turn off firewall?

Posted on 2008-06-11
Last Modified: 2010-04-19
my desktop is running xp.

How to I disable the firewall.

it is greyed out on my xp PC.

I have a separate box running sbs server 2003 and have full admin right to this if I need to change anything.

Question by:Cheryl Lander
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3

Expert Comment

ID: 21765009
You can do it in the domain group policy.

Expert Comment

ID: 21765023
Is the XP machine joined to a domain? It sounds to me like either a domain GPO or the local security policy on your computer is restricting access to change the firewall settings. If this is the case, administrative access to your system may be a mute point ... unless you want to go registry hacking.

Expert Comment

ID: 21765041
I read your post wrong. If you have admin access to the SBS server .. which tells me you probably have a domain setup .. run GPEDIT, (i you may need download the tool from Microsoft). Review the details of the default domain policy and any enabled, and enforced Group Policies. My guess is that you will find that one of them is turning the firewall on and disabling access to turn it off
.... thats what i did at my company for security reasons.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 70

Expert Comment

ID: 21765075
If its a group policy applied on the server then you DONT want to be running GPEDIT (thats for local policies and group plocies will take precidence).

You need to find the setting in the group policy settings on the server and chnage them


Author Comment

by:Cheryl Lander
ID: 21765094
yep im connected to a domain.

I cant seem to find the gpedit installer. The only one I can locate is for sp1.

So how do I do this in the domain group policy.

Expert Comment

ID: 21765095
Thx KCTs, i put the wrong command in there. Download the group policy editor from microsoft download center if its not already on your server :D

Expert Comment

ID: 21765101
If this isn't controlled thru GP, add or change this registry key:
to "0" (zero) DWORD
to turn firewall off.
LVL 70

Expert Comment

ID: 21765104
>> So how do I do this in the domain group policy. <<

see see which I referred to earlier !!

Expert Comment

ID: 21765108
This is the group policy editor. I just forget if its there by default or not, i know you can get it from MS downloads if not.
LVL 70

Expert Comment

ID: 21765111
read which I referred to earlier !!
Don't go chnaging the registry - the GPO will re-write it anyway "
LVL 77

Accepted Solution

Rob Williams earned 500 total points
ID: 21765178
SBS has specific policies enabled by default which control the XP client's firewall. Open the group policy management console on the SBS and you will see:
  -Small Business Server Internet Conection Firewall
  -Small Business Server Windows Firewall

The first is set to prohibit the use of the older basic NAT firewall. You can leave this as is.
The second is configured for 2 scenarios.
  -Domain Profile (policies applied when connected to the domain)
  -Standard profile (policies applied when not connected to the domain, such as mobile computers/laptops)

By default with the SBS configuration, users are allowed to create exceptions, but not even admins can disable the firewall. In order to allow them to disable the firewall you need to disable the "Small Business Server Windows Firewall" GPO. The reason for this being you are giving them total control, so there is no need to enforce a policy. I highly discourage this, especially for mobile computers. They will switch it off, and never back on. It is better to teach them to create exceptions as needed, or better still you can add exceptions through group policy.

If you do need to disable the policy right click on it, choose GPO status, and then un-check Enabled. Do not delete it as you may want to re-enable at some point. The other option is to create a small OU of users or computers to which you want to a apply/link or not apply the policy.

Remember changing the policy takes about 90 minutes to apply to the clients, or on the client you can force an update using:
gpupdate  /force

The Firewall policies only exist if at least the following 2 updates have been applied to the SBS:
Windows Server 2003 SP1
Windows Small Business Server 2003 Update KB891193 for Windows XP Service Pack 2

Author Comment

by:Cheryl Lander
ID: 21765298

Rob will was much more specific and better to understand.

I logged onto the server.

Group Policy management > Small business server windows Firewall > details.

Then I disabled all settings.

then on the client i did gpupdate  /force

LVL 77

Expert Comment

by:Rob Williams
ID: 21765424
Thanks SWHosting.
Cheers !

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below.…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question