Windows Firewall on or off for Domain Controller?

Posted on 2010-11-22
Medium Priority
Last Modified: 2012-05-10
Is it crazy or normal to disable Windows Firewall on a domain controller server? At my client's site, their Windows Server 2008 domain controller server is behind a separate firewall appliance and the Windows Firewall is interfering with an antivirus solution I'm trying to implement. Thanks.
Question by:canalicomputers

Accepted Solution

rjwesley earned 1000 total points
ID: 34191421
I typically always disable it, even though it is of course not recommended by Microsoft.


I use a separate firewall product as well.

Assisted Solution

ShareefHuddle earned 1000 total points
ID: 34191428
I would disable it. But disable it through the windows firewall application

Expert Comment

ID: 34191505
I would leave it in place.

Windows 2008 has an automatic adaption of the firewall. If you add functionality, it will change the firewall rules so it works.

I have 2 windows 2k8 R2 servers. I only had to make 1 change in the firewall rules. And that was for a monitoring system that i use to check the status of my servers.
All other functionality works straight from the box. And i use 60% of the features that come with windows server.

I see no reason why you should turn it off. It does not interfere with normal operations. It adds a little extra security against (yet unknown) threats.

I say: keep it turned on.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.


Author Comment

ID: 34191562
Its Symantec Endpoint Protection that I've installed, the server had the central managing piece of the software, I tried allowing the firewall traffic that Symantec says to but that didn't work, only works when I disable the servers firewall

Expert Comment

ID: 34192517

I would use a Group Policy to create an exclusion so you can install your antivirus. The antivirus documentation should tell you what ports it requires to perform remote installations. Typically it's File and Printer sharing or the ports that these services use, the remote installation need to access the Admin$ share.

Author Closing Comment

ID: 34223515
Thanks guys

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
The Super Bowl is just days away. Millions of advertising dollars will be spent in just a few hours to drive people to websites around the globe. Optimizing your site in anticipation of a big event like this (and the traffic surges that follow) will…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question