locked
SCE 2010 Alerts when windows firewall is turned off RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Is it possible in SCE 2010 to have a email alert when someone manually turns off their firewall and does not turn it back on again? And if so how can that be accomplished? Originally I was going to just enforce this from Group Policy but this doesn't allow people to enable or disable their firewalls. It just enables the firewall and grays out all other options. 

    This is a Domain with two 2008 R2 servers. The reason people need to be able to turn off their firewalls is for testing purposes. 

    Thank you so much.

    Knowledge is Power.

    Friday, February 14, 2014 12:38 AM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    When the firewall is turned off, it will generate an event log. You could create a monitor Alert Generating NT-Event-Log-Based Rule to monitor this event log.

    http://technet.microsoft.com/en-us/library/ff730470.aspx

    Juke Chou

    TechNet Community Support

    • Marked as answer by S7v7nsins Thursday, February 20, 2014 11:44 PM
    • Unmarked as answer by S7v7nsins Thursday, February 20, 2014 11:45 PM
    • Marked as answer by S7v7nsins Thursday, February 27, 2014 1:03 AM
    Tuesday, February 18, 2014 10:37 AM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    When the firewall is turned off, it will generate an event log. You could create a monitor Alert Generating NT-Event-Log-Based Rule to monitor this event log.

    http://technet.microsoft.com/en-us/library/ff730470.aspx

    Juke Chou

    TechNet Community Support

    • Marked as answer by S7v7nsins Thursday, February 20, 2014 11:44 PM
    • Unmarked as answer by S7v7nsins Thursday, February 20, 2014 11:45 PM
    • Marked as answer by S7v7nsins Thursday, February 27, 2014 1:03 AM
    Tuesday, February 18, 2014 10:37 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thank you so much for the response. That definitely answered my question. I have another one however. Once I have the alert setup for EVENT ID 2003 which is the firewall Event ID. How do I see this report or setup a report to show that alert and then maybe send an email? SCE 2010 is not very user friendly. 

    Regards,

    Jeremy

    Knowledge is Power.


    • Edited by S7v7nsins Thursday, February 20, 2014 11:55 PM
    Thursday, February 20, 2014 11:44 PM