From: goodie000 on
Hi,

Can you please tell me the best way to turn off windows firewall for all the
clients as it is causing no end of problems and duplication of work for us.

We currently have a firewall installed at the gateway and also Sophos Client
firewall installed on the clients as this enables us to see what items are
blocked on a particular users system in a central location. From there we can
then decided to unblock or add a custom rule etc which is far better than
just adding programs and ports through the GPO with windows firewall because
it opens just the necessary ports that each users need.

I want to turn off windows firewall so i dont have to manage 2 firewalls can
anybody help?
--
kind regards,

goodie000
From: Anna Clark on
Hi goodie000

Any help here?

http://www.microsoft.com/malaysia/smallbusiness/issues/sgc/articles/fwgrppol.mspx

--
Regards:

Anna Clark
-----
Please do post the conclusion or solution
to your issue so that others may benefit.


"goodie000" <goodie000(a)discussions.microsoft.com> wrote in message
news:E9A4989F-2364-42A0-AB2B-F53E37010D31(a)microsoft.com...
> Hi,
>
> Can you please tell me the best way to turn off windows firewall for all
the
> clients as it is causing no end of problems and duplication of work for
us.
>
> We currently have a firewall installed at the gateway and also Sophos
Client
> firewall installed on the clients as this enables us to see what items are
> blocked on a particular users system in a central location. From there we
can
> then decided to unblock or add a custom rule etc which is far better than
> just adding programs and ports through the GPO with windows firewall
because
> it opens just the necessary ports that each users need.
>
> I want to turn off windows firewall so i dont have to manage 2 firewalls
can
> anybody help?
> --
> kind regards,
>
> goodie000


From: Terence Liu [MSFT] on
Hello Cooper,

Thanks for posting here. And thanks for Anna's inputs.

From your problem description, I understand your issue to be: you want to
disable all XP client firewall via GPO. If I am off base, please do not
hesitate to let me know.

Generally, you could try to edit the GPO '' Small Business Server Windows
Firewall'' on SBS to configure the firewall on client. However, before the
operation, you need to confirm the following things first.

After you install the Windows XP SP2 in your SBS 2k3 network, you may need
to install the Update for SBS 2k3 server first, please refer to the
following article.

872769 You cannot configure Windows Firewall settings or Security Center
http://support.microsoft.com/?id=872769

If you want to modify the Group Policy setting that is configured when you
installed the Windows Small Business Server 2003 Update for Windows XP SP2,
install the hotfix that is described in the following Microsoft Knowledge
Base article:

842933 "The following entry in the [strings] section is too long and has
been truncated" error message when you edit or view Group Policy in Windows
Server 2003, in Windows XP, or in Windows 2000
http://support.microsoft.com/default.aspx?kbid=842933

Install both the Windows Small Business Server 2003 Update for Windows XP
SP2 (872769) and the hotfix that is described in the article 842933 only if
you want to modify the Group Policy setting that is configured when you
installed the Windows Small Business Server 2003 Update for Windows XP SP2.
If you do not install the hotfix that is described in article 842933 after
you install the Windows Small Business Server 2003 Update for Windows XP
SP2, you receive the following error message when you try to manage Group
Policy settings:

The following entry in the [strings] section is too long and has been
truncated.

After installing the above 2 hotfixes, please use the following steps to
disable client XP sp2 ICF:

1. Start -> Administrative Tools -> Group Policy Management
2. Expand Domains -> Your Domain
3. Right click the Small Business Server Windows Firewall and click Edit
4. Computer configuration>Administrative templates>Network>Network
connections> Windows Firewall> Domain Profile;
5. In "Windows Firewall: Protect all network connections" should be set to
''Disable''
6. Run Gpupdate /force on your XP2 client
7. Logon and logoff your client and test your issue again.

The following image may help you to configure it.

How to Configure Windows Firewall in a Small Business Environment using
Group Policy
http://www.microsoft.com/malaysia/smallbusiness/issues/sgc/articles/fwgrppol
.mspx

Additional info:
HOW TO: Delegate Authority for Editing a Group Policy Object (GPO)
http://support.microsoft.com/?id=221577

Administering Group Policy with the GPMC
http://www.microsoft.com/windowsserver2003/gpmc/gpmcwp.mspx

Frequently Asked Questions About the Group Policy Management Console
http://www.microsoft.com/windowsserver2003/gpmc/gpmcfaq.mspx

Enterprise Management with the Group Policy Management Console
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: How to turn off windows firewall in the GPO
| thread-index: AcdkwHVLZufz2VxJQwWYuPmPRbQSEw==
| X-WBNR-Posting-Host: 82.70.252.27
| From: =?Utf-8?B?Z29vZGllMDAw?= <goodie000(a)discussions.microsoft.com>
| Subject: How to turn off windows firewall in the GPO
| Date: Mon, 12 Mar 2007 09:06:56 -0700
| Lines: 18
| Message-ID: <E9A4989F-2364-42A0-AB2B-F53E37010D31(a)microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:22348
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi,
|
| Can you please tell me the best way to turn off windows firewall for all
the
| clients as it is causing no end of problems and duplication of work for
us.
|
| We currently have a firewall installed at the gateway and also Sophos
Client
| firewall installed on the clients as this enables us to see what items
are
| blocked on a particular users system in a central location. From there we
can
| then decided to unblock or add a custom rule etc which is far better than
| just adding programs and ports through the GPO with windows firewall
because
| it opens just the necessary ports that each users need.
|
| I want to turn off windows firewall so i dont have to manage 2 firewalls
can
| anybody help?
| --
| kind regards,
|
| goodie000
|