Bryon H
asked on
sbs2008 gpo vs firewall on win7
we have a client who has a default setup of sbs2008.
we have configured some settings in the gpo for windows firewall, and they were happy with it. now they need to make it so the laptops that are domain members can change their firewall on or off. currently, it's greyed out.
i went back into the gpo and set every single windows firewall option for "vista" and "xp" to "not configured", rebooted the server, rebooted the workstations, but the firewall option is still greyed out on the workstations/laptops
i did run gpupdate /force on the workstations, it made them log out, yes, logged back in, cant change firewall
in the gpo i see settings for vista, and settings for xp, but i dont see a windows 7... but, a win7 laptop picked it up anyway and the firewall is unable to be changed.
the users are logging in as local administrators. meaning, domain\username is a member of the local computer\administrators
on the 7 box, user account control is turned off
to summarize my questions:
1. where exactly in the sbs2008 gpo do i need to adjust so the laptops/workstations can edit their own local firewall?
2. how can i add the win7 stuff to the gpo?
we have configured some settings in the gpo for windows firewall, and they were happy with it. now they need to make it so the laptops that are domain members can change their firewall on or off. currently, it's greyed out.
i went back into the gpo and set every single windows firewall option for "vista" and "xp" to "not configured", rebooted the server, rebooted the workstations, but the firewall option is still greyed out on the workstations/laptops
i did run gpupdate /force on the workstations, it made them log out, yes, logged back in, cant change firewall
in the gpo i see settings for vista, and settings for xp, but i dont see a windows 7... but, a win7 laptop picked it up anyway and the firewall is unable to be changed.
the users are logging in as local administrators. meaning, domain\username is a member of the local computer\administrators
on the 7 box, user account control is turned off
to summarize my questions:
1. where exactly in the sbs2008 gpo do i need to adjust so the laptops/workstations can edit their own local firewall?
2. how can i add the win7 stuff to the gpo?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ended up just editing the policy completely to allow the workstations to control it themselves... couldnt get it to go per group :/
ASKER
the firewall gpo appears to be its own individual gpo, among a list of other ones created by sbs2008 i assume, since i didnt create them
going with the group, and blocking them on the firewall policy sounds like the way to go, i'll go do that and report back in a few hours