• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 828
  • Last Modified:

Windows Firewall on or off for Domain Controller?

Is it crazy or normal to disable Windows Firewall on a domain controller server? At my client's site, their Windows Server 2008 domain controller server is behind a separate firewall appliance and the Windows Firewall is interfering with an antivirus solution I'm trying to implement. Thanks.
0
canalicomputers
Asked:
canalicomputers
2 Solutions
 
rjwesleyCommented:
I typically always disable it, even though it is of course not recommended by Microsoft.

Rob

I use a separate firewall product as well.
0
 
ShareefHuddleCommented:
I would disable it. But disable it through the windows firewall application
0
 
wilmaflintstoneCommented:
I would leave it in place.

Windows 2008 has an automatic adaption of the firewall. If you add functionality, it will change the firewall rules so it works.

I have 2 windows 2k8 R2 servers. I only had to make 1 change in the firewall rules. And that was for a monitoring system that i use to check the status of my servers.
All other functionality works straight from the box. And i use 60% of the features that come with windows server.

I see no reason why you should turn it off. It does not interfere with normal operations. It adds a little extra security against (yet unknown) threats.

I say: keep it turned on.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
canalicomputersAuthor Commented:
Its Symantec Endpoint Protection that I've installed, the server had the central managing piece of the software, I tried allowing the firewall traffic that Symantec says to but that didn't work, only works when I disable the servers firewall
0
 
cjordan323Commented:

I would use a Group Policy to create an exclusion so you can install your antivirus. The antivirus documentation should tell you what ports it requires to perform remote installations. Typically it's File and Printer sharing or the ports that these services use, the remote installation need to access the Admin$ share.
0
 
canalicomputersAuthor Commented:
Thanks guys
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now