+ Post New Thread
Results 1 to 12 of 12
Windows 7 Thread, Windows Firewall in a domain environment? in Technical; Hey Guys, Just wondering, what do people do about Windows Firewall with Windows 7 in a domain environment? With Windows ...
  1. #1

    Join Date
    Aug 2009
    Posts
    246
    Thank Post
    19
    Thanked 15 Times in 14 Posts
    Rep Power
    12

    Windows Firewall in a domain environment?

    Hey Guys,

    Just wondering, what do people do about Windows Firewall with Windows 7 in a domain environment? With Windows 7 I can't help but think it would be better left on... if this is the case, I assume the domain profile will allow all relevent connections for Group Policy, software installs etc automatically?

    Thanks

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    In a domain environment I disable the Windows Firewall, as you should have a hardware firewall at your gateway.

    If you do this however, it is critical to have WSUS setup, so your workstations/notebooks quickly receive updates - such as to protect against the latest RDP vulnerability, which is typically enabled in a domain environment.

  3. #3

    Join Date
    Mar 2007
    Location
    Devon
    Posts
    1,041
    Thank Post
    225
    Thanked 63 Times in 56 Posts
    Rep Power
    29
    We have our windows firewall off in our domain but as Michael says have a WSUS setup to make sure we dont fall behind with any security updates. We have both a Watchguard hardware firewall and Smoothwall firewall between us and the world.

  4. #4

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,698
    Thank Post
    143
    Thanked 542 Times in 486 Posts
    Rep Power
    148
    Ours is off, but I have seen compelling arguments to turn it on. Our hardware firewall is good, but if an infection is brought in, bypassing the firewall (perhaps on a USB stick, unscanned email etc) it could spread like wildfire between workstations and servers. On a new build domain, I'd certainly look to keep it on.

  5. #5


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,619
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Ours is on, but I have a TempFireWallOff GPO that I can attach in "enforced" mode to an OU should I need to disable it temporarily.

  6. #6

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,210 Times in 761 Posts
    Rep Power
    394
    Ours is on. With Windows 7 it's very easy to centrally manage any exceptions you need, so I couldn't see a good reason to turn it off. All it takes is one infected USB stick and your AV solution to miss it, and suddenly you've got the next Conficker all across your network.

  7. #7
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,774
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    I'd set the firewall up for XP but Windows 7 seems to have adopted it just fine. I havent looked at the advanced win 7 setup. It does create a little more work when deploying programs to make sure they have everything they need.

    At the least you can just turn it on and DNS, DHCP, Filesharing, Printing should all work without additional setup. To save having Vlans I have all my workstation firewalls to ignore broadcast traffic unless it comes from my servers.

  8. #8

    Join Date
    May 2008
    Posts
    48
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    13
    We used to keeps ours turned off here, but starting with Windows 7, I opted to go ahead and keep the firewall enabled. We had a bad experience here a number of years ago where a virus had gotten into the network and, since the firewall was disabled, was able to spread to each and every machine in our high school. We had to go and run a virus removal tool manually on each machine to fix the problem. It can be a little more work to make sure you have your exceptions setup correctly, but it is much more worth it than to have to come in on a Sunday because all of your Internet access had been shut down due to too much virus activity. Nope, not fun at all

  9. #9

    Join Date
    Nov 2011
    Posts
    56
    Thank Post
    1
    Thanked 9 Times in 7 Posts
    Rep Power
    22
    Ours is off with a WSUS server up.

  10. #10


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,709
    Thank Post
    220
    Thanked 2,615 Times in 1,926 Posts
    Rep Power
    777
    Ours is on, for the exact same reason as AngryTechnician mentioned.

  11. #11

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Ours is on, no sense in letting the first virus that makes it past the gate to own the entire network.

  12. #12

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    717
    Thank Post
    170
    Thanked 53 Times in 51 Posts
    Rep Power
    34
    Our firewall is on aswell, I've had to put a few exceptions for WMI to enable central activations and SCCM capabilities, and a few for our AV to communicate with the clients but that is all.

    WSUS, haven't got time at the moment to test updates and bad experience from updates causing problems. Eventually I will set up WSUS again but been the only real techie on site?????

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 3
    Last Post: 8th December 2011, 10:52 AM
  2. Replies: 9
    Last Post: 22nd November 2010, 10:47 AM
  3. Windows 7 in a Windows 2003 domain.
    By sch in forum Windows 7
    Replies: 3
    Last Post: 10th November 2009, 12:18 PM
  4. Turn Off Updates for Smart Software in Domain Environment
    By euclid47 in forum Educational Software
    Replies: 8
    Last Post: 6th July 2009, 11:12 PM
  5. Windows XP SP2 firewall policies on Domain
    By Kyle in forum How do you do....it?
    Replies: 16
    Last Post: 25th September 2006, 05:51 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •