| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 117654 | 2011-04-27 22:34:00 | Disabling windows firewall on sbs2003 network | FAB (6923) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1197874 | 2011-04-27 22:34:00 | Morning all I have an SBS2003 network here with a decent firewall already in place. I've disabled the windows firewall via GPO. For the majority of PCs, that is working fine. GPO set to disable it for the Domain Profile, but enable it for Standard Profile. For a couple of PCs (out of 50) the windows firewall is on when they start up the PC. They get a windows firewall warning when starting Outlook (for example). If I go to Control Panel/Windows Firewall it's turned on and tells me that the PC is running the firewall since it's on the Standard Profile - not connected to the domain. But it is. If I run RSOP I get the correct settings through. I tried taking the PC off the domain and rejoining it, same issue. Weirdly if I run gpupdate /force then the firewall then turns off! Any help gratefully appreciated. |
FAB (6923) | ||
| 1197875 | 2011-04-27 22:47:00 | Why disable the firewalls in the first place? I have never had to do that at any of my client sites that run SBS 2003 or 2008. Rather use GPO to open any ports as needed. |
CYaBro (73) | ||
| 1197876 | 2011-04-27 23:02:00 | Why disable the firewalls in the first place? I have never had to do that at any of my client sites that run SBS 2003 or 2008. Rather use GPO to open any ports as needed. Because he is using another one. |
mikebartnz (21) | ||
| 1197877 | 2011-04-28 00:04:00 | Because he is using another one. Yes, as everyone should be but that firewall is most likely just for the internet. What about internal attacks say from someone bringing in an infected USB stick? |
CYaBro (73) | ||
| 1197878 | 2011-04-28 00:17:00 | Yes, as everyone should be but that firewall is most likely just for the internet. What about internal attacks say from someone bringing in an infected USB stick? You could be right in that it only covers the internet. We will just have to wait to here from him. |
mikebartnz (21) | ||
| 1197879 | 2011-04-28 01:00:00 | HI guys. Yes have other firewall. Also using Nod32 that has stopped users with infected USB keys previously. In saying that, very few usb keys are used here. I can say that as it's a small place all on the floor and open plan so as I wonder about during the day I can keep an eye on things. I have no interest in using Windows Firewall - hence my post. |
FAB (6923) | ||
| 1197880 | 2011-04-28 01:21:00 | Something is over ruling GP. What are the differences when you do a gpresult on one were it works vs one where it doesn't work before you run a gpupdate...I had a similar issue a while back, it was the ISA Client on the client machines causing it in the end. | Alex B (15479) | ||
| 1197881 | 2011-04-28 05:08:00 | try changing the group policy Always wait for the network at computer startup and logon as the pc's may be starting up and logging on before they have a chance to apply the policy correctly. Suggest you create a new OU and move the affected pc's into it and then apply this policy change at that level so that the other machines dont get affected. You dont want this to apply to any laptop users either as if they leave the building they wont be able to logon |
Barnabas (4562) | ||
| 1197882 | 2011-04-29 00:33:00 | google this for some info. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall I delete 'windowsfirewall' in reg (below) to when the disable option is greyed out. |
1101 (13337) | ||
| 1197883 | 2011-05-05 22:11:00 | Hi guys Thanks for the advice. GPO already set to wait for network before logging on. I think we are looking in the wrong direction though, as the message in Windows Firewall (control panel) is that it is using hte Standard i.e. off Domain settings. That's the reason the firewall is still coming on and the direction I need to look in. However I've taken the PC off the domain and rejoined it, with no difference. Also it's appeared on two other PCs now. One thing I noticed is that when I log into the SBS2003 DC it is saying hte max number of licenses has been exceeded - 45 installed max usage 49. I've searched abuot this and while a few people say it can cause issues (but they don't say what) I am wondering if this is the cause - the DC not letting the user/pc join the domain, even though in actual fact they do? |
FAB (6923) | ||
| 1 2 | |||||