Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SBS Firewall Policy

Posted on 2011-02-21
10
Medium Priority
?
1,098 Views
Last Modified: 2012-05-11
I have a problem installing a software program on a new Windows 7 system within a SBS 2003 domain.  According to tech support of the software windows firewall is blocking the completion of my installation.  However, when I go to Control Panel, Firewall Settings, the turn off option for my domain is "grayed out", so I cannot turn it off.

I went to Group Policy Management on the PDC, Small Business Server Windows Firewall and disabled all settings, however Windows 7 system still will not allow me to turn firewall off (I ran gpupdate /force at server and workstation).

Tech support of the application software said the issue may be because Symantec EndPoint is controlling firewall settings, so I removed EndPoint from the workstation temporarily so that I could do the installation - again, the option will not allow me to change the setting.

I would appreciate any help in what I can do to turn off the domain firewall setting on the Windows 7 system so that I can complete this installation.
0
Comment
Question by:mdwhiteside
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 3

Accepted Solution

by:
brd24gor earned 1000 total points
ID: 34946899
Sounds like you have administrative privileges. If so, you could try temporarily removing the machine from the domain, turn off the firewall, finish installing your software, then rejoin domain.
0
 
LVL 9

Assisted Solution

by:rawinnlnx9
rawinnlnx9 earned 1000 total points
ID: 34947041
When you go into the firewall settings you need to look carefully. There's an option in there for advanced firewall settings and you can enable the options by clicking a link that prompts you to do so. It's not intuitive so look around. It's in there though. Even signed in as Administrator or with "administrator" permissions you'll need to do this.

1. Start Menu->Control Panel->Windows Firewall.
2. Go into Advanced Rules in there you should have the rights you need but you are doing things at the port level.
3. Do not go into "Turn Windows Firewall on or Off" you won't have the rights. I'm a domain admin, enterprise admin, dns admin, and Local Admin and I still don't have the rights. You have to sign on as Administrator to unlock these settings.
0
 

Author Comment

by:mdwhiteside
ID: 34947048
There may be a problem with that approach because the installation of the software comes from a server application.  It is installing a client portion to the program, so your solution might work unless the software needs to see main program and database, which reside on the server.  The program is SQL based, if that helps.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 2

Expert Comment

by:david4800
ID: 34947131
On SBS 2003 there is the Group Policy and the Domain Security Policy.  Are they both set the same?  Microsoft always uses the most restrictive policy when two policies are in conflict.
0
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 34947175
How is the installation carried out? Command line or using the Windows Explorer and launching an executable?

Oh and if you disable group policy the only way to push that out real-time is by opening a command prompt on the client and the server and running this command:

gpupdate /force

Open in new window


Do that on both the server and the client. Do it on the server first. Then do it on the client. If you don't do this the default for GPUpdate is 24 hours.
0
 

Author Comment

by:mdwhiteside
ID: 34947259
The program is done with an executable from the server folder.  Also, I had run the gpudate /force on both the server and workstation.

I want to try using the advanced firewall settings that rawinn.. suggested, but cannot until tomorrow.  I will post after trying.
0
 
LVL 3

Expert Comment

by:brd24gor
ID: 34947355
Being a part of the domain has nothing to do with it being able to see the SQL Server or application server. The only thing you will probably have to do is supply domain credentials when connecting to them. I'd give it a try and see what happens.
0
 

Author Comment

by:mdwhiteside
ID: 34983718
I realize this issue has taken longer than expected, but I was just able to return to the site today, and the user has taken the laptop from the location, so I still have not been able to try the fix that has been suggested.  I plan to email the user and see if we can coordinate our schedules for Monday.
0
 
LVL 3

Expert Comment

by:brd24gor
ID: 35039919
Was there ever a resolution?
0
 

Author Closing Comment

by:mdwhiteside
ID: 35130976
The solution also involved installing the program as an administrator and still running the install as administrator.  This was recommended by the software company despite the fact that my administrator account had both domain and local admiistrative priviliges.  However, after following this direction, the program installed correctly.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question