Wed, Jul 29 2009 19:54
So you wanna turn off the firewall on your workstations?
....T-E-M-P-O-R-A-R-I-L-Y.... right? Just for testing?
And mind you I'm seeing more apps that demand that UAC is on or that the firewall is enabled. Granted Live Mesh is not a normal app but I found it interesting that you can't install Live Mesh unless the firewall is enabled. But say you need for testing purposes (to deal with a sucky app to prove a point) that it won't work with the firewall totally disabled. And you notice in your 2003 or 2008 server that you can't temporarily turn off the firewall by the gui interface or the netsh commands?
The key is that you have to tell the group policy on the server to release control. In SBS 2003 do the following... http://www.sbslinks.com/group.htm Launch the group policy management console on the server. Right mouse click the Windows Firewall on the left slde. Untick the "link enabled" setting. At a command prompt type in gpupdate /force and hit enter. This will leave the policy in place and allow you to go to the workstation and turn off (again temporarily) the firewall.
On a Server 2008 box the setting is similar but this time go to the http://msmvps.com/blogs/bradley/archive/2009/05/29/group-policy-defaults-for-sbs-2008.aspx Windows XP policy or the Windows Vista policy and again, undo the link enable there.
You may need to type in gpupdate /force at the workstation to force the group policy change faster, but that will allow you to manually adjust the firewall on the workstations.
Now, that you've proven to the vendor that the app works, ask them specifically for the ports or application they need opened up. Go back up to the server and add your exclusions up in that firewall settings. That way you can have your apps happy, and keep the firewall on the workstations.
Filed under: Security