<

Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

How to allow clients to control their own firewall in SBS 2011

Published on
25,154 Points
18,454 Views
2 Endorsements
Last Modified:
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy.

In 2011, the client firewall policy has moved to the SBS computers container. If the computer is not in this AD container then the policy won’t work of course. The SBS 2008 policy in in the group policy objects folder, under SBS client policies.

When you Google this “turning off the client firewall policy in sbs 2011” you get this:

http://msmvps.com/blogs/robwill/archive/2011/04/06/disable-the-windows-firewall-on-client-computers-in-an-sbs-2008-domain.aspx

This article will lead you nowhere (it is for 2008 and not 2011) and that can be frustrating.

So… Here is the location if you have the need in SBS 2011 :
 SBS 2011 sbscomputers policy
The policy computer configuration-> windows settings->administrative templates->network->network connections->windows firewall->Domain Profile->make sure all the settings are changed to not configured. This will ensure the Clients have control of their own firewall.

 SBS 2011 windows firewall policy
Once they are all configured you can do your gpupdate/force and have the clients log off and back on again and viola.

Disclaimer :

I would not implement this in the organization unless you have a specific reason.

I wrote this article because there is currently not one out on the internet for how to do this in SBS 2011. One caveat is the public firewall setting on the server. If you do these GPS settings and then turn on the "public" firewall policy on the server, I think this will reset the settinngs. I havent verified this but at least you have an idea as to what is going on.

The Firewall policy for the server is in server manager-> configuration->windows firewall with advanced settings. Then you right click and go to properties. Or simply use the SBS console. Either way - you want to make sure your Server firewall settings are how you want them and then go ahead and make the change.

I hope this helps.

L
2
Comment
Author:louisreeves
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
 

Administrative Comment

by:Glen Knight
Hi louisreeves,

My first question, is why would you want to do this?

One of the most important features of any Windows Network is the centralised administration/control.

Giving the end users access to change security settings is a recipe for disaster, from that perspective, there has to be a clear reason to want to do this and a note indicating this is not best practice and should be avoided at all cost.

Thanks
demazter
Experts Exchange Page Editor

0
 

Expert Comment

by:MrGD
If you want to allow the user to use alternative firewalls like one that comes with the Antivirus programs, do I really want both firewalls?  Also recently was trying to determine if the firewall was blocking something, I was not able to turn the firewall off.  Assuming there was no other options than to implement this type of approach.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Join & Write a Comment

In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month