Windows 7 Thread, Windows Firewall in a domain environment? in Technical; Hey Guys,
Just wondering, what do people do about Windows Firewall with Windows 7 in a domain environment? With Windows ...
19th March 2012, 12:11 PM #1
- Rep Power
Windows Firewall in a domain environment?
Just wondering, what do people do about Windows Firewall with Windows 7 in a domain environment? With Windows 7 I can't help but think it would be better left on... if this is the case, I assume the domain profile will allow all relevent connections for Group Policy, software installs etc automatically?
19th March 2012, 12:37 PM #2
In a domain environment I disable the Windows Firewall, as you should have a hardware firewall at your gateway.
If you do this however, it is critical to have WSUS setup, so your workstations/notebooks quickly receive updates - such as to protect against the latest RDP vulnerability, which is typically enabled in a domain environment.
19th March 2012, 12:54 PM #3
We have our windows firewall off in our domain but as Michael says have a WSUS setup to make sure we dont fall behind with any security updates. We have both a Watchguard hardware firewall and Smoothwall firewall between us and the world.
19th March 2012, 12:59 PM #4
Ours is off, but I have seen compelling arguments to turn it on. Our hardware firewall is good, but if an infection is brought in, bypassing the firewall (perhaps on a USB stick, unscanned email etc) it could spread like wildfire between workstations and servers. On a new build domain, I'd certainly look to keep it on.
19th March 2012, 02:42 PM #5
Ours is on, but I have a TempFireWallOff GPO that I can attach in "enforced" mode to an OU should I need to disable it temporarily.
19th March 2012, 02:47 PM #6
Ours is on. With Windows 7 it's very easy to centrally manage any exceptions you need, so I couldn't see a good reason to turn it off. All it takes is one infected USB stick and your AV solution to miss it, and suddenly you've got the next Conficker all across your network.
19th March 2012, 02:53 PM #7
I'd set the firewall up for XP but Windows 7 seems to have adopted it just fine. I havent looked at the advanced win 7 setup. It does create a little more work when deploying programs to make sure they have everything they need.
At the least you can just turn it on and DNS, DHCP, Filesharing, Printing should all work without additional setup. To save having Vlans I have all my workstation firewalls to ignore broadcast traffic unless it comes from my servers.
20th March 2012, 05:46 PM #8
- Rep Power
We used to keeps ours turned off here, but starting with Windows 7, I opted to go ahead and keep the firewall enabled. We had a bad experience here a number of years ago where a virus had gotten into the network and, since the firewall was disabled, was able to spread to each and every machine in our high school. We had to go and run a virus removal tool manually on each machine to fix the problem. It can be a little more work to make sure you have your exceptions setup correctly, but it is much more worth it than to have to come in on a Sunday because all of your Internet access had been shut down due to too much virus activity. Nope, not fun at all
20th March 2012, 06:45 PM #9
Ours is off with a WSUS server up.
20th March 2012, 07:13 PM #10
Ours is on, for the exact same reason as AngryTechnician mentioned.
21st March 2012, 08:56 AM #11
Ours is on, no sense in letting the first virus that makes it past the gate to own the entire network.
21st March 2012, 09:11 AM #12
Our firewall is on aswell, I've had to put a few exceptions for WMI to enable central activations and SCCM capabilities, and a few for our AV to communicate with the clients but that is all.
WSUS, haven't got time at the moment to test updates and bad experience from updates causing problems. Eventually I will set up WSUS again but been the only real techie on site?????
By sultan966 in forum Windows 7
Last Post: 8th December 2011, 11:52 AM
By CHiLL in forum Windows 7
Last Post: 22nd November 2010, 11:47 AM
By sch in forum Windows 7
Last Post: 10th November 2009, 01:18 PM
By euclid47 in forum Educational Software
Last Post: 7th July 2009, 12:12 AM
By Kyle in forum How do you do....it?
Last Post: 25th September 2006, 06:51 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)