Can't turn off Win 7 domain firewall


  • We downloaded Windows 7 from Technet and installed it on one of the machines in our office.  It is on a Windows Server 2003 domain.  Everything works fine except for one thing - we can't turn off the Windows Firewall.  Just the one for domain, the home and private you can turn off but not the one for domain.

    I've tried configuring it in Group policy and also deleted the registry key to no avail.  There is no policy set on the Domain level that affects the firewall.  I did try disabling firewall in the default domain policy, and that worked on the XP machines but of course the Win 7 machine was untouched.

    I have also made sure the logged in user is both domain and local administrator.  I need to turn the firewall off in order to get some other software to work.  Does anyone have any ideas what's going on here?
    Thursday, September 10, 2009 3:20 PM


All replies

  • You must unjoin the client from the domain and then  join it to the domain again.
    Thursday, September 10, 2009 8:34 PM
  • Hi,

    Could you please verify it?

    To disable Windows Firewall in a domain environment, the Group Policy setting you would use is located in Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile. The setting is called Windows Firewall: Protect all network connections. If you disable this policy setting, Windows Firewall does not run and it cannot be started.

    Friday, September 11, 2009 3:06 AM
  • Hello, thanks for the replies. 

    I did disable that group policy setting but it didn't work.  Am I supposed to unjoin/rejoin the domain after making the policy change?
    Friday, September 11, 2009 6:32 PM
  • I just tried it, made sure the policy was disabled then unjoined and rejoined.  Still the option to turn off the firewall is greyed out.

    Friday, September 11, 2009 7:40 PM
  • Hi, Try entering gpedit.msc on the Win 7 machine. Go to Computer Configuration - windows settings - Security Settings - Windows Firewall with advanced Security - local Group - in domain profile box click Windows Firewall Properties - and change firewall state to off. Slan go foill, Paul
    Sunday, September 13, 2009 1:38 PM
  • Thank you.  I also tried that Group Policy.  In there, it says the Domain firewall is turned off, but again when you go into the Control Panel firewall settings it still shows it as turned on with the options to change it greyed out.

    Monday, September 14, 2009 7:35 PM
  • I also tried a couple of things in the registry:

    HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -- set "EnableFirewall" to "0"

    HKLM\SOFTWARE\Microsoft\Security Center\Svc -- tried to set "FirewallOverride" to 0 but got an error, "Cannot edit FirewallOverrride: Error writing the value's new contents"

    I also tried stopping the "Windows Firewall" service.  I was able to stop it, but apparently the firewall was still running because my application continued to have the same problem as before.

    Does anyone have any other ideas?

    Tuesday, September 15, 2009 6:37 PM
  • FWIW I have the opposite problem.  I have group policy set up in the domain to turn on the firewall.  All the XP machines are running firewall.

    Vista and Windows 7 machines do not run firewall despite the fact that they indicate in the Windows Firewall dialog that "Some settings are controlled by group policy"
    Monday, November 16, 2009 6:17 PM
  • In order to stop firewall service u also have to stop,disable it and then try to perform what u looking for!
    if even disabling the service it doesnt work(which i find very dificult to happen) then u try in the non-Plug&play devices !
    Hope this helps!
    Monday, November 16, 2009 6:35 PM
  • What are you talking about computer configuration? ive never heard of anything called that on a pc. And apparently according to my empty search box niether has microsoft. You shouldnt have to go to the registry and mess with that ____ to turn on or off windows firewall. If it is seriously this complicated to turn something like windows firewall on and off then microsoft has dropped the ball on that and needs to get there head out of there ____. Anyone have any logical answers on how to turn windows firewall on and off?
    Saturday, December 26, 2009 12:11 PM
  • Hi I'm having the same problem. Have you resoved it?

    Tuesday, March 16, 2010 11:34 PM
  • Hi,

    you can use this Microsoft link

    Worked fine for me


    Thursday, June 03, 2010 1:26 PM
  • I have exactly the same problem. I cannot turn windows firewall off for domain profiles for computers running win7. All the options is grayed out. I've tried netsh, domain group policies, local computer policies, everything, but I just cant turn it off. For private and public networks however the firewall state is free to be modified by users.

    This is quite a big problem, since our users dont have admin priviledges to allow programs to pass trough the firewall and we are using a reputable 3rd party firewall in our company.

    Friday, June 11, 2010 6:30 AM
  • Hi this resolved my similar issue on a Win7 box.

    1) Control Panel > System and Security > Windows Firewall > Advanced Settings

    2) Click the Windows Firewall Properties link in the Overview section.

    3) In the Domain Profile tab - the Firewall state is greyed out - but you are allowed to change the "Inbound Connections:" dropdown list to "Allow".

    HTH somebody.



    Sunday, September 26, 2010 1:17 AM
  • I was able to resolve by  Creating a new GPO: See Robinson Zhang's information.

    "To disable Windows Firewall in a domain environment, the Group Policy setting you would use is located in Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile. The setting is called Windows Firewall: Protect all network connections. If you disable this policy setting, Windows Firewall does not run and it cannot be started."

    Connected it to my domain.

    Linked it also Enforced it. (by right clicking on the policy after you have created it)

    Went to my machine, opened the Run box. Entered in: gpupdate /force     (to force the GP update; didn't feel like waiting  for it to refresh itself)

  ( Create or delete a Group Policy object)

    • Proposed as answer by jctec3 Tuesday, September 13, 2011 10:24 PM
    Monday, September 27, 2010 9:49 PM
  • The only time that I have seen this, is when the domain policy forces you to use the firewall.

    I have used both (force to use, and disable the use of a firewall) in my domain.

    Thursday, March 03, 2011 10:50 PM
  • Of course a lot of the settings that you can use with Windows 2003 do also work for Win 7 clients.
    But yes, some do not, some are replaced by new settings and and others are completely new for Win 7.
    You will not be able to manage these changed or new settings by using a Windows 2003 GPMC.
    But as you speak of "Windows 2003 domain", the answer is:
    You can keep your domain, the domain level and your DCs as is.
    Just add one Windows 2008 R2 or Windows 7 (+RSAT) machine to you domain as GPO management station.
    This will enable you to configure Win 7 specific settings. 
    It can be a good idea to create exclusive GPOs for Win 7 machines only.
    User filtering or other mechanisms (e.g. OU design) to target only the desired machines.
    There are different approaches for that and there is no "this way" or "that way". It just depends...




    1) Get a server 2008 r2 disc
    2) Login to a Windows 7 SP1 or 2008 R2 SP1 system as your domain admin account (must have schema admin permission)
    3) Extend the schema & domain (
    4) Dedicate a workstation or server for the sole purpose of managing the Windows 7 / 2008 R2 GPOs
    5)  Install the RSAT Tools for Win7 SP1 ( OR Use 2008R2 SP1's Server Manager and install RSAT tools from there
    6) You can now manage Windows 7 / Server 2008 GPO objects for your domain.  These policies *MUST* be created & managed by this machine until you install Server 2008 R2 domain controllers

    Office 2010:

    1) On that dedicated machine, download the Office 2010 admin templates ( -- NOTE:  If you use 32-bit office, download the 32-bit templates.  If you use the 64-bit office, download the 64-bit templates.
    2) Extract the files to a folder on the desktop
    3) Open Group Policy Management
    4) Depending on how you do your GPO structure, create a new GPO for Office 2010 or open an existing GPO you wish to add the files to
    5) On either the computer or user configuration (doesn't matter which) Right-Click on "Administrative Templates" and add templates -> navigate to the folder on the desktop, select all of the templates in the *ADM* folder
    6) The .adm files will be uploaded into the policy folder under that policy's GUID in \\domain.corp\sysvol\domain.corp\policies\{GUID}\Adm
    7) You'll now find Office 2010 policy options in this specific GPO
    8) IF YOU INTEND ON MANAGING OFFICE 2010 IN MULTIPLE GPOs, you must import the templates into every GPO you use them in

    As you upgrade to Server 2008 R2, you can later store ADMX policy templates in a centralized location where all GPOs can see them (\\domain.corp\sysvol\domain.corp\policies\policydefinitions) - and note I said ADMX, not ADM.  There is a procedure to do this that I won't outline here.  In this scenario, when you upgrade your domain, you're more likely to create new GPOs rather than try to 'pull out' the ADM templates - it's less work to start over than miss something (accidentally delete something) and troubleshoot.

    Thursday, October 13, 2011 3:42 AM
  • This works.  Funny how MS makes it so complicated and ehow made it so easy. 

    Navigate to the "WindowsFirewall" branch in the registry by using the menu branch on the left side of the windows. Locate Windows Firewall by following this path: HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ WindowsFirewall.

    Read more: How to Disable the Windows Firewall When the Options Are Grayed Out |

    Flip the bit from 0 to 1 in the Domain policy or which ever one you want and reboot.  I did not delete anything. 

    Got this from  M$ should be embarrased.  :)  Why are there no straight answers out there?

    Thursday, December 08, 2011 5:07 PM
  • Nice DougSearcy. That worked quite quickly and effectively.
    Thursday, June 13, 2013 7:47 PM
  • Maybe too late to answer the question, but thought it may help other folks who end up here searching for a resolution..

    I have had this issue in a Win7 machine under a domain where I was unable to turn off the firewall and save the settings whatsoever. I ended up finding a silly cause behind it. It was that particular login that was not allowing me to turn off the firewall.

    I just logged on as another user (from same domain), turned off the firewall, saved and logged out. Logged back on as the usual user (which I was having issues with) made sure the firewall was still off. All good. 

    Monday, January 11, 2016 11:47 PM