first let me explain our situtation: we have a lot of pc's (for these, no problem) and a lot of notebooks. I want to disable the firewall when the user is at work. When the user takes the notebook back home, he should be allowed to enable the firewall. What are my options? I also need to tell you we have linux servers so we don't use active directory and therefore no group policies. I know you can disable the following via gpedit.msc: Local policy\computer configuration\administrative templates\network\net work connection\windows firewall\domain profile\windows firewall: protect all network connections, but if I do this, the users won't be able to enable the firewall when they're at home, or am I wrong here?