<

Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

How to allow clients to control their own firewall in SBS 2011

Published on
25,652 Points
18,952 Views
2 Endorsements
Last Modified:
Approved
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy.

In 2011, the client firewall policy has moved to the SBS computers container. If the computer is not in this AD container then the policy won’t work of course. The SBS 2008 policy in in the group policy objects folder, under SBS client policies.

When you Google this “turning off the client firewall policy in sbs 2011” you get this:

http://msmvps.com/blogs/robwill/archive/2011/04/06/disable-the-windows-firewall-on-client-computers-in-an-sbs-2008-domain.aspx

This article will lead you nowhere (it is for 2008 and not 2011) and that can be frustrating.

So… Here is the location if you have the need in SBS 2011 :
 SBS 2011 sbscomputers policy
The policy computer configuration-> windows settings->administrative templates->network->network connections->windows firewall->Domain Profile->make sure all the settings are changed to not configured. This will ensure the Clients have control of their own firewall.

 SBS 2011 windows firewall policy
Once they are all configured you can do your gpupdate/force and have the clients log off and back on again and viola.

Disclaimer :

I would not implement this in the organization unless you have a specific reason.

I wrote this article because there is currently not one out on the internet for how to do this in SBS 2011. One caveat is the public firewall setting on the server. If you do these GPS settings and then turn on the "public" firewall policy on the server, I think this will reset the settinngs. I havent verified this but at least you have an idea as to what is going on.

The Firewall policy for the server is in server manager-> configuration->windows firewall with advanced settings. Then you right click and go to properties. Or simply use the SBS console. Either way - you want to make sure your Server firewall settings are how you want them and then go ahead and make the change.

I hope this helps.

L
2
Comment
Author:louisreeves
2 Comments
 
 

Administrative Comment

by:Glen Knight
Hi louisreeves,

My first question, is why would you want to do this?

One of the most important features of any Windows Network is the centralised administration/control.

Giving the end users access to change security settings is a recipe for disaster, from that perspective, there has to be a clear reason to want to do this and a note indicating this is not best practice and should be avoided at all cost.

Thanks
demazter
Experts Exchange Page Editor

0
 

Expert Comment

by:MrGD
If you want to allow the user to use alternative firewalls like one that comes with the Antivirus programs, do I really want both firewalls?  Also recently was trying to determine if the firewall was blocking something, I was not able to turn the firewall off.  Assuming there was no other options than to implement this type of approach.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Join & Write a Comment

Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month