+ Post New Thread
Results 1 to 12 of 12
Windows 7 Thread, Windows Firewall in a domain environment? in Technical; Hey Guys, Just wondering, what do people do about Windows Firewall with Windows 7 in a domain environment? With Windows ...
  1. #1

    Join Date
    Aug 2009
    Posts
    280
    Thank Post
    20
    Thanked 22 Times in 19 Posts
    Rep Power
    14

    Windows Firewall in a domain environment?

    Hey Guys,

    Just wondering, what do people do about Windows Firewall with Windows 7 in a domain environment? With Windows 7 I can't help but think it would be better left on... if this is the case, I assume the domain profile will allow all relevent connections for Group Policy, software installs etc automatically?

    Thanks

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,266
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    In a domain environment I disable the Windows Firewall, as you should have a hardware firewall at your gateway.

    If you do this however, it is critical to have WSUS setup, so your workstations/notebooks quickly receive updates - such as to protect against the latest RDP vulnerability, which is typically enabled in a domain environment.

  3. #3

    Join Date
    Mar 2007
    Location
    Devon
    Posts
    1,048
    Thank Post
    226
    Thanked 63 Times in 56 Posts
    Rep Power
    30
    We have our windows firewall off in our domain but as Michael says have a WSUS setup to make sure we dont fall behind with any security updates. We have both a Watchguard hardware firewall and Smoothwall firewall between us and the world.

  4. #4

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,926
    Thank Post
    155
    Thanked 605 Times in 544 Posts
    Rep Power
    160
    Ours is off, but I have seen compelling arguments to turn it on. Our hardware firewall is good, but if an infection is brought in, bypassing the firewall (perhaps on a USB stick, unscanned email etc) it could spread like wildfire between workstations and servers. On a new build domain, I'd certainly look to keep it on.

  5. #5


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,681
    Thank Post
    279
    Thanked 783 Times in 610 Posts
    Rep Power
    224
    Ours is on, but I have a TempFireWallOff GPO that I can attach in "enforced" mode to an OU should I need to disable it temporarily.

  6. #6

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395
    Ours is on. With Windows 7 it's very easy to centrally manage any exceptions you need, so I couldn't see a good reason to turn it off. All it takes is one infected USB stick and your AV solution to miss it, and suddenly you've got the next Conficker all across your network.

  7. #7

    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,823
    Thank Post
    217
    Thanked 268 Times in 217 Posts
    Rep Power
    68
    I'd set the firewall up for XP but Windows 7 seems to have adopted it just fine. I havent looked at the advanced win 7 setup. It does create a little more work when deploying programs to make sure they have everything they need.

    At the least you can just turn it on and DNS, DHCP, Filesharing, Printing should all work without additional setup. To save having Vlans I have all my workstation firewalls to ignore broadcast traffic unless it comes from my servers.

  8. #8

    Join Date
    May 2008
    Posts
    48
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    We used to keeps ours turned off here, but starting with Windows 7, I opted to go ahead and keep the firewall enabled. We had a bad experience here a number of years ago where a virus had gotten into the network and, since the firewall was disabled, was able to spread to each and every machine in our high school. We had to go and run a virus removal tool manually on each machine to fix the problem. It can be a little more work to make sure you have your exceptions setup correctly, but it is much more worth it than to have to come in on a Sunday because all of your Internet access had been shut down due to too much virus activity. Nope, not fun at all

  9. #9

    Join Date
    Nov 2011
    Posts
    56
    Thank Post
    1
    Thanked 9 Times in 7 Posts
    Rep Power
    22
    Ours is off with a WSUS server up.

  10. #10


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,405
    Thank Post
    242
    Thanked 2,824 Times in 2,083 Posts
    Rep Power
    814
    Ours is on, for the exact same reason as AngryTechnician mentioned.

  11. #11

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,241
    Thank Post
    882
    Thanked 2,742 Times in 2,316 Posts
    Blog Entries
    11
    Rep Power
    784
    Ours is on, no sense in letting the first virus that makes it past the gate to own the entire network.

  12. #12

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    860
    Thank Post
    191
    Thanked 71 Times in 66 Posts
    Rep Power
    50
    Our firewall is on aswell, I've had to put a few exceptions for WMI to enable central activations and SCCM capabilities, and a few for our AV to communicate with the clients but that is all.

    WSUS, haven't got time at the moment to test updates and bad experience from updates causing problems. Eventually I will set up WSUS again but been the only real techie on site?????

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 3
    Last Post: 8th December 2011, 10:52 AM
  2. Replies: 9
    Last Post: 22nd November 2010, 10:47 AM
  3. Windows 7 in a Windows 2003 domain.
    By sch in forum Windows 7
    Replies: 3
    Last Post: 10th November 2009, 12:18 PM
  4. Turn Off Updates for Smart Software in Domain Environment
    By euclid47 in forum Educational Software
    Replies: 8
    Last Post: 6th July 2009, 11:12 PM
  5. Windows XP SP2 firewall policies on Domain
    By Kyle in forum How do you do....it?
    Replies: 16
    Last Post: 25th September 2006, 05:51 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •