-1

On my domain controller (Server 2008 RTM SP2), the firewall is on for Private and Public profile, but it is of for Domain Profile.

I'd like to turn it on, but when I click on Windows Firewall Properties in Server Manager, the Firewall state displays Off and is greyed out. It cannot be a permission problem, because I'm logged as the Domain Admin and I can change the settings for the Private and Public Profile.

What can be the reason for this, and how to turn on the firewall ?

Lorenz Meyer
  • 430
  • 2
  • 9
  • 25

1 Answers1

2

Your firewall state is being managed by Group Policy. To change it, you need to change the group policy that's managing your server's firewall profiles.

On another note, if you don't really know what you're doing (and no offense, but you don't seem like you do), don't mess around with the firewall on domain controllers. You're just gonna cause yourself a lot of pain if you do.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
  • Thanks. I think there's no problem with a firewall on a DC, if all inbound exceptions are configured. Sure there will be some, but it is better to have the firewall activated for security reasons. – Lorenz Meyer Apr 11 '14 at 14:20
  • @LorenzMeyer ... your call. Just be **very** careful. It's easy to break replication, or part of your domain controller's AAA services without realizing it until after it's become a serious problem, or after you've spent a couple weeks banging your head against a wall. – HopelessN00b Apr 11 '14 at 14:22
  • 1
    Or if you're me and take down the entire network since the DC was hosting DHCP/DNS...:p – Nathan C Apr 11 '14 at 14:24
  • @HopelessN00b Windows comes already with more than a hundred preconfigured rules, several of them about AD DC. Isn't this enough.? – Lorenz Meyer Apr 11 '14 at 14:26
  • @LorenzMeyer It's usually enough. When it's not, though, it's a major pain. Like I said, be careful. And when in doubt, check if the DC firewall is causing it. :) – HopelessN00b Apr 11 '14 at 14:29