we have a client who has a default setup of sbs2008.
we have configured some settings in the gpo for windows firewall, and they were happy with it. now they need to make it so the laptops that are domain members can change their firewall on or off. currently, it's greyed out.
i went back into the gpo and set every single windows firewall option for "vista" and "xp" to "not configured", rebooted the server, rebooted the workstations, but the firewall option is still greyed out on the workstations/laptops
i did run gpupdate /force on the workstations, it made them log out, yes, logged back in, cant change firewall
in the gpo i see settings for vista, and settings for xp, but i dont see a windows 7... but, a win7 laptop picked it up anyway and the firewall is unable to be changed.
the users are logging in as local administrators. meaning, domain\username is a member of the local computer\administrators
on the 7 box, user account control is turned off
to summarize my questions:
1. where exactly in the sbs2008 gpo do i need to adjust so the laptops/workstations can edit their own local firewall?
2. how can i add the win7 stuff to the gpo?