...8WS.10%29.aspx

                      for sophos AV, perhaps you can disable the built-in FW that has?(if ever) you may also add an exception for this software also. We use McAfee AV and never had an issue with windows firewall.

                      Comment


                      • #12
                        Re: Dissable Windows Firewall on Domain

                        Exceptions can also be configured through Group Policy, and on a per-profile basis (ie, domain profile and standard profile).
                        Gareth Howells

                        BSc (Hons), MBCS, MCP, MCDST, ICCE

                        Any advice is given in good faith and without warranty.

                        Please give reputation points if somebody has helped you.

                        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                        Comment

                        Working...
                        X