2

I'm on the newer side when it comes to managing GPOs. I'm trying to clean up an existing domain that is a bit of a mess, too many different folks have put their hands in here over the years, and these GPOs have gone through server upgrades from 2000 to 2003 and 2003 to 2008.

There are a number of settings for Windows Defender Firewall, and then a setting that ultimate disables it due to the fact that we use Kaspersky for AV and Firewall.

Under administrative templates there are settings for the domain profile and standard profile that I'm thinking we can just junk, and leave the Policy>Security Setting for windows firewall jut set to off.

The question is: Do additional settings for Windows Firewall have any sort of effect if we're also disabling the firewall? These are settings I've pulled out of our default domain policy (don't ask), but now I'm thinking I can just junk them and I'm curious if any 'Windows Firewall' type settings could still have some validity if the firewall is disabled.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
Sam K
  • 506
  • 5
  • 21

1 Answers1

3

If you're disabling the Windows Firewall, (which I don't recommend,) then any Windows Firewall (and IPsec) rules distributed through GPO become pointless.

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • Thanks! I just wanted to make sure there wasn't some obscure Windows mechanism here I didn't have to watch out for. I can't run Kaspersky's firewall and Windows at the same time - or at least its not recommended, hence why we disable the windows firewall. – Sam K Feb 27 '18 at 15:41