Link to home
Start Free TrialLog in
Avatar of abcd ab01
abcd ab01Flag for United States of America

asked on

how to disable and enable client's firewall through GPO

how to disable and enable client's firewall through GPO. Windows 2012 R server. Goal is to disable the clients firewall, push the agent out. Then disable the firewall. Please advise me. Thanks.
Avatar of Niten Kumar
Niten Kumar
Flag of Fiji image

Create a GPO and apply to all computers, or you could modify say the default policy. I would recommend creating a new policy for security and set it there.

Then set under

Computer Config > Policies > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  > Windows Firewall: Protect all network connections = Disabled

After then go to client machine;


Start > Run > CMD > Gpupdate /force

Check the Firewall in Control Panel should be disabled
Avatar of abcd ab01

ASKER

Can you please walk me over to following steps too see below-

create a GPO and apply to all computers, or you could modify say the default policy. I would recommend creating a new policy for security and set it there.
How many client computers do you have and do you want to apply this to all the computers.  How is your OU structured?

If you want to apply to one OU then it is best to create a separate GPO altogether for this.  Make sure all the correct computers accounts are in the OU.  Best would be test with one computer account.  Create the GPO with above configuration and apply it to the OU.  Apply the next GPO which will push the agent you want to deploy.
First I would like to create a separate test GPO and assigned to a separate test ou where only pilot machines will reside.

We are pushing gpo to disable the firewall. Do I need to set inbound or outbound firewall too?
200 clients later, but 3-4 for test only
So have you placed this 3-4 computers in a separate OU and created a new GPO with the above settings.
not yet but planning
If you can do that then we can proceed with the next steps
thanks Niten, I will let you know when I'm done with 1st and 2nd steps.
Just a quick opinion. I would not disable firewall on clients. It is there to protect them. Best to push a firewall policy out which includes safe applications & ports allowed.
Yes it is more work, but it is best practice. Unless you are planning on using Symantec Firewall instead.
But if this is the case Symantec will sort the firewall status, so the policy is redundant.
firewall will be disabled for a while. After disabling, we will push heat agent and then will enable the firewall. But symantec will take care of Firewall, we are planning to implement Symantec endpoint security soon.
I created this> Crreate a GPO and apply to all computers, or you could modify say the default policy. I would recommend creating a new policy for security and set it there.

Then set under

Computer Config > Policies > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  > Windows Firewall: Protect all network connections = Disabled"

Hoh to add test pilot ou TO THIS GPO
HI Niten, can you please answer above question? Thanks.
ASKER CERTIFIED SOLUTION
Avatar of Niten Kumar
Niten Kumar
Flag of Fiji image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
thanks!!
Hi Niten,

Is there any gpo can be created to add gpupdate /force to all corporate machine and reboot by itself? So that the new policy for disabling firewall can be implemented though the gpo? We don't want to go to each computer and run gpupdate and reboo. Please suggest me. Thnaks.