Firewall – How to allow access to firewall settings (domain/windows 7)

firewallgroup-policywindows 7windows-firewallwindows-server-2008

I'm running a Windows 7 Workstation in a domain setting.

I'd like to disable the local firewall (temporarily), but I am not allowed to do this because of restrictions in the domain.

"For your security, some settings are controlled by group policy"

I'd like to set up a GPO for this particular machine in AD to allow these changes.

(note: I don't want to disable the firewall in the GPO/AD, simply remove the restrictions so that it can be done locally)

Best Answer

Two questions here: how can one GPO override another, and where are the Win7 firewall settings in Group Policy:

Windows Firewall is a computer setting, so you need to create a new GPO in an OU "closer" to your computer object, or if you create a GPO in the same OU as the existing firewall GPO settings, just ensure it's a higher number in the Link Order for that OU. Then the original firewall GPO will apply, then your, which will overwrite.
Windows Firewall settings are under Computer Configuration > Policies > Windows Settings > Windows Firewall with Advanced Security

You also don't have to totally disable the firewall to get what you want. You can change the local fw policy (if allowed) to stay enabled but allow all incoming. Or add FW rules locally for the ports you want open.

Best Answer

Related Solutions

Active Directory – Using GPO to Disable Windows Firewall on Workstations

Firewall – How to disable group policy control over Windows Vista firewall

Related Topic