Turning off Windows Firewall on remote computer not on domain

Ok, here's a good one.  Have several remote computers that connect back to our domain through VPN.  These computers are not part of the domain.  They are given a DHCP address through the VPN, and I can reach them on the LAN.  Problem I'm having is this:  I want to disable Windows Firewall on these machines without having to remote in with VNC and do it manually.  I have tried using gpedit.msc gpcomputer from the command line, but I don't have the correct login credentials for it to work on that machine (local users on these machines have different logins than our domain).  What's the solution here?
Who is Participating?
Joseph MoodyConnect With a Mentor Blogger and wearer of all hats.Commented:
Use PSexecute and remotely run "net stop MpsSvc"
Our guys use Computer Manager to remotely manage Windows XP computers. They can disable the firewall services that way.
From computer manager on your PC , use "connect to" option and connect to remote computer. you can stop and disable firewall service from "services" section.
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

look at this :) pitchford said the same thing just one second before me :)
lflorenceAuthor Commented:
Using PSExec returns "Couldn't Access (IP)"  Computer Manager gives me an access denied message when trying to open services.
Joseph MoodyBlogger and wearer of all hats.Commented:
With computer manager, you will need to run it as a admin of that remote machine. When running psexec, are you connecting as an admin of the remote machine? Are you using the computer name or IP to connect.
lflorenceAuthor Commented:
How do I run computer manager as an admin of that machine if that machine is not in the domain and does not have the same login as a domain account?

Having to use IP in PsExec because I cannot reach computer by name.
Adam LeinssConnect With a Mentor Commented:
Make sure the local administrator password is the same on both PCs (yours and the remote one not on the domain).  Then, login as local administator on your machine and then you should be able to remotely manage the manage, assuming of course that Remote Registry is not turned off/firewalled.
Adam LeinssCommented:
remotely manage the PC*
well . managing computers remotely is difficult when they are not in a domain. why don't you add them to the domain ? that gives you a lot more management capabilities...
Unless you have the necessary credentials and the remote systems have exemption in the  firewall for the inbound 139,445 you can not.

Why would you want to take the step to disable something the owner of the computer choose to enable or not to disable.
Rob KnightConsultantCommented:

Disabling firewalls is never a recommended approach as this is providing protection for the machine?

If you need to access the machine, then create an exception and configure the scope to include your subnet etc?


Why not use a batch file to access there shares and use the Netsh command.

@echo off
REM Take Host names from shares.txt file and connect and disable windows firewall.
for /f "tokens=* delims= " %%a in (shares.txt) do ( if not errorlevel 1 set str=%%a )
for /f "tokens=2 delims==" %%a in ('echo !str!') do ( 
set host=%%a
net use a: !host! /user: user password
netsh firewall set opmode disable
net session !host! /delete

Open in new window

All Courses

From novice to tech pro — start learning today.