We help IT Professionals succeed at work.

How can I allow a domain admin account disable windows firewall?

Medium Priority
314 Views
Last Modified: 2012-05-06
Hi, I have a GP set to enable Windows Firewall for all staff comptuers.  Unfortunately, whenever we (IT Dept.) need to disable the firewall to perform AntiVirus installs and such we have to move the computers out of that OU (which has that GP attached) to disable the firewall temporarily.  I was wondering if there is a way to allow a domain admin account to disable the windows firewall without moving the computer out of the OU?  I would think there would be a way.  What I mean, is when a domain admin account is used to log into a staff computer, it would disable the windows firewall regardless of the GP or at least not be grayed out so, we could disable it temorarily ourselves.

Thanks for any assistance provided.

Bob
Comment
Watch Question

Systems Administrator
CERTIFIED EXPERT
Commented:
Try this: http://www.sadikhov.com/forum/lofiversion/index.php?t148327.html
Basically, put:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
Into a a file, say disable_firewall.reg and then have the tech run it.  It should temp. disable the firewall.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Speshalyst Tech Support professional
CERTIFIED EXPERT
Commented:
I dont think u can exclude a 'user' from a domain wide computer policy
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT
Commented:
No but you could allow local port exceptions and an admin then disable the firewall temporarily if need be..
The alternative could be to create a .bat file that runs psexec to remote machine with following action

'netsh firewall set opmode disable'

psexec.exe - part of Sysinternals suite (free download from Microsoft) - this command allows you to run commands on remote machines.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.