locked
Disable firewall after deployment RRS feed

  • Question

  • I am using server SCCM2012R2SP1 to deploy Win10 images on client units. Post deployment, I am trying to automate the process. However without logging into client units, is there a way to disable firewall?. How can I disable firewall of client units while controlling from SCCM server?. I do know client MAC ID / IP address.  Is there a way to disable firewall by knowing IP address?.
    Tuesday, July 25, 2017 12:27 AM

All replies

  • Have you looked at deploying configuration baseline or using a GPO to disable the firewall?
    Tuesday, July 25, 2017 12:39 AM
  • It's probably best to put the machine into an OU with a Group Policy set to disable the firewall, you can move it later on.

    You could also disable the firewall during your build and capture, but it's simpler just to drop it into an OU

    Tuesday, July 25, 2017 1:57 AM
  • First, did you know that ConfigMgr 2012 R2 SP1 only has limited support for Windows 10 and then for only Win 10 1511 and LTSB 2015?

    Next, why would you want to disable the Windows Firewall? Security wise, a host based firewall is invaluable and one of the best measures you can have.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, July 25, 2017 2:46 AM
  • For testing, post deployment I want to run some commands.. This can be done only after disabling firewall. Hence the need of firewall disable..
    Tuesday, July 25, 2017 8:20 PM
  • Can you pl give me detailed steps?.. I am not so familiar with this..
    Tuesday, July 25, 2017 9:13 PM
  • Why not use WinRM or open the appropriate ports in the firewall and do things the "right" way?

    If it's just for "testing" then what's wrong with manually disabling, performing your tests, and then re-enabling it?


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, July 25, 2017 9:20 PM
  • Why not use WinRM or open the appropriate ports in the firewall and do things the "right" way?

    If it's just for "testing" then what's wrong with manually disabling, performing your tests, and then re-enabling it?


    Jason | http://blog.configmgrftw.com | @jasonsandys

    I want to run some automated scripts without touching client units.. thats why... I know manual mode works fine..
    Tuesday, July 25, 2017 10:00 PM
  • Automated scripts to do what though and why aren't you running them during the task sequence making the firewall irrelevant?

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, July 25, 2017 10:07 PM
  • Automated scripts to do what though and why aren't you running them during the task sequence making the firewall irrelevant?

    Jason | http://blog.configmgrftw.com | @jasonsandys

    I havent been able to do that via task sequence. Is it possible to send disable firewall option via task sequence?
    Tuesday, July 25, 2017 10:25 PM
  • Huh? You're missing the point here.

    The scripts I'm talking about you running in the TS are your testing scripts that you claim need the firewall disabled.

    Disabling the firewall from the command-line is trivial though, just do a web search and you'll get thousands of hits. My point still is that disabling the firewall is a **bad** thing to do security wise and you simply shouldn't be doing it at all. If you need to drop it temporarily to test something, then do that, but you should have no procedure that requires it to be dropped for production use and thus automating disabling the firewall is something you also shouldn't do.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, July 26, 2017 1:15 AM
  • Huh? You're missing the point here.

    The scripts I'm talking about you running in the TS are your testing scripts that you claim need the firewall disabled.

    Disabling the firewall from the command-line is trivial though, just do a web search and you'll get thousands of hits. My point still is that disabling the firewall is a **bad** thing to do security wise and you simply shouldn't be doing it at all. If you need to drop it temporarily to test something, then do that, but you should have no procedure that requires it to be dropped for production use and thus automating disabling the firewall is something you also shouldn't do.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    For me its a temporary step to disable .. also client units are in deadnet.. so no issues from testing point of view...

    so pl help me how to login automatically and disable firewall of client units once deployment of OS is done!!!. I want to control client units from SCCM server..

    Wednesday, July 26, 2017 3:35 AM