Re: SBS2003 Firewall Group Policy

• From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
• Date: Thu, 09 Jun 2005 00:16:19 -0700

Thanks for the reply; I'll test it ASAP.

In regard to the following:

In an SBS network, the Windows firewall is not protecting you from outside threats so much as it is protecting your users from each other. Someone with a diskette or a careless download can trash your network from within regardless of your external firewalls.

Just as I do not need the government to protect me from myself, I do not need Microsoft to protect users from themselves. Most of my clients are small business who have industry specific software; Oriental Rug Cleaning, Court Reporting, Case Mangement, Real Estate, etc.; Microsoft SP2 does not understand that network traffic from these programs is legitimate. I should not have to create rules to allow legitimate network traffic. I understand that in the enterprise where you have a standard application set, extensive GPOs, RIS, etc, the advantages of the firewall are apparent. I wish Microsoft would understand the former concept and give us the choice of implementing the firewall (and other features) or not, rather that dictating it.

"Dave Nickason [SBS MVP]" wrote:

Answer: on the SBS, open Group Policy Management. You'll see a policy called Small Business Server Windows Firewall. You can edit the policy by finding it under computer configuration, administrative templates, networking. You'd change the "protect all network connections" policy to disabled to prevent the firewall from running anywhere in the network.

Editorial comment: IMO it would be a much better idea to figure out how to make the firewall work with the Ricoh. SP2 is widely distributed by now, and I'd guess Ricoh support has simple instructions for solving your problem.

"Chris" <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:B09F5D39-41EA-4E03-9881-F49125B7E8A9@xxxxxxxxxxxxxxxx

I have a small client who ought to be on a peer to peer network; however,
they purchased a software package that required a server; the one they bought
came with SBS2003. All service packs, patches, etc. are up to date.

Each workstation is XP Pro with SP2. They have a giant Ricoh copier,
printer scanner that does not work with windows firewall. I do not consider
this a problem, I have installed two (2) firewalls by different manufacturers
for firewall protection. I want to disable the windows firewall; however,
when I go to do so, There is an error message about Group Policy having
disabled the abilty to turn off the firewall.

I read article 872769, but it doesn't really tell me what I want to know: I
want to disable or destroy all windows firewalls on the network. I have
adequate hardware protection and their network scanner will not work with it.
Therefore I want it gone.

Can someone help me here?

Thanks,
Chris Chamberlin

--
An open letter to the Security Community::
http://msmvps.com/bradley/archive/2004/12/12/23540.aspx
.

• References:
  • SBS2003 Firewall Group Policy
    • From: Chris
  • Re: SBS2003 Firewall Group Policy
    • From: Dave Nickason [SBS MVP]
  • Re: SBS2003 Firewall Group Policy
    • From: Chris

• Prev by Date: Re: DNS Problem
• Next by Date: SMTP connector with validation
• Previous by thread: Re: SBS2003 Firewall Group Policy
• Next by thread: Security Accounts Manager initialization failed
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint