Step 3: Adding the GPO Setting to Enable the Firewall on Member Client Computers

  • Article

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

In this step, you configure your client GPO to include a setting that enables Windows Firewall on all your client computers that are running Windows 7 or Windows Vista to which the GPO applies.

To add the GPO setting to enable the firewall on member client computers

  1. On MBRSVR1, in Group Policy Management, click Group Policy Objects, right-click Firewall Settings for Windows Clients, and then click Edit.

  2. In Group Policy Management Editor, right-click the top node Firewall Settings for Windows Clients [DC1.contoso.com] Policy, and then click Properties.

  3. Select the Disable User Configuration settings check box.

Note

We recommend that you remove the user or computer sections in any GPO in which they are not used. This improves performance on the client computer when it is applying a GPO.

  1. In the Confirm Disable dialog box, click Yes, and then click OK.

  2. Under Computer Configuration, expand Policies, expand Windows Settings, expand Security Settings, and then expand Windows Firewall with Advanced Security.

  3. Click the node Windows Firewall with Advanced Security - LDAP://cn={GUID},cn=policies,cn=system,DC=contoso,DC=com, where GUID is a unique number assigned to your domain.

  4. In the results pane, under Overview, notice that for each network location profile Windows Firewall state is not configured, and then click Windows Firewall Properties.

  5. On the Domain Profile tab, click the drop-down list next to Firewall state, and then click On (recommended).

Note

This might appear to be an unnecessary step, because the firewall is turned on by default on the client computers. However, if you leave this setting as Not configured, a local administrator can disable the firewall. Setting it in the GPO as shown in this step turns it on and prevents the local administrators from disabling it.

  1. Click OK to save your changes. Note in the results pane that Domain Profile now shows Windows Firewall is on.

  2. Close Group Policy Management Editor.

Next topic: Step 4: Deploying the Initial GPO with Test Firewall Settings