Re: How to allow client to disable firewall on XP/sp2 machine

My first question would be this: instead of disabling the firewall, can you
have someone with local admin rights log onto the laptop, and manually
configure exceptions to accommodate your software application? It'll retain
the manually configured exceptions, while still using everything that's set
in group policy.

Aside from the fact that doing it that way would be more secure than
completely disabling it, it'll be a fair amount of work to allow disabling
only on certain machines. There are a number of ways of doing it, but I
have not been able to think of a very elegant one. You could move the
laptops in question to their own OU, then apply the existing policy to the
other PCs instead of domain wide, creating a second set of policies for the
laptop OU. You could use security filtering to apply the existing policies
only to a security group that does not include the laptops. I'm sure there
are other ways - I'm just not crazy about any of the ones I've been able to
think of.

The specific setting that allows you to turn off the firewall is (not
surprisingly) in the policy called Small Business Server Windows Firewall.
It's under Computer Config -> Administrative Templates -> Network -> Network
Connections -> Windows Firewall. It's under both the Domain and Standard
Profiles, and it's called "Protect all network connections." All of these
settings have additional information if you open the setting, which might be
enough information for you to make decisions about which settings you want
(use Extended View in the GP editor to see it). You can set it in either
the domain or standard profile - standard applies when not connected to the
domain at login.


"Barry B." <BarryB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6AADED42-0632-4E9D-8BCB-DA4ACC98AE54@xxxxxxxxxxxxxxxx
We have a laptop running XP-SP2 that needs to be able to turn off the
Windows
Firewall when using the laptop for some PBX software installation tasks
that
we do on a regular basis. The laptop also has MS Firewall Client for ISA
2004 installed. The server is SBS2003. Are there any articles or other
instructions available to help me change the GP settings that control
this?
Thanks for any suggestions.

Barry Brown
Mountain Telecom


.

Relevant Pages

  • Re: How to allow client to disable firewall on XP/sp2 machine
    ... secondary sessions across a wide range of ports. ... If the laptop is on the LAN with ISA, you be able to configure ... firewall exceptions both on the client but more preferably on the ISA server. ... completely disabling it, it'll be a fair amount of work to allow disabling ...
    (microsoft.public.windows.server.sbs)
  • Re: SERVICES - Manual Settings
    ... In general it is best to not change default service settings. ... do not possess and this leads to frustration and disabling the service. ... Network DDE DSDM -Disabled is correct. ... I presumed it was because I had WXP Firewall turned Off due to having ...
    (microsoft.public.windowsxp.general)
  • Re: Computers stopped sharing
    ... It may help if they all had the same settings but this depends on the cicumstances. ... I checked the settings on my 3rd party firewall and they did not have the ... Windows XP File Sharing - ... The Laptop is wireless. ...
    (microsoft.public.windowsxp.network_web)
  • Re: WXP sp2 GPO
    ... read and apply gp for domain computers in the security settings and the next ... > I've updated our policy with the new windows firewall objects. ... > Not disabling the firewall when a domain is detected. ...
    (microsoft.public.windows.group_policy)
  • Re: Remote Web Workplace Issue
    ... Still getting same error message after disabling ISA client firewall on ... the laptop is not connected to the domain at the moment). ... The trouble laptop can successfully make a connection to the SBS ...
    (microsoft.public.windows.server.sbs)
Quantcast