Solved

Disable Win 7 Firewall using GPO

Posted on 2013-01-29
4
395 Views
Last Modified: 2013-02-04
Trying to disable Win 7 Firewall through AD and GPO. Normal settings in GPO do not seem to be working.

Disabling Administrative templates, Network, Network connections, Windows firewall, Domain and Standard profiles to "Prohibit all network connections" should do it, correct? What am I missing? AD is on a Win 2003 server....
0
Comment
Question by:ocantrell
  • 3
4 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 38832713
Go to Start > Administrative Tools > Policies
    Select the policy to edit (Usually: the default policy), right-click and choose “edit”.
    Go to Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile.
    Disable the “Protect All Network connections” rule.  Just to be sure, you can do the same for the “Standard Profile”, as well.
0
 

Author Comment

by:ocantrell
ID: 38834834
That's what I had originally tried.......Just tried again and still does not work (??) I must be missing something like another setting overiding?
0
 

Accepted Solution

by:
ocantrell earned 0 total points
ID: 38834907
A local engineer, Joe Blanchard, provided a solution that worked for me. Here are his steps.

  1.  This must be done from a Windows 2008 server, or a Windows 7 PC. Their policies look a little different, but will link just fine to 2000 and up Domain controllers.
  2.  Win 7 is a little more involved since you have to have RSAT installed for GPMC to show up. (I take the easy way and use a 2008 server if available.)
  3.  Be sure GPMC is installed on Server 2008, (Under Server Manager- Add Roles) I can't remember if it is a role or feature, but it will be under one of those.
  4.  Be sure to create a New Policy instead of editing an old one, that way you have more options if things go to pot.
  5.  Add the firewall settings you need under >Computer Config > Windows Settings > Security Settings > Windows Firewall with Advanced Security
  6.  Close the editor
  7.  Review settings of the Policy via the settings tab
  8.  Link the Policy object to the OU that contains the machines you need the Policy applied to.
  9.  Either wait, or run a gpupdate /force on the PC you are testing on.
  10. Troubleshoot with RSOP if available.
0
 

Author Closing Comment

by:ocantrell
ID: 38850414
Solution provided by a local MS engineer
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Looking for easy way to upgrade Windows 2003 Server to 2012 2 90
Event ID: 5719 / Source: NETLOGON 9 149
Auto Login Script 3 51
SBS 2003 RWW Login 3 43
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question