Disable the Windows Firewall on an SBS domain when it is locked with group policy.

I needed to turn a firewall off as someone was installing an application that used web services and they were having issues. I thought NP and hoped onto the server on a domain admin account and disabled the firewalls the way I would on any other machine using command line:

netsh advfirewall set allprofiles state off
netsh advfirewall set allprofiles state on

You need to run the command line / powershell as administrator for this to work.

I checked the firewall and found the firewall was off for everything but the domain networks and it was greyed out so I couldn’t turn it off. Interesting. So I figured I’d need to change some policy somewhere.

To fix this you need to change your policy settings by going to the group policy manager by finding the “Windows SBS Client Policy” (I did this on the domain controller server / SBS server)

Right click and select edit. Once open find:
Computer Configuration -> Policies -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile -> Protect All Network connections
By default this is set to enabled. Setting to disabled will turn it off, setting to not configured allows administrators to enable or disable the firewall on the PC

Last thing, it can take up to an hour and a half for policy changes to be applied to workstations\additional servers. You might want to force this to happen right away.
Use the following command line, on the workstation\server you want to disable the firewall on:
gpupdate /force

And like magic the firewall will be off. Just be careful though as you will turn the firewall off on every machine connected to the domain if you aren’t careful.

Leave a Reply

Your email address will not be published. Required fields are marked *