Solved

Need windows firewall disabled/grayed out when on SBS 2003 network but need user to be able to turn windows firewall on/off when off the network to use VPN

Posted on 2006-06-29
6
787 Views
Last Modified: 2008-03-26
Currently I have the GP on the SBS 2003 server disabled for the network profile and not configured for the standard profile.  This keeps the firewall off while they are on the network (which I want) but when they are off the network the windows firewall is on and grayed out and says set by group policy).  I have some users that need the windows firewall to be on when they are not on the network and some that need to be able to turn it off when they are off the network so they can use their VPN client.  How do I configure the GP to allow them the ability to turn it on and off when they are not on the network?
0
Comment
Question by:studios
  • 3
6 Comments
 
LVL 3

Expert Comment

by:EE33
Comment Utility
You could disable the firewall by going into Services and turning the service off but there
is a problem - the Windows Firewall is tied in with "Internet Connection Sharing"

On a network I should think you need the Internet Connection Sharing (ICS) service
always running to even communicate with the other systems. But like you say, you
would be on a Virtual Private Network so I am not too sure if you would need ICS
but more than likely you will. Blame Microsoft, I do! Why they tied the two services
together like that is beyond me its just stupid and a bad design.
0
 
LVL 3

Expert Comment

by:EE33
Comment Utility
Sorry you said...

"How do I configure the GP to allow them the ability to turn it on and off when they are not on the network?"

When they are not on the network OK...

These users can't disable and enable services if they are just "Users"

See if this helps, it sems to deal with your needs....

http://www.jsifaq.com/subj/tip4600/rh4673.htm
0
 
LVL 3

Expert Comment

by:EE33
Comment Utility
That article does not mention that you first have to ceate
the snap in to access "Active Directory Users and Computers"

Start > Run >

Type: MMC

Then: File > Add/Remove Snap-In > Add > Active Directory Users and Computers

Then you'd have to follow the guide from the link above.
0
 
LVL 24

Accepted Solution

by:
Kenneniah earned 125 total points
Comment Utility
When setting the Firewall to on or off using group policy, no, there is no way to give users the ability to change it. That's the whole point of setting it with group policy.

However, you should be able to get a VPN client to work fine with the firewall enabled. Just set up exceptions in your GPOs Standard Profile firewall settings. For some VPN connections, just enabling "Allow incoming echo request" and "Allow outgoing destination unreachable" in "Windows Firewall: Allow ICMP Exceptions".
Depending on what VPN client etc, you may have to set up Port exceptions, program exceptions etc.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now