<

How to allow clients to control their own firewall in SBS 2011

Published on
28,033 Points
21,333 Views
2 Endorsements
Last Modified:
Approved
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy.

In 2011, the client firewall policy has moved to the SBS computers container. If the computer is not in this AD container then the policy won’t work of course. The SBS 2008 policy in in the group policy objects folder, under SBS client policies.

When you Google this “turning off the client firewall policy in sbs 2011” you get this:

http://msmvps.com/blogs/robwill/archive/2011/04/06/disable-the-windows-firewall-on-client-computers-in-an-sbs-2008-domain.aspx

This article will lead you nowhere (it is for 2008 and not 2011) and that can be frustrating.

So… Here is the location if you have the need in SBS 2011 :
 SBS 2011 sbscomputers policy
The policy computer configuration-> windows settings->administrative templates->network->network connections->windows firewall->Domain Profile->make sure all the settings are changed to not configured. This will ensure the Clients have control of their own firewall.

 SBS 2011 windows firewall policy
Once they are all configured you can do your gpupdate/force and have the clients log off and back on again and viola.

Disclaimer :

I would not implement this in the organization unless you have a specific reason.

I wrote this article because there is currently not one out on the internet for how to do this in SBS 2011. One caveat is the public firewall setting on the server. If you do these GPS settings and then turn on the "public" firewall policy on the server, I think this will reset the settinngs. I havent verified this but at least you have an idea as to what is going on.

The Firewall policy for the server is in server manager-> configuration->windows firewall with advanced settings. Then you right click and go to properties. Or simply use the SBS console. Either way - you want to make sure your Server firewall settings are how you want them and then go ahead and make the change.

I hope this helps.

L
2
Author:louisreeves
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free