mdwhiteside
asked on
SBS Firewall Policy
I have a problem installing a software program on a new Windows 7 system within a SBS 2003 domain. According to tech support of the software windows firewall is blocking the completion of my installation. However, when I go to Control Panel, Firewall Settings, the turn off option for my domain is "grayed out", so I cannot turn it off.
I went to Group Policy Management on the PDC, Small Business Server Windows Firewall and disabled all settings, however Windows 7 system still will not allow me to turn firewall off (I ran gpupdate /force at server and workstation).
Tech support of the application software said the issue may be because Symantec EndPoint is controlling firewall settings, so I removed EndPoint from the workstation temporarily so that I could do the installation - again, the option will not allow me to change the setting.
I would appreciate any help in what I can do to turn off the domain firewall setting on the Windows 7 system so that I can complete this installation.
I went to Group Policy Management on the PDC, Small Business Server Windows Firewall and disabled all settings, however Windows 7 system still will not allow me to turn firewall off (I ran gpupdate /force at server and workstation).
Tech support of the application software said the issue may be because Symantec EndPoint is controlling firewall settings, so I removed EndPoint from the workstation temporarily so that I could do the installation - again, the option will not allow me to change the setting.
I would appreciate any help in what I can do to turn off the domain firewall setting on the Windows 7 system so that I can complete this installation.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
On SBS 2003 there is the Group Policy and the Domain Security Policy. Are they both set the same? Microsoft always uses the most restrictive policy when two policies are in conflict.
How is the installation carried out? Command line or using the Windows Explorer and launching an executable?
Oh and if you disable group policy the only way to push that out real-time is by opening a command prompt on the client and the server and running this command:
Do that on both the server and the client. Do it on the server first. Then do it on the client. If you don't do this the default for GPUpdate is 24 hours.
Oh and if you disable group policy the only way to push that out real-time is by opening a command prompt on the client and the server and running this command:
gpupdate /force
Do that on both the server and the client. Do it on the server first. Then do it on the client. If you don't do this the default for GPUpdate is 24 hours.
ASKER
The program is done with an executable from the server folder. Also, I had run the gpudate /force on both the server and workstation.
I want to try using the advanced firewall settings that rawinn.. suggested, but cannot until tomorrow. I will post after trying.
I want to try using the advanced firewall settings that rawinn.. suggested, but cannot until tomorrow. I will post after trying.
Being a part of the domain has nothing to do with it being able to see the SQL Server or application server. The only thing you will probably have to do is supply domain credentials when connecting to them. I'd give it a try and see what happens.
ASKER
I realize this issue has taken longer than expected, but I was just able to return to the site today, and the user has taken the laptop from the location, so I still have not been able to try the fix that has been suggested. I plan to email the user and see if we can coordinate our schedules for Monday.
Was there ever a resolution?
ASKER
The solution also involved installing the program as an administrator and still running the install as administrator. This was recommended by the software company despite the fact that my administrator account had both domain and local admiistrative priviliges. However, after following this direction, the program installed correctly.
ASKER