turn off firewall?

Posted on 2008-06-11
Last Modified: 2010-04-19
my desktop is running xp.

How to I disable the firewall.

it is greyed out on my xp PC.

I have a separate box running sbs server 2003 and have full admin right to this if I need to change anything.

Question by:Cheryl Lander
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3

Expert Comment

ID: 21765009
You can do it in the domain group policy.

Expert Comment

ID: 21765023
Is the XP machine joined to a domain? It sounds to me like either a domain GPO or the local security policy on your computer is restricting access to change the firewall settings. If this is the case, administrative access to your system may be a mute point ... unless you want to go registry hacking.

Expert Comment

ID: 21765041
I read your post wrong. If you have admin access to the SBS server .. which tells me you probably have a domain setup .. run GPEDIT, (i you may need download the tool from Microsoft). Review the details of the default domain policy and any enabled, and enforced Group Policies. My guess is that you will find that one of them is turning the firewall on and disabling access to turn it off
.... thats what i did at my company for security reasons.
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

LVL 70

Expert Comment

ID: 21765075
If its a group policy applied on the server then you DONT want to be running GPEDIT (thats for local policies and group plocies will take precidence).

You need to find the setting in the group policy settings on the server and chnage them


Author Comment

by:Cheryl Lander
ID: 21765094
yep im connected to a domain.

I cant seem to find the gpedit installer. The only one I can locate is for sp1.

So how do I do this in the domain group policy.

Expert Comment

ID: 21765095
Thx KCTs, i put the wrong command in there. Download the group policy editor from microsoft download center if its not already on your server :D

Expert Comment

ID: 21765101
If this isn't controlled thru GP, add or change this registry key:
to "0" (zero) DWORD
to turn firewall off.
LVL 70

Expert Comment

ID: 21765104
>> So how do I do this in the domain group policy. <<

see see which I referred to earlier !!

Expert Comment

ID: 21765108
This is the group policy editor. I just forget if its there by default or not, i know you can get it from MS downloads if not.
LVL 70

Expert Comment

ID: 21765111
read which I referred to earlier !!
Don't go chnaging the registry - the GPO will re-write it anyway "
LVL 77

Accepted Solution

Rob Williams earned 500 total points
ID: 21765178
SBS has specific policies enabled by default which control the XP client's firewall. Open the group policy management console on the SBS and you will see:
  -Small Business Server Internet Conection Firewall
  -Small Business Server Windows Firewall

The first is set to prohibit the use of the older basic NAT firewall. You can leave this as is.
The second is configured for 2 scenarios.
  -Domain Profile (policies applied when connected to the domain)
  -Standard profile (policies applied when not connected to the domain, such as mobile computers/laptops)

By default with the SBS configuration, users are allowed to create exceptions, but not even admins can disable the firewall. In order to allow them to disable the firewall you need to disable the "Small Business Server Windows Firewall" GPO. The reason for this being you are giving them total control, so there is no need to enforce a policy. I highly discourage this, especially for mobile computers. They will switch it off, and never back on. It is better to teach them to create exceptions as needed, or better still you can add exceptions through group policy.

If you do need to disable the policy right click on it, choose GPO status, and then un-check Enabled. Do not delete it as you may want to re-enable at some point. The other option is to create a small OU of users or computers to which you want to a apply/link or not apply the policy.

Remember changing the policy takes about 90 minutes to apply to the clients, or on the client you can force an update using:
gpupdate  /force

The Firewall policies only exist if at least the following 2 updates have been applied to the SBS:
Windows Server 2003 SP1
Windows Small Business Server 2003 Update KB891193 for Windows XP Service Pack 2

Author Comment

by:Cheryl Lander
ID: 21765298

Rob will was much more specific and better to understand.

I logged onto the server.

Group Policy management > Small business server windows Firewall > details.

Then I disabled all settings.

then on the client i did gpupdate  /force

LVL 77

Expert Comment

by:Rob Williams
ID: 21765424
Thanks SWHosting.
Cheers !

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question