Solved

Windows Firewall on or off for Domain Controller?

Posted on 2010-11-22
6
800 Views
Last Modified: 2012-05-10
Is it crazy or normal to disable Windows Firewall on a domain controller server? At my client's site, their Windows Server 2008 domain controller server is behind a separate firewall appliance and the Windows Firewall is interfering with an antivirus solution I'm trying to implement. Thanks.
0
Comment
Question by:canalicomputers
6 Comments
 
LVL 8

Accepted Solution

by:
rjwesley earned 250 total points
ID: 34191421
I typically always disable it, even though it is of course not recommended by Microsoft.

Rob

I use a separate firewall product as well.
0
 
LVL 8

Assisted Solution

by:ShareefHuddle
ShareefHuddle earned 250 total points
ID: 34191428
I would disable it. But disable it through the windows firewall application
0
 
LVL 2

Expert Comment

by:wilmaflintstone
ID: 34191505
I would leave it in place.

Windows 2008 has an automatic adaption of the firewall. If you add functionality, it will change the firewall rules so it works.

I have 2 windows 2k8 R2 servers. I only had to make 1 change in the firewall rules. And that was for a monitoring system that i use to check the status of my servers.
All other functionality works straight from the box. And i use 60% of the features that come with windows server.

I see no reason why you should turn it off. It does not interfere with normal operations. It adds a little extra security against (yet unknown) threats.

I say: keep it turned on.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:canalicomputers
ID: 34191562
Its Symantec Endpoint Protection that I've installed, the server had the central managing piece of the software, I tried allowing the firewall traffic that Symantec says to but that didn't work, only works when I disable the servers firewall
0
 
LVL 5

Expert Comment

by:cjordan323
ID: 34192517

I would use a Group Policy to create an exclusion so you can install your antivirus. The antivirus documentation should tell you what ports it requires to perform remote installations. Typically it's File and Printer sharing or the ports that these services use, the remote installation need to access the Admin$ share.
0
 

Author Closing Comment

by:canalicomputers
ID: 34223515
Thanks guys
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question