Browse All Articles
> How to allow clients to control their own firewall in SBS 2011
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy.
In 2011, the client firewall policy has moved to the SBS computers container. If the computer is not in this AD container then the policy won’t work of course. The SBS 2008 policy in in the group policy objects folder, under SBS client policies.
When you Google this “turning off the client firewall policy in sbs 2011” you get this:
This article will lead you nowhere (it is for 2008 and not 2011) and that can be frustrating.
So… Here is the location if you have the need in SBS 2011 :
The policy computer configuration-> windows settings->administrative templates->network->networ
k connections->windows firewall->Domain Profile->make sure all the settings are changed to not configured. This will ensure the Clients have control of their own firewall.
Once they are all configured you can do your gpupdate/force and have the clients log off and back on again and viola.
I would not implement this in the organization unless you have a specific reason.
I wrote this article because there is currently not one out on the internet for how to do this in SBS 2011. One caveat is the public firewall setting on the server. If you do these GPS settings and then turn on the "public" firewall policy on the server, I think this will reset the settinngs. I havent verified this but at least you have an idea as to what is going on.
The Firewall policy for the server is in server manager-> configuration->windows firewall with advanced settings. Then you right click and go to properties. Or simply use the SBS console. Either way - you want to make sure your Server firewall settings are how you want them and then go ahead and make the change.
I hope this helps.