Disabling Windows Firewall in GP

[Tim Kowal]

I want to disable the Windows Firewall on my workstations via Group Policy.
However, I want my laptops to have the firewall when they are off the
network. I noticed in GP there is a "Domain Policy" and a "Standard
Policy." I am hoping that Standard policy means that I can configure the
firewall to be turned back on when the computer is off the network. Is this
right?

What if the computer is off the network, but logged on to the domain using
the cached account? Will it use the Domain or Standard policy?

Thanks,
Tim

 

[Richard G. Harper]

You'd probably have to disable profile caching for this to work right -
unfortunately I can't say for sure because I don't disable the firewall
inside the network. Hopefully someone else can confirm or deny this.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

 

[Tim Kowal]

I'd rather not totally disable it either, I suppose, but I've not yet had a
chance to compile a list of all the ports I'd need to except from the
firewall. Is that the method you use? Just a list of port/program
exceptions?

You'd probably have to disable profile caching for this to work right -
unfortunately I can't say for sure because I don't disable the firewall
inside the network. Hopefully someone else can confirm or deny this.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

I want to disable the Windows Firewall on my workstations via Group
Policy. However, I want my laptops to have the firewall when they are off
the network. I noticed in GP there is a "Domain Policy" and a "Standard
Policy." I am hoping that Standard policy means that I can configure the
firewall to be turned back on when the computer is off the network. Is
this right?

What if the computer is off the network, but logged on to the domain
using the cached account? Will it use the Domain or Standard policy?

Thanks,
Tim

 

[Richard G. Harper]

Yes, we compiled a list of known programs and known ports and allow those
apps and ports via GPO.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

I'd rather not totally disable it either, I suppose, but I've not yet had
a chance to compile a list of all the ports I'd need to except from the
firewall. Is that the method you use? Just a list of port/program
exceptions?

You'd probably have to disable profile caching for this to work right -
unfortunately I can't say for sure because I don't disable the firewall
inside the network. Hopefully someone else can confirm or deny this.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

I want to disable the Windows Firewall on my workstations via Group
Policy. However, I want my laptops to have the firewall when they are off
the network. I noticed in GP there is a "Domain Policy" and a "Standard
Policy." I am hoping that Standard policy means that I can configure
the firewall to be turned back on when the computer is off the network.
Is this right?

What if the computer is off the network, but logged on to the domain
using the cached account? Will it use the Domain or Standard policy?

Thanks,
Tim