How to: Disable Windows Firewall on client computer in SBS 2008 onwards domains

When having an SBS or Windows Server environment, where on SBS it’s by default to enable Domain Firewall settings, you might need to disable them. So, to do this you would need to look at 3 GPO’s from the Group Policy Management.

These can be found under the Forest/Domains/Your Domain/Group Policy Objects.

The policies you should check are:
Windows SBS Client – Windows 7 and Vista Policy
Windows SBS Client – Windows XP Policy
Windows SBS Client Policy

These are the items to edit:

Computer Configuration | Policies | Administrative Templates | Network | Network Connections | Windows Firewall | Domain Profile | Protect All Network connections

This is enabled by default to restrict users from changing firewall rules and settings. If you want to disable this for users who are not in the domain use:

Computer Configuration | Policies | Administrative Templates | Network | Network Connections | Windows Firewall | Standard Profile | Protect All Network connections

Computer Configuration | Policies | Administrative Templates | Network | Network Connections | Prohibit use of Internet Connection Firewall on your DNS domain network

There are some other options the policies mentioned above, it’s to your descretion to what you want to disable or enable.

Note to run the command GPUPDATE /FORCE on the server and then on the PC’s to make the changes immediate. Ideal for testing, or else wait for 90 minutes for the changes to make effect.

Leave a Reply

Your email address will not be published. Required fields are marked *