Solved

Disabling local firewall from Active Directory

Posted on 2014-02-18
11
269 Views
Last Modified: 2014-03-07
Most of the users in the office have the windows FW enabled.  This is stopping me rolling out AV and other programes.  Can I disable this using AD so when then login to the domain the FW is off?
0
Comment
Question by:wannabecraig
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 6

Expert Comment

by:alexgreen312
Comment Utility
Yes,

You can use group policy for this,

Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  > Windows Firewall: Protect all network connections = Disabled

That will disable windows firewall

Regards

Alex
0
 
LVL 1

Author Comment

by:wannabecraig
Comment Utility
Do I do this on the DC?  I can't see the Computer config module.
0
 
LVL 6

Expert Comment

by:alexgreen312
Comment Utility
When you log onto your DC, click start, administrative tools, group policy.

Create a new group policy, make the changes and then link that to the OU with your computers in.

Regards

Alex
0
 
LVL 1

Author Comment

by:wannabecraig
Comment Utility
ok, there was an exisiting domain policy and I edited it, is that ok?

Also, I assume users need to log off and on again before it disables it?
0
 
LVL 6

Expert Comment

by:alexgreen312
Comment Utility
It should apply within the next 4 - 6 hours depending on the time group policy last replicated, however you could ask for a reboot which would apply it immediately.

Regards

Alex
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
>> Can I disable this using AD so when then login to the domain the FW is off?

Simply applying Group Policy cannot implement disabling FW when logged on and enabling FW when logged off. There must be a domain based logon script to do that.

> > Also, I assume users need to log off and on again before it disables it?

Just want to confirm if "disabling FW when logged on and enabling FW when logged off" is what exactly the author wanted?
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
You won't find option to disable firewall at GPO path mentioned above

The correct path to turn off firewall is as below.

Computer configuration\Policies\Windows Settings\security settings\Windows firewall with advanced security\Windows firewall with advanced security -LDAP-------
Right click on above path and go to properties.
Here you need to turn off firewall state for domain profile, public profile and private Profile

Alternatively you can add .bat file in startup script section in GPO in computer configuration with below command

echo off
netsh advfirewall set allprofiles state off

startup script option can be found under Computer configuration\Policies\Windows Settings\scripts (Startup and Shutdown)\startup
You can copy .bat file in netlogon shared folder on domain controller.

Mahesh
0
 
LVL 6

Accepted Solution

by:
alexgreen312 earned 500 total points
Comment Utility
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Also computers must be rebooted once to apply GPO and to disable firewall
0
 
LVL 6

Expert Comment

by:alexgreen312
Comment Utility
Not definately, you can just do a gpupdate /force or wait 4 hours (depending what is specified in the default domain policy)
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
You can do gpupdate /force definitely if you use GPO settings to disable firewall

But if you use .bat file to disable firewall, then you must reboot the computer to run .bat file
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now