Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Turn "OFF" Domain Network Firewall in All the Desktops in AD Domain

Posted on 2015-02-03
9
Medium Priority
?
197 Views
Last Modified: 2015-02-08
Hello Expert,
I am doing a Windows Domain Scan using a third party software to generate Asset Inventory in our company, to get the scan results properly we need to Disable the "Domain Network" Firewall in All the Desktops which is joined to the AD domain. Please help me to create a GPO which can disable the "Domain Network" Firewall in All the Desktops which is joined to our AD domain.
We are using windows 2008 Domain Controllers and All the Desktops in our company is placed under the OU called "StaffComputers" .

Thank you for the excellent support we are getting from all the "Experts" from Expert-Exchange

Regards...
0
Comment
Question by:smpvm
9 Comments
 
LVL 17

Accepted Solution

by:
Chris Millard earned 2000 total points
ID: 40585776
Before creating the GPO to disable the firewall, can I please advise that you do NOT do this - you open yourself up for all sorts of trouble. Instead, find out from the software manufacturer what ports need to be open in order for this software to work.

There is a good article at http://www.petenetlive.com/KB/Article/0000979.htm which takes you step by step through adding firewall exceptions
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 40585789
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40585947
Create GPO with startup script (.bat file) with below code
netsh advfirewall set domainprofile state off
Apply this script under computer configuration\windows settings\scripts\startup script


Apply this GPO to OU containing computers, during computer start GPO will be applied
After creation and application of GPO run gpupdate /force on DC once
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 3

Expert Comment

by:donciakas
ID: 40587067
Easy steps to do that:
http://www.systemcentercentral.com/how-to-disable-windows-firewall-via-group-policy/

after that assign GPO to OU you want
0
 
LVL 26

Expert Comment

by:Lionel MM
ID: 40588539
The easiest and fastest way to do this is to use a script that looks at a list of all the windows computers you want to do this on. This way you can tun them off, run your software to get the asset report and then run another script and turn them on again.
assuming you have a list called pc-list.txt with systems like this
pc1
pc1
pc3
Then run a batch file name, for example, firewalloff.bat; add this to the batch file
for /F "tokens=1 delims=," %%i in (C:\Utils\PC-List.csv) do netsh -r %%1 advfirewall set domainprofile state off
this may require a username and password added to this command but try that. Then create another batch file called firewallon.bat and add this line to it
for /F "tokens=1 delims=," %%i in (C:\Utils\PC-List.csv) do netsh -r %%1 advfirewall set domainprofile state on
This way you can minimize the amount of time the firewalls are off.
0
 

Author Comment

by:smpvm
ID: 40597743
Thank you for giving me a perfect solution
0
 

Author Comment

by:smpvm
ID: 40597799
I've requested that this question be closed as follows:

Accepted answer: 0 points for smpvm's comment #a40597743
Assisted answer: 500 points for Chris Millard's comment #a40585776

for the following reason:

Good Solution.
0
 
LVL 17

Expert Comment

by:Chris Millard
ID: 40597793
Original poster has said that he has been given the solution, however is trying to close the question by accepting his own comment.
0
 

Author Closing Comment

by:smpvm
ID: 40597800
Perfect solution
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question