v-terliu
Sun Mar 30 21:37:36 PDT 2008
Hello Customer,
Thank you for posting here. Let's also thank Lanwench and Russ for the
input.
According to your description, I understand that you want to disable some
client computers windows firewall. If I have misunderstood the problem,
please don't hesitate to let me know.
Based on my research, we have 2 methods to disable SBS client computers
windows firewall:
I. Manually disable windows firewall on each client computer:
Please run command "services.msc" to open the services console on client
and right click "Windows Firewall/Internet Connection Sharing (ICS)"
service, select stop.
If the client computers only want to disable windows firewall temporary,
this method is suit for you. You can start the service when you want to
enable the windows firewall.
II. Disable client windows firewall thru group policy:
Generally, you could try to edit the GPO ''Small Business Server Windows
Firewall'' on SBS to configure the firewall on client. However, before the
operation, you need to confirm the following things first.
After you install the Windows XP SP2 in your SBS 2k3 network, you may need
to install the Update for SBS 2k3 server first, please refer to the
following article.
872769 You cannot configure Windows Firewall settings or Security Center
settings on a Windows XP Service Pack 2-based client computer that is in a
Windows Small Business Server 2003-based network
http://support.microsoft.com/?id=872769
If you want to modify the Group Policy setting that is configured when you
installed the Windows Small Business Server 2003 Update for Windows XP SP2,
install the hotfix that is described in the following Microsoft Knowledge
Base article:
842933 "The following entry in the [strings] section is too long and has
been truncated" error message when you try to modify or to view GPOs in
Windows Server 2003, Windows XP Professional, or Windows 2000
http://support.microsoft.com/default.aspx?kbid=842933
After installing the above 2 hotfixes, you can add exceptions ports or
disable windows firewall for clients firewall via GPO:
Please use the following steps to add exceptions ports for clients:
1. Start -> Administrative Tools -> Group Policy Management
2. Expand Domains -> Your Domain
3. Right click the Small Business Server Windows Firewall and click Edit
4. Computer configuration>Administrative templates>Network>Network
connections> Windows Firewall> Domain Profile;
5. Double click "Windows Firewall: Define port exceptions", select Enabled
6. Click Show button, then add the except ports in the box. Click OK twice
time.
7. Run Gpupdate /force on your XP2 client
8. Logon and logoff your client and test your issue again.
Please use the following steps to disable client XP sp2 ICF:
1. Start -> Administrative Tools -> Group Policy Management
2. Expand Domains -> Your Domain
3. Right click the Small Business Server Windows Firewall and click Edit
4. Computer configuration>Administrative templates>Network>Network
connections> Windows Firewall> Domain Profile;
5. In "Windows Firewall: Protect all network connections" should be set to
''Disable''
6. Run Gpupdate /force on your XP2 client
7. Logon and logoff your client and test your issue again.
Additional info:
HOW TO: Delegate Authority for Editing a Group Policy Object (GPO)
http://support.microsoft.com/?id=221577
Administering Group Policy with the GPMC
http://www.microsoft.com/windowsserver2003/gpmc/gpmcwp.mspx
Frequently Asked Questions About the Group Policy Management Console
http://www.microsoft.com/windowsserver2003/gpmc/gpmcfaq.mspx
Enterprise Management with the Group Policy Management Console
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
I hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check
http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Two Firewall Policies
| thread-index: AciQwXi0eqFwRBhWSD+8zS/wxSdj+A==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?bmM=?= <nc@discussions.microsoft.com>
| Subject: Two Firewall Policies
| Date: Fri, 28 Mar 2008 03:50:00 -0700
| Lines: 11
| Message-ID: <AF38A60A-2DA2-4D6C-8D1C-91CE933E8818@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:100318
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I need to know if SBS2003 (sp2) can have two firewall policies.
| This is why.
| We have a software developer and i want to create another firewall policy
so
| he can turn off the firewall when he has to work with special machines.
| I know that we can try to configure the exceptions, but alot of vendor
are
| asking us to disable the firewall when connecting to their machines.
| If we can, is there documentation on how to apply it just to a user or
group.
|
| Thanks for your help in this matter.
|
| CP
|