Solved

Windows Firewall on or off for Domain Controller?

Posted on 2010-11-22
6
792 Views
Last Modified: 2012-05-10
Is it crazy or normal to disable Windows Firewall on a domain controller server? At my client's site, their Windows Server 2008 domain controller server is behind a separate firewall appliance and the Windows Firewall is interfering with an antivirus solution I'm trying to implement. Thanks.
0
Comment
Question by:canalicomputers
6 Comments
 
LVL 8

Accepted Solution

by:
rjwesley earned 250 total points
Comment Utility
I typically always disable it, even though it is of course not recommended by Microsoft.

Rob

I use a separate firewall product as well.
0
 
LVL 8

Assisted Solution

by:ShareefHuddle
ShareefHuddle earned 250 total points
Comment Utility
I would disable it. But disable it through the windows firewall application
0
 
LVL 2

Expert Comment

by:wilmaflintstone
Comment Utility
I would leave it in place.

Windows 2008 has an automatic adaption of the firewall. If you add functionality, it will change the firewall rules so it works.

I have 2 windows 2k8 R2 servers. I only had to make 1 change in the firewall rules. And that was for a monitoring system that i use to check the status of my servers.
All other functionality works straight from the box. And i use 60% of the features that come with windows server.

I see no reason why you should turn it off. It does not interfere with normal operations. It adds a little extra security against (yet unknown) threats.

I say: keep it turned on.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:canalicomputers
Comment Utility
Its Symantec Endpoint Protection that I've installed, the server had the central managing piece of the software, I tried allowing the firewall traffic that Symantec says to but that didn't work, only works when I disable the servers firewall
0
 
LVL 5

Expert Comment

by:cjordan323
Comment Utility

I would use a Group Policy to create an exclusion so you can install your antivirus. The antivirus documentation should tell you what ports it requires to perform remote installations. Typically it's File and Printer sharing or the ports that these services use, the remote installation need to access the Admin$ share.
0
 

Author Closing Comment

by:canalicomputers
Comment Utility
Thanks guys
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now