Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

how to disable and enable client's firewall through GPO

Posted on 2016-10-11
16
Medium Priority
?
89 Views
Last Modified: 2016-10-20
how to disable and enable client's firewall through GPO. Windows 2012 R server. Goal is to disable the clients firewall, push the agent out. Then disable the firewall. Please advise me. Thanks.
0
Comment
Question by:abcd ab01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
16 Comments
 
LVL 7

Expert Comment

by:Niten Kumar
ID: 41839361
Create a GPO and apply to all computers, or you could modify say the default policy. I would recommend creating a new policy for security and set it there.

Then set under

Computer Config > Policies > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  > Windows Firewall: Protect all network connections = Disabled

After then go to client machine;


Start > Run > CMD > Gpupdate /force

Check the Firewall in Control Panel should be disabled
0
 

Author Comment

by:abcd ab01
ID: 41840723
Can you please walk me over to following steps too see below-

create a GPO and apply to all computers, or you could modify say the default policy. I would recommend creating a new policy for security and set it there.
0
 
LVL 7

Expert Comment

by:Niten Kumar
ID: 41841039
How many client computers do you have and do you want to apply this to all the computers.  How is your OU structured?

If you want to apply to one OU then it is best to create a separate GPO altogether for this.  Make sure all the correct computers accounts are in the OU.  Best would be test with one computer account.  Create the GPO with above configuration and apply it to the OU.  Apply the next GPO which will push the agent you want to deploy.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:abcd ab01
ID: 41841081
First I would like to create a separate test GPO and assigned to a separate test ou where only pilot machines will reside.

We are pushing gpo to disable the firewall. Do I need to set inbound or outbound firewall too?
0
 

Author Comment

by:abcd ab01
ID: 41841082
200 clients later, but 3-4 for test only
0
 
LVL 7

Expert Comment

by:Niten Kumar
ID: 41841086
So have you placed this 3-4 computers in a separate OU and created a new GPO with the above settings.
0
 

Author Comment

by:abcd ab01
ID: 41841103
not yet but planning
0
 
LVL 7

Expert Comment

by:Niten Kumar
ID: 41841109
If you can do that then we can proceed with the next steps
0
 

Author Comment

by:abcd ab01
ID: 41841111
thanks Niten, I will let you know when I'm done with 1st and 2nd steps.
0
 
LVL 11

Expert Comment

by:Maclean
ID: 41841159
Just a quick opinion. I would not disable firewall on clients. It is there to protect them. Best to push a firewall policy out which includes safe applications & ports allowed.
Yes it is more work, but it is best practice. Unless you are planning on using Symantec Firewall instead.
But if this is the case Symantec will sort the firewall status, so the policy is redundant.
0
 

Author Comment

by:abcd ab01
ID: 41841352
firewall will be disabled for a while. After disabling, we will push heat agent and then will enable the firewall. But symantec will take care of Firewall, we are planning to implement Symantec endpoint security soon.
0
 

Author Comment

by:abcd ab01
ID: 41850783
I created this> Crreate a GPO and apply to all computers, or you could modify say the default policy. I would recommend creating a new policy for security and set it there.

Then set under

Computer Config > Policies > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  > Windows Firewall: Protect all network connections = Disabled"

Hoh to add test pilot ou TO THIS GPO
0
 

Author Comment

by:abcd ab01
ID: 41850931
HI Niten, can you please answer above question? Thanks.
0
 
LVL 7

Accepted Solution

by:
Niten Kumar earned 2000 total points
ID: 41850997
Go to Group Policy management console and look for Group Policy Objects under your domain.  Right-click on it and click on New.  Give a suitable name such as block-firewall and click on OK.  You will see that the new Group Policy Object has been created.  Now right-click on it and click on Edit.  Apply the above settings.  Now go to the test pilot OU and right-click on it and Click on Link an Existing GPO and link the Group Policy that you just created.  Now close GPMC and wait for settings to apply and testout on the client.
0
 

Author Closing Comment

by:abcd ab01
ID: 41851084
thanks!!
0
 

Author Comment

by:abcd ab01
ID: 41852667
Hi Niten,

Is there any gpo can be created to add gpupdate /force to all corporate machine and reboot by itself? So that the new policy for disabling firewall can be implemented though the gpo? We don't want to go to each computer and run gpupdate and reboo. Please suggest me. Thnaks.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question