none
Disable Firewall on users using group policy in server 2008

    Question

  • Hi,

    I am using server 2008 Standard Edition as a Domain controller. I want to Disable firewall on clients and prevent users from changing firewall settings. I have checked the Policy in computer configuration but I did not understand how to fulfill my requirement. Please, help me in this matter so I can disable firewall on client machines using group policies.


    Thank You
    Abdul Shakoor
    Tuesday, May 12, 2009 3:02 PM

Answers

  • Follow the patch that i gave you

    Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  > Windows Firewall: Protect all network connections = Disabled

    After that go to client machine;

    Start > Run > CMD > Gpupdate /force

    Reboot.

    Check the Firewall in Control Panel should be disable
    Thiago Pereira | http://thiagoinfrat.spaces.live.com | http://www.winsec.org
    Tuesday, May 12, 2009 4:14 PM

All replies

  • Hi,

    Create a GPO and set under Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile ........Here is where you can set firewall stuff.

    After that, start the client machine.

    Hope it Helps
    Thiago Pereira | http://thiagoinfrat.spaces.live.com | http://www.winsec.org
    Tuesday, May 12, 2009 3:25 PM
  • Thanks I have checked all of these policies but I can't find which policy I have to implement for these requirements:

    1. Disable firewall on clients

    2. Prevent users from changing firewall settings.


    Hope you help me
    Tuesday, May 12, 2009 4:06 PM
  • Follow the patch that i gave you

    Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  > Windows Firewall: Protect all network connections = Disabled

    After that go to client machine;

    Start > Run > CMD > Gpupdate /force

    Reboot.

    Check the Firewall in Control Panel should be disable
    Thiago Pereira | http://thiagoinfrat.spaces.live.com | http://www.winsec.org
    Tuesday, May 12, 2009 4:14 PM
  • Hi!
    Followed your instructions, but the firewall settings in the group policy management is still on :(
    We run McAfee ePolicy Orchestrator 4.0, VirusScan Enterprise 8.7 and Host Intrusion Prevention 7.0 on the server.
    Wednesday, June 10, 2009 7:32 AM
  • Hi,

    The same problem, pls help

     

    Thanks.

    Wednesday, February 09, 2011 5:53 AM
  • Dear all, Any update for this problem ? Thank you. Phi
    Sunday, May 22, 2011 6:06 AM
  • Perfect, thanks alot !
    Friday, September 16, 2011 8:25 AM
  • i am curious about something in this; you guys keep saying the domain firewall. theres also a section for local firewall. 

    well i have TMG on my network and isnt playing with the domain going to disable the firewall completely? why not the local firewall setting?

     

     

    Friday, October 28, 2011 10:49 PM
  • gpedit.msc

    COmputer COnfiguration > Windows Settings > Security Settings > Windows Firewall with Advanced Security. 

     

    This will allow you to enable or disable the FW policy.

    Tuesday, November 01, 2011 12:06 PM
  • Sorry for digging this subject again after a while.

    I am curious about the reason why we need to disable the firewall of machines on our local network. Isn't this causing a security risk of an internal breach ? and can't we select the local domain setting of the firewall ?

    I tried to search for a reason but couldn't. 

    I manage a windows domain and am curious about this.

     

    Thanks in advance.

    Sunday, January 22, 2012 5:11 AM
  • Well, if they're like me... they run McAfee's firewall and it's 'no bueno' to have more than one firewall. 

    -Shaker

    Tuesday, March 06, 2012 9:53 PM
  • in my case the software install for autodesk Revit with network license management requires that I turn Off the domain windows firewall in group policy.  unfortunately i tried the above directions and it is still off on the workstations as well 
    Tuesday, March 13, 2012 8:29 PM
  • This GPO links to the Firewall Settings, it can't be applied via GPO Pack because you can't export these settings.

    Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security.

    My Blog: DeployXP [Under Construction]| Viadeo: Mathieu Ait Azzouzene | Linkedin: Mathieu Ait Azzouzene

    Wednesday, May 02, 2012 1:24 PM
  • It seems thiugh everyone is providing steps to setting up the policy but I think the user needs to know how and where.

    Before you can edit a gpo you need to create and link a gpo to an AD containiner/OU or link it to the entire Domain by editing the Default Domain Policy. Once you have decided where you would like to apply the new gpo, then you can right click the container/OU and "Edit and Link a GPO here" or right click an exisitng gpo and choose Edit. This will put you in to gpo edit  mode where yo can follow the instruction provided in the previous answers. I hope this helps.

    Thanks

    Monday, September 10, 2012 1:56 PM
  • We have a hardware firewall on our domain and therefore do not need one on each PC.  Moreover, experience tells us to only use one on a domain, more than that and odd little problems crop up, i.e. perhaps your Outlook isn't receiving mail, you cannot push some software to a PC, or your ICMP Echo requests get no response.  Turn off the software firewall and viola, problem solved!



    • Edited by Nebbob Wednesday, May 08, 2013 7:33 PM
    Wednesday, May 08, 2013 7:31 PM