No announcement yet.

Disable Win10 firewall when on domain/ Enabled when out of the office - Possible?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Disable Win10 firewall when on domain/ Enabled when out of the office - Possible?

    Greetings all,

    I was hoping one of you experts could shed some light on a GPO I'm attempting to create. I need to create a firewall related GPO that will essentially DISABLE the built-in Windows firewall on Windows 10 clients when connected to my office domain (because our current AV handles firewall when on domain) but when the user is not connected to the office or disconnects from the office domain, their device/laptop will need the firewall to be ENABLED when out-of-office.

    Is this possible? If so, how would I go about accomplishing this?

    Your assistance is greatly appreciated.

  • #2
    You should be OK with the various firewall profiles - remember you can have different settings for domain / public / private networks. Relevant setting in GPO is Computer / Policies / Windows Settings/ Security Settings / Windows Firewall with advanced Security, then click PROPERTIES at the root of the firewall. Turn off for domain and on for public / private

    Trouble is this will not immediately apply on leaving the office but should on the next GP refresh, so consider reducing the interval
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Do you actually want to disable the service or just turn off the firewall??

      I would do as Ossian says and use the different zones for the firewall, turn off the Domain zone and leave the rest enabled.