Just wondering how everyone else does this. We have the Default Domain policy set so that Windows Firewall is turned of on our domain. I have been reading in depth on this today and reading about all the various firewall options.
How have you got your set up?
DO you have it enabled and the configure the policy settings?
Is your disabled like ours?
Your thoughts and suggestions please. :dontknow:
I keep it turned off personally. Makes life easier all round.
I keep it turned off also. Make life much more easy in the long run.
You need the new ADM templates (either W2K3 SP1 or XP SP2) to control the firewall settings.
I disable it.
We have it disabled, too. Workstations aren't directly connected to the internet and the chances of them suffering an attack internally that the firewall could handle anyway is fairly non-existant.
We had it turned off too
Turned off. It saves me having to allow various differnt ports for certain software i.e NetSupport Manager on each machine. besides, your domain firewall is supposed to protecting your LAN. The Windows one is fine for home and on the road use, but not in your school. A good AV setup and domain firewall should be all you need.
I have it disabled on workstations but laptops have it enabled when not connected to the network (there is a setting to do this).
I'd like to vote for on just to buck the trend. I had it turned off for the last couple fo years but decided to switch it on as I have some pupils who connect to the network with their laptops.
Easy enough to get working.
Sophos Remote Management, VNC and Browsecontrol are the only ones I have needed to open up but mines a nice quiet network.
Same as Simcfc73, changed it this year, use a netsh command during sysprep to set exceptions having modified the netfw.inf
On. If a nasty worm/virus does get onto your network (yes, I know AV should pick it up but you never know...), then your PCs are still protected. It's really easy to configure it, so why not!
Yes, but then it is in your network. And with XPs firewall only being one way (inbound) then it would be free to escape an infected PC anyway! Besides, remember Blaster? The XP firewall was like a chocolate fireguard in that instance.Originally Posted by ajbritton
Remeber Blaster? I still have nightmares of turning up to work that morning :LOL:
It took me the better part of two weeks to get that bastard and Nachi cleared from our network. Fun :\
As I eluded to in another thread. I have a system for combating worms at the firewall.
http://www.edugeek.net/index.php?nam...ewtopic&t=4314
Even so, as Dos_Box says, the Windows firewall will not help you in a Blaster/Nachi situation. This is because there are default exceptions for the RPC and Windows networking ports (137-139 and 445). You can't block these ports on the client in a domain enviroment because AD ceases to function.
The only way you can stop them is by blocking them before they enter your network and by keeping your machines patched and up to date (although Microsofts release policy leaves a lot to be desired).
The only other obvious infection path way I can think of that I haven't got a solution for is laptops coming off and on the network.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks