Export (0) Print
Expand All

Step 3: Adding the GPO Setting to Enable the Firewall on Member Client Computers

Published: November 2, 2007

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

In this step, you configure your client GPO to include a setting that enables Windows Firewall on all your client computers that are running Windows 7 or Windows Vista to which the GPO applies.

  1. On MBRSVR1, in Group Policy Management, click Group Policy Objects, right-click Firewall Settings for Windows Clients, and then click Edit.

  2. In Group Policy Management Editor, right-click the top node Firewall Settings for Windows Clients [DC1.contoso.com] Policy, and then click Properties.

  3. Select the Disable User Configuration settings check box.

    noteNote
    We recommend that you remove the user or computer sections in any GPO in which they are not used. This improves performance on the client computer when it is applying a GPO.

  4. In the Confirm Disable dialog box, click Yes, and then click OK.

  5. Under Computer Configuration, expand Policies, expand Windows Settings, expand Security Settings, and then expand Windows Firewall with Advanced Security.

  6. Click the node Windows Firewall with Advanced Security - LDAP://cn={GUID},cn=policies,cn=system,DC=contoso,DC=com, where GUID is a unique number assigned to your domain.

  7. In the results pane, under Overview, notice that for each network location profile Windows Firewall state is not configured, and then click Windows Firewall Properties.

  8. On the Domain Profile tab, click the drop-down list next to Firewall state, and then click On (recommended).

    noteNote
    This might appear to be an unnecessary step, because the firewall is turned on by default on the client computers. However, if you leave this setting as Not configured, a local administrator can disable the firewall. Setting it in the GPO as shown in this step turns it on and prevents the local administrators from disabling it.

  9. Click OK to save your changes. Note in the results pane that Domain Profile now shows Windows Firewall is on.

    Shows Windows Firewall enabled in a GPO
  10. Close Group Policy Management Editor.


Next topic:  Step 4: Deploying the Initial GPO with Test Firewall Settings

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft