turn off firewall?

Posted on 2008-06-11
Last Modified: 2010-04-19
my desktop is running xp.

How to I disable the firewall.

it is greyed out on my xp PC.

I have a separate box running sbs server 2003 and have full admin right to this if I need to change anything.

Question by:Cheryl Lander
  • 4
  • 3
  • 2
  • +3

Expert Comment

ID: 21765009
You can do it in the domain group policy.

Expert Comment

ID: 21765023
Is the XP machine joined to a domain? It sounds to me like either a domain GPO or the local security policy on your computer is restricting access to change the firewall settings. If this is the case, administrative access to your system may be a mute point ... unless you want to go registry hacking.

Expert Comment

ID: 21765041
I read your post wrong. If you have admin access to the SBS server .. which tells me you probably have a domain setup .. run GPEDIT, (i you may need download the tool from Microsoft). Review the details of the default domain policy and any enabled, and enforced Group Policies. My guess is that you will find that one of them is turning the firewall on and disabling access to turn it off
.... thats what i did at my company for security reasons.
LVL 70

Expert Comment

ID: 21765075
If its a group policy applied on the server then you DONT want to be running GPEDIT (thats for local policies and group plocies will take precidence).

You need to find the setting in the group policy settings on the server and chnage them


Author Comment

by:Cheryl Lander
ID: 21765094
yep im connected to a domain.

I cant seem to find the gpedit installer. The only one I can locate is for sp1.

So how do I do this in the domain group policy.

Expert Comment

ID: 21765095
Thx KCTs, i put the wrong command in there. Download the group policy editor from microsoft download center if its not already on your server :D
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline


Expert Comment

ID: 21765101
If this isn't controlled thru GP, add or change this registry key:
to "0" (zero) DWORD
to turn firewall off.
LVL 70

Expert Comment

ID: 21765104
>> So how do I do this in the domain group policy. <<

see see which I referred to earlier !!

Expert Comment

ID: 21765108
This is the group policy editor. I just forget if its there by default or not, i know you can get it from MS downloads if not.
LVL 70

Expert Comment

ID: 21765111
read which I referred to earlier !!
Don't go chnaging the registry - the GPO will re-write it anyway "
LVL 77

Accepted Solution

Rob Williams earned 500 total points
ID: 21765178
SBS has specific policies enabled by default which control the XP client's firewall. Open the group policy management console on the SBS and you will see:
  -Small Business Server Internet Conection Firewall
  -Small Business Server Windows Firewall

The first is set to prohibit the use of the older basic NAT firewall. You can leave this as is.
The second is configured for 2 scenarios.
  -Domain Profile (policies applied when connected to the domain)
  -Standard profile (policies applied when not connected to the domain, such as mobile computers/laptops)

By default with the SBS configuration, users are allowed to create exceptions, but not even admins can disable the firewall. In order to allow them to disable the firewall you need to disable the "Small Business Server Windows Firewall" GPO. The reason for this being you are giving them total control, so there is no need to enforce a policy. I highly discourage this, especially for mobile computers. They will switch it off, and never back on. It is better to teach them to create exceptions as needed, or better still you can add exceptions through group policy.

If you do need to disable the policy right click on it, choose GPO status, and then un-check Enabled. Do not delete it as you may want to re-enable at some point. The other option is to create a small OU of users or computers to which you want to a apply/link or not apply the policy.

Remember changing the policy takes about 90 minutes to apply to the clients, or on the client you can force an update using:
gpupdate  /force

The Firewall policies only exist if at least the following 2 updates have been applied to the SBS:
Windows Server 2003 SP1
Windows Small Business Server 2003 Update KB891193 for Windows XP Service Pack 2

Author Comment

by:Cheryl Lander
ID: 21765298

Rob will was much more specific and better to understand.

I logged onto the server.

Group Policy management > Small business server windows Firewall > details.

Then I disabled all settings.

then on the client i did gpupdate  /force

LVL 77

Expert Comment

by:Rob Williams
ID: 21765424
Thanks SWHosting.
Cheers !

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now