Disable the Windows Firewall on an SBS domain when it is locked with group policy.

I needed to turn a firewall off as someone was installing an application that used web services and they were having issues. I thought NP and hoped onto the server on a domain admin account and disabled the firewalls the way I would on any other machine using command line:

netsh advfirewall set allprofiles state off
netsh advfirewall set allprofiles state on

You need to run the command line / powershell as administrator for this to work.

I checked the firewall and found the firewall was off for everything but the domain networks and it was greyed out so I couldn’t turn it off. Interesting. So I figured I’d need to change some policy somewhere.

To fix this you need to change your policy settings by going to the group policy manager by finding the “Windows SBS Client Policy” (I did this on the domain controller server / SBS server)

Right click and select edit. Once open find:
Computer Configuration -> Policies -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile -> Protect All Network connections
By default this is set to enabled. Setting to disabled will turn it off, setting to not configured allows administrators to enable or disable the firewall on the PC



Last thing, it can take up to an hour and a half for policy changes to be applied to workstations\additional servers. You might want to force this to happen right away.
Use the following command line, on the workstation\server you want to disable the firewall on:
gpupdate /force

And like magic the firewall will be off. Just be careful though as you will turn the firewall off on every machine connected to the domain if you aren’t careful.

Pop3 mail connector email size limit on SBS 2008 and Exchange 2007

I have been doing some networky type guf lately and on moving all our mail onto a local exchange server I discovered a wonderful little feature where you can connect to pop accounts to grab email and feed it into Exchange accounts. This is great because a few of the users in the office have historical email accounts and this makes checking them pretty much transparent to them.

The only issue is that after a few days I found I was getting errors relating to email size. See the following:

Event 210, which is just a oversized email error pretty much.

It didn’t take too long to find out how to fix this. It is simply related to the email size defaults on SBS2008. The default email size for SBS2008 is 10MB. Use the following command in the exchange shell you can see what your max sizes are:

get-receiveconnector | select identity,maxmessagesize

The screenshot below shows my current results:

The next step is to increase these limits, I have obviously already done so here. The following command will do just that:

set-receiveconnector "<identy>" -maxmessagesize 20MB
Obviously you can make them whatever size you want. I increased them all, but for the pop account issue you onlye really need to increase the “Windows SBS Fax Sharepoint Receive <server name>” one.