Cizombs
asked on
How to disable SBS 2008 GP controlling XP firewall permissions
I'm running SBS 2008 with a few XP clients. I need to disable the firewall settings on the xp client computers. The option to turn firewall "on" or "off" is greyed out on the client computers. I've tried to make some GP changes but nothing is working so I'm missing something. Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not sure why you'd want to mess with this but the GP is found by starting the GPMC > Group Policy Objects > Windows SBS Client - Windows XP Policy right click and choose Edit.
ASKER
Thanks RobWill, "Computer Configuration | Policies | Administrative Templates | Network | Network Connections | Windows Firewall | DOMAIN Profile | Protect All Network connections
By default this is set to enabled" Mine is already set to not configured? as well as the "other GPO Policy"
Maybe disable instead of not configured?
CrisHanna, We have a stand alone SQL program that runs on an XP client and until we lower the firewall for the initial connection the other client computers can't access the SQL database on the client running SQL.
By default this is set to enabled" Mine is already set to not configured? as well as the "other GPO Policy"
Maybe disable instead of not configured?
CrisHanna, We have a stand alone SQL program that runs on an XP client and until we lower the firewall for the initial connection the other client computers can't access the SQL database on the client running SQL.
>>"Mine is already set to not configured?"
Assuming an XP machine, this is under the "Windows SBS Client - Windows XP Policy" policy?
That should allow you to change. This assumes the machine is a member of this domain.
If you just need to allow SQL you would be better just to create an exception, which is allowed by default. I believe it is TCP port 1433
Assuming an XP machine, this is under the "Windows SBS Client - Windows XP Policy" policy?
That should allow you to change. This assumes the machine is a member of this domain.
If you just need to allow SQL you would be better just to create an exception, which is allowed by default. I believe it is TCP port 1433
ASKER
Thanks again. Can you explain steps for creating a SQL exception.
You can do so with group policy but where it is one machine and only incoming is blocked on XP by default the simplest thing to do is just edit the XP firewall.
The default port used by SQL is TCP 1433, but you should verify that with your application.
To create the exception open the windows firewall from the control panel, click on the advanced tab, click on add port | select TCP, and enter 1433. You can do the same all over again for UDP to be sure.
The other option is to select add program and browse to your application on the XP machine, but personally I find the port more dependable as there can be multiple .exe's
The default port used by SQL is TCP 1433, but you should verify that with your application.
To create the exception open the windows firewall from the control panel, click on the advanced tab, click on add port | select TCP, and enter 1433. You can do the same all over again for UDP to be sure.
The other option is to select add program and browse to your application on the XP machine, but personally I find the port more dependable as there can be multiple .exe's
ASKER
Tried to open the SQL port and the program exe to no avail.
So, I DISABLED > Computer Configuration | Policies | Administrative Templates | Network | Network Connections | Windows Firewall | DOMAIN Profile | Protect All Network connections
and now the SQL based progam on the XP client can connect with all other clients which is what I need.
Now, all the firewall settings on the XP clients are greay out stilled but the firewall is disabled so the SQL database can be accessed by all cleints. Any reason I cannot disable or inable the firewall settings directly on each client??? It seems like SBS is still in control of the cleint firewall settings?
So, I DISABLED > Computer Configuration | Policies | Administrative Templates | Network | Network Connections | Windows Firewall | DOMAIN Profile | Protect All Network connections
and now the SQL based progam on the XP client can connect with all other clients which is what I need.
Now, all the firewall settings on the XP clients are greay out stilled but the firewall is disabled so the SQL database can be accessed by all cleints. Any reason I cannot disable or inable the firewall settings directly on each client??? It seems like SBS is still in control of the cleint firewall settings?
ASKER
Thanks for all your help. I also had to add UDP 1434 along with TCP 1433 to make this work.
You disabled the policy. If set to not configured an administrator (only administrators) should be able to disable/enable the firewall.
Glad to hear you have it working.
Thanks Cizombs.
Cheers!
--Rob
Glad to hear you have it working.
Thanks Cizombs.
Cheers!
--Rob
gpresult /v > results.txt