smpvm
asked on
Turn "OFF" Domain Network Firewall in All the Desktops in AD Domain
Hello Expert,
I am doing a Windows Domain Scan using a third party software to generate Asset Inventory in our company, to get the scan results properly we need to Disable the "Domain Network" Firewall in All the Desktops which is joined to the AD domain. Please help me to create a GPO which can disable the "Domain Network" Firewall in All the Desktops which is joined to our AD domain.
We are using windows 2008 Domain Controllers and All the Desktops in our company is placed under the OU called "StaffComputers" .
Thank you for the excellent support we are getting from all the "Experts" from Expert-Exchange
Regards...
I am doing a Windows Domain Scan using a third party software to generate Asset Inventory in our company, to get the scan results properly we need to Disable the "Domain Network" Firewall in All the Desktops which is joined to the AD domain. Please help me to create a GPO which can disable the "Domain Network" Firewall in All the Desktops which is joined to our AD domain.
We are using windows 2008 Domain Controllers and All the Desktops in our company is placed under the OU called "StaffComputers" .
Thank you for the excellent support we are getting from all the "Experts" from Expert-Exchange
Regards...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Create GPO with startup script (.bat file) with below code
netsh advfirewall set domainprofile state off
Apply this script under computer configuration\windows settings\scripts\startup script
Apply this GPO to OU containing computers, during computer start GPO will be applied
After creation and application of GPO run gpupdate /force on DC once
netsh advfirewall set domainprofile state off
Apply this script under computer configuration\windows settings\scripts\startup script
Apply this GPO to OU containing computers, during computer start GPO will be applied
After creation and application of GPO run gpupdate /force on DC once
Easy steps to do that:
http://www.systemcentercentral.com/how-to-disable-windows-firewall-via-group-policy/
after that assign GPO to OU you want
http://www.systemcentercentral.com/how-to-disable-windows-firewall-via-group-policy/
after that assign GPO to OU you want
The easiest and fastest way to do this is to use a script that looks at a list of all the windows computers you want to do this on. This way you can tun them off, run your software to get the asset report and then run another script and turn them on again.
assuming you have a list called pc-list.txt with systems like this
pc1
pc1
pc3
Then run a batch file name, for example, firewalloff.bat; add this to the batch file
for /F "tokens=1 delims=," %%i in (C:\Utils\PC-List.csv) do netsh -r %%1 advfirewall set domainprofile state off
this may require a username and password added to this command but try that. Then create another batch file called firewallon.bat and add this line to it
for /F "tokens=1 delims=," %%i in (C:\Utils\PC-List.csv) do netsh -r %%1 advfirewall set domainprofile state on
This way you can minimize the amount of time the firewalls are off.
assuming you have a list called pc-list.txt with systems like this
pc1
pc1
pc3
Then run a batch file name, for example, firewalloff.bat; add this to the batch file
for /F "tokens=1 delims=," %%i in (C:\Utils\PC-List.csv) do netsh -r %%1 advfirewall set domainprofile state off
this may require a username and password added to this command but try that. Then create another batch file called firewallon.bat and add this line to it
for /F "tokens=1 delims=," %%i in (C:\Utils\PC-List.csv) do netsh -r %%1 advfirewall set domainprofile state on
This way you can minimize the amount of time the firewalls are off.
ASKER
Thank you for giving me a perfect solution
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for smpvm's comment #a40597743
Assisted answer: 500 points for Chris Millard's comment #a40585776
for the following reason:
Good Solution.
Accepted answer: 0 points for smpvm's comment #a40597743
Assisted answer: 500 points for Chris Millard's comment #a40585776
for the following reason:
Good Solution.
Original poster has said that he has been given the solution, however is trying to close the question by accepting his own comment.
ASKER
Perfect solution
https://www.experts-exchange.com/questions/28424487/Group-Policy-Turn-Firewall-Off.html