?
Solved

Windows Firewall on or off for Domain Controller?

Posted on 2010-11-22
6
Medium Priority
?
811 Views
Last Modified: 2012-05-10
Is it crazy or normal to disable Windows Firewall on a domain controller server? At my client's site, their Windows Server 2008 domain controller server is behind a separate firewall appliance and the Windows Firewall is interfering with an antivirus solution I'm trying to implement. Thanks.
0
Comment
Question by:canalicomputers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Accepted Solution

by:
rjwesley earned 1000 total points
ID: 34191421
I typically always disable it, even though it is of course not recommended by Microsoft.

Rob

I use a separate firewall product as well.
0
 
LVL 8

Assisted Solution

by:ShareefHuddle
ShareefHuddle earned 1000 total points
ID: 34191428
I would disable it. But disable it through the windows firewall application
0
 
LVL 2

Expert Comment

by:wilmaflintstone
ID: 34191505
I would leave it in place.

Windows 2008 has an automatic adaption of the firewall. If you add functionality, it will change the firewall rules so it works.

I have 2 windows 2k8 R2 servers. I only had to make 1 change in the firewall rules. And that was for a monitoring system that i use to check the status of my servers.
All other functionality works straight from the box. And i use 60% of the features that come with windows server.

I see no reason why you should turn it off. It does not interfere with normal operations. It adds a little extra security against (yet unknown) threats.

I say: keep it turned on.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:canalicomputers
ID: 34191562
Its Symantec Endpoint Protection that I've installed, the server had the central managing piece of the software, I tried allowing the firewall traffic that Symantec says to but that didn't work, only works when I disable the servers firewall
0
 
LVL 5

Expert Comment

by:cjordan323
ID: 34192517

I would use a Group Policy to create an exclusion so you can install your antivirus. The antivirus documentation should tell you what ports it requires to perform remote installations. Typically it's File and Printer sharing or the ports that these services use, the remote installation need to access the Admin$ share.
0
 

Author Closing Comment

by:canalicomputers
ID: 34223515
Thanks guys
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month12 days, 21 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question