Group Policy setting for Windows Firewall

Posted on 2005-05-10
Last Modified: 2010-04-19
Guy's this is sooooo!!! urgent.

Have  a Windows Server 2003 controlling 5 XP workstations.

the server (by default) has turned on all the firewalls and now I cannot remote install/ assist etc.

Please can someone guide me to the Group policy thats doing this .

Question by:Timbertool12
    LVL 5

    Expert Comment

    you need to check first what version the adm files are on the active directory.
    you will need the service pack 2 adm files.
    when you have done this you will be able to set a group policy enabling, disabling, populating exception losts etc.
    LVL 5

    Expert Comment

    to create a group policy, you will need to have your users, in an OU in the active directory, then you access group policys via properties of the ou, under group policys, just click new policy, give it a meanful name, make you changes to the policy,
    LVL 9

    Expert Comment

    You can also download the Group Policy management tool from MS where you have a better view of your policies.
    LVL 57

    Accepted Solution

    Disable XP SP2 Firewall through Group Policy

    1.      Open Active directory users and computers.
    2.      Right click the domain name and select properties (note you can also apply this .policy on an OU if you wish).
    3.      Select the Group policy tab.
    4.      Select either the default domain policy (of the policy you wish to edit).
    5.      Click Edit.
    6.      Navigate to Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall.

    Note I’m only concerned with the domain profile here – If you have mobile users you can configure different settings for the domain and standard (not on the domain) settings.

    7.      Select Domain Profile.
    8.      Set the policies as follows,

    Windows Firewall: Protect all network connections – set to disabled

    Note this is all you need to do however – if you have users that “Fiddle” you might want to configure a few more (note you can navigate through all the settings using the “Next Setting buttons”

    Windows Firewall: Do not allow exceptions – not configured
    Windows Firewall: Define program exceptions– not configured
    Windows Firewall: Allow local program exceptions– not configured
    Windows Firewall: Allow remote administration exception – enabled (put in your entire subnet i.e
    Windows Firewall: Allow file and printer sharing exception – enabled (put in your entire subnet i.e
    Windows Firewall: Allow ICMP exceptions – not configured
    Windows Firewall: Allow Remote Desktop exception– enabled (put in your entire subnet i.e
    Windows Firewall: Allow UPnP framework exception– enabled (put in your entire subnet i.e
    Windows Firewall: Prohibit notifications– enabled (notifications cause calls to IT :)
    Windows Firewall: Allow logging - disabled
    Windows Firewall: Prohibit unicast response to multicast or broadcast requests - disabled
    Windows Firewall: Define port exceptions – not configured
    Windows Firewall: Allow local port exceptions – not configured

    NOTE give this some time to propagate round the network (NOTE start > run > gpupdate will enforce it immediately on an XP client if you want to test it)
    LVL 5

    Expert Comment

    Side question... is it necessary/advisable to have XP's firewall running on a desktop machine in a domain like this?  
    LVL 57

    Expert Comment

    by:Pete Long
    - in a domain enviroment - that is secured by it own network Firewall(s) and or network segragation - then no turn it off

    on your aunty Mables home PC'turn it on :)
    LVL 5

    Expert Comment

    no, you should have an external firewall so the desktops dont need one.
    LVL 25

    Expert Comment

    mleman---the policy that controls the firewall is a COMPUTER policy,, meaning it is 100% irrelevant which OU the users are, it is however 100% relevant which OU the computers are in.

    pdxsrw,, i always have the firewall turned off so i can do various administrative tasks to the computers in a domain (i'm sure many would diagree with that).  you should however have a good hardware firewall between your lan and the internet to protect your computers from the internet.  no need to protect your lan from itself is there??  MS turned on the firewall if you do a default install of SP2 (no switches) b/c it is advisable to do so on a network without a good hardware firewall, but of course this screws up network admins' ability to manage the PCs.

    Author Comment

    Your the puppy's parts old chap.

    Just what I needed.

    Still slaving away on this one 22:07 GMT.

    Still, with your knowledge Pete, I should have it cracked soon.


    LVL 57

    Expert Comment

    by:Pete Long
    LOL its Ten o clock up here in Middlesbrough m8 - get knocked off and get yer ead down :)


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now