Syed Jahanzaib – Personal Blog to Share Knowledge !

March 5, 2013

Windows 2008 Group Policy ! Fun Things to DO

Filed under: Microsoft Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 4:25 PM

Howto disable Windows Firewall using Group Policy in Windows 2008

I personally don’t think it’s the best way to disable windows firewall specially in a large network environment, but recently I was in a situation where I needed it to avoice some arguments with few co workers. Here is how you can do it on a Windows 2008 server.

Open Group Policy Management,
Select the policy to edit (Usually: the default policy), right-click and choose Edit.
Go to Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile.
Disable the “Protect All Network connections” rule.  Do the same for the “Standard Profile”, as well.

Now, all that’s left to do is update the clients.  Default Update time for group policy is 6 hours, but you can push it forcefully by using following command:

gpupdate / force

then simply log off and log on the client again.

Disabling Action Center’s Firewall Notification through GPO

As far as I know, there is not a policy that will disable only the Firewall Notification. The closest options we could configure are two policies that are related but neither is really a complete solution and will block other types of notifications as well:

1) Disable all balloon notifications:

User Configuration \ Administrative Templates \ Start Menu and Taskbar \ Turn off all balloon notifications

2) Disable Action Center itself:

User Configuration\Administrative Templates\Start Menu and Taskbar \ Remove the Action Center icon
(Thanks for the TIP from http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/e78a30cb-6cf2-4de6-afda-e0c90a3d2e34/ )

Disabling Your Security setting level puts your computer at risk notification

If your users are complaining of the appearance of the message box in Internet Explorer 7/8 telling that
Your Security setting level puts your computer at risk.”

To fix it, There are two ways to resolve this:

1. Set “Initialize and script ActiveX controls not marked as safe for scripting” to Disable (recommended) under Security SettingsInternet Zone or Restricted Sites Zone

2. Enable the following GPO via Domain Group Policy at your Domain controller.

Goto Local Computer Policy
User Configuration
Administrative Templates
Windows Components
Internet Explorer
ENABLE this setting >  Turn off the Security Settings
Regard’s
Syed Jahanzaib